d200d35110f265a2cd4655d58b18972c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d200d35110f265a2cd4655d58b18972c_JaffaCakes118
Size

831KB
MD5

d200d35110f265a2cd4655d58b18972c
SHA1

26189fdcbbec8cbdf9abf4b8e5d229dd02809162
SHA256

347856f6d0ee3cc7e368714112111ce885af02a1ed5bec4aa96ea7c81ee72cf3
SHA512

01b32107f1ff4916237bf8ea0bb6509e8f4757737b8d3e09c7c824c331b3c729562e7fdabd9292f5dad5444e0c896e51ab4ba8f756ef3d57d7b14d36a9a15e23
SSDEEP

12288:1chkuOMk0lgxy57oWWvRifpHWJsP4zlKp+swWWUEVhBY1DMttJ:1M557fW5ifc6QzkQh21oJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d200d35110f265a2cd4655d58b18972c_JaffaCakes118

Files

d200d35110f265a2cd4655d58b18972c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

858a0b7b6835cf396eeb2d912dce3306

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenFileMappingA
DeviceIoControl
SetHandleInformation
GetLogicalDrives
CopyFileExA
GetUserDefaultLangID
GetNamedPipeInfo
ReleaseSemaphore
GetProcessTimes
GetVolumeNameForVolumeMountPointA
GetLogicalDriveStringsA
DefineDosDeviceA
OpenMutexA
GetFileSize
GetStdHandle
GetNumberOfConsoleInputEvents
GetPrivateProfileIntW
GetVolumePathNameA
GetCPInfoExA
ExpandEnvironmentStringsA
GetPrivateProfileStringW
ReplaceFileW
GetDiskFreeSpaceExA
OpenProcess
GetBinaryTypeA
FreeEnvironmentStringsW
GetConsoleAliasExesLengthW
FoldStringA
CreateToolhelp32Snapshot
DeleteTimerQueueTimer
SetThreadExecutionState
GetPrivateProfileSectionW
SetCurrentDirectoryW
CreateMailslotW
GetOEMCP
GetTempPathW
SetConsoleActiveScreenBuffer
OpenJobObjectW
GetConsoleAliasW
SetConsoleOutputCP
OpenSemaphoreA
ProcessIdToSessionId
GetFileTime
PrepareTape
CreateWaitableTimerA
GetLongPathNameW
GetSystemDefaultLCID
SetConsoleCtrlHandler
SetThreadPriorityBoost
GetConsoleWindow
OpenWaitableTimerA
CreateDirectoryA
FindResourceExW
AddAtomW
GetCalendarInfoA
SetUnhandledExceptionFilter
SetErrorMode
GetConsoleCursorInfo
OpenThread
GetVersion
GetLocaleInfoW
ReadProcessMemory
FoldStringW
VirtualAlloc
GetModuleHandleA
Module32Next
CancelIo
GetDiskFreeSpaceA
IsSystemResumeAutomatic
GetProcessVersion
GetDiskFreeSpaceW
GetProcessPriorityBoost
FlushInstructionCache
GetConsoleAliasesW
SetConsoleDisplayMode
VirtualQuery
PostQueuedCompletionStatus
GetHandleInformation
IsDBCSLeadByte
GetCommandLineW
lstrcpynW
CreateJobObjectW
GetAtomNameA
GetWindowsDirectoryA
FindVolumeMountPointClose
GetMailslotInfo
CreateTimerQueueTimer
SetEndOfFile
ConvertDefaultLocale
SetLocaleInfoA
GetThreadLocale
SetTapePosition
GetFileAttributesExW
GetPrivateProfileIntA
DosDateTimeToFileTime
VerifyVersionInfoW
SetThreadContext
GetProcessWorkingSetSize
TlsFree
VirtualProtect
CreateMailslotA
CompareStringA
GetCurrentProcess
GetConsoleAliasA
SetEnvironmentVariableA
GetThreadPriority
GetConsoleMode
GetPrivateProfileSectionA
PeekNamedPipe
GetThreadContext
GetConsoleScreenBufferInfo
lstrcpyA
CreateTimerQueue
GetStringTypeExW
AreFileApisANSI
GetTempPathA
SetStdHandle
OpenEventW
SetProcessAffinityMask
SetFileAttributesW
AddAtomA
CreateNamedPipeW
GlobalReAlloc
SearchPathW
CreateIoCompletionPort
DefineDosDeviceW
GetExitCodeThread
FormatMessageA
DeleteAtom
GetTapeStatus
DnsHostnameToComputerNameW
HeapValidate
FileTimeToSystemTime
GetConsoleCP
GetCompressedFileSizeA
GetVolumeNameForVolumeMountPointW
HeapSize
IsValidCodePage
CreateHardLinkW
GetSystemDefaultUILanguage
WriteConsoleW
SetComputerNameExW
GetVolumeInformationA
GetCurrentDirectoryA
FindFirstVolumeMountPointA
lstrcmpiA
GetCPInfo
FileTimeToLocalFileTime
GetProfileStringA
WideCharToMultiByte
GetSystemDirectoryW
CreateNamedPipeA
OpenEventA
SetThreadIdealProcessor
LCMapStringA
TryEnterCriticalSection
Toolhelp32ReadProcessMemory
DisconnectNamedPipe
GetEnvironmentStrings
GetCurrentThread
CreateFileW
FlushConsoleInputBuffer
GetCommandLineA
GetStringTypeA
GetNamedPipeHandleStateA
OpenWaitableTimerW
SetTapeParameters
FlushViewOfFile
CreateSemaphoreW
SetConsoleMode
GetBinaryTypeW
QueueUserWorkItem
SetProcessWorkingSetSize
CopyFileA
FindFirstVolumeW
MapUserPhysicalPages
FindFirstFileA
WriteConsoleA
ResetWriteWatch
SetVolumeMountPointA
CreateDirectoryExW
CreateMutexA
FreeLibraryAndExitThread
GetComputerNameW
MapViewOfFileEx
SwitchToThread
GetProfileSectionA
SetCalendarInfoW
LoadResource
FindAtomA
LCMapStringW
QueryDosDeviceW
DuplicateHandle
MoveFileWithProgressW
FlushFileBuffers
GetVolumePathNameW
GetDateFormatA
GetConsoleAliasesA
GetPrivateProfileSectionNamesA
EnumCalendarInfoExW
CreateFileMappingA
GetSystemDefaultLangID
GetThreadTimes
GetProfileStringW
VerSetConditionMask
GetLocaleInfoA
GetSystemWindowsDirectoryA
GetModuleFileNameA
QueryInformationJobObject
BindIoCompletionCallback
GetDriveTypeA
CreateDirectoryExA
ReplaceFileA
MoveFileA
CreateSemaphoreA
GetNamedPipeHandleStateW
GetProcessAffinityMask
ChangeTimerQueueTimer
EnumCalendarInfoW
GetPriorityClass
OpenFileMappingW
GetFileSizeEx
FreeUserPhysicalPages
GetACP
GetPrivateProfileStructW
FindResourceExA
GetCPInfoExW
GetStringTypeW
DnsHostnameToComputerNameA
GetUserDefaultUILanguage
ReadFile
HeapSetInformation
GetFullPathNameW
GetConsoleAliasExesA
ContinueDebugEvent
SetComputerNameExA
OpenSemaphoreW
CopyFileExW
GetCalendarInfoW
MultiByteToWideChar
FindVolumeClose
FormatMessageW
FindNextFileA
GetShortPathNameA
SystemTimeToTzSpecificLocalTime
FindResourceA
SetCurrentDirectoryA
GetDateFormatW
FindAtomW
LockFile
FindFirstFileExA
AssignProcessToJobObject
CreateEventW
GetProfileSectionW
GetVolumeInformationW
GetDriveTypeW
CompareStringW
SetMailslotInfo
GetConsoleAliasExesW
GetCompressedFileSizeW
GetConsoleOutputCP
lstrcmpA
SetSystemTimeAdjustment
FindResourceW
DeleteTimerQueueEx
CreateFileMappingW
MapUserPhysicalPagesScatter
CreateTapePartition
SetConsoleTextAttribute
GetDevicePowerState
SetFileAttributesA
ResetEvent
GetSystemDirectoryA
IsBadReadPtr
GetCurrencyFormatW
GetCurrencyFormatA
GetDiskFreeSpaceExW
GetTimeFormatW
GetLongPathNameA
SetPriorityClass
CreateHardLinkA
CancelWaitableTimer
GetFileAttributesA
Module32FirstW
ConvertThreadToFiber
ExpandEnvironmentStringsW
GetProcAddress
GetNumberFormatA
SetWaitableTimer
GetPrivateProfileSectionNamesW
MapViewOfFile
SetSystemPowerState
GetProfileIntA
GetNumberFormatW
SetThreadPriority
FindNextChangeNotification
GetEnvironmentVariableA
SearchPathA
GetModuleFileNameW
FreeConsole
SetThreadLocale
GetFileAttributesExA
MoveFileWithProgressA
FindFirstVolumeA
GetModuleHandleW
SetEvent
SetConsoleCP
GetPrivateProfileStructA
Module32NextW
EraseTape
ReadDirectoryChangesW
SetNamedPipeHandleState
GetFileAttributesW
SetFileTime
GetProcessIoCounters
GetUserDefaultLCID
GetEnvironmentVariableW
SetThreadAffinityMask
HeapReAlloc
HeapAlloc
ReleaseMutex
SetLocaleInfoW
Module32First
SetProcessPriorityBoost
GetFileType
GetFileInformationByHandle
GetConsoleAliasExesLengthA
GetLogicalDriveStringsW
SetInformationJobObject
OpenMutexW
EnumCalendarInfoA
IsDBCSLeadByteEx
DeleteVolumeMountPointA
GetShortPathNameW
DeleteTimerQueue
CreateJobObjectA
GetPrivateProfileStringA
CopyFileW
GetFullPathNameA
GetCurrentConsoleFont
GetProfileIntW
RtlUnwind
Sleep
HeapFree
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
ExitProcess
DecodePointer
WriteFile
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
DeleteCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
IsProcessorFeaturePresent

user32

IsCharAlphaA

advapi32

RegisterEventSourceW
RegQueryValueExW
RegOpenKeyW
AdjustTokenPrivileges
CryptDestroyKey
RegSetKeySecurity
ImpersonateLoggedOnUser
RegEnumKeyExA
GetSecurityDescriptorOwner
CheckTokenMembership
LookupAccountSidW
RegOpenKeyA
RegCreateKeyW
DeregisterEventSource
GetLengthSid
SetThreadToken
CryptHashData
OpenThreadToken
ReportEventW
RegEnumKeyExW

oleaut32

SafeArrayGetUBound
SafeArrayPtrOfIndex
VariantCopy
SysReAllocStringLen
SysAllocStringLen
VariantInit
VariantChangeTypeEx
VariantClear
SafeArrayCreate
VariantCopyInd
SysFreeString
VariantChangeType
GetActiveObject
SysAllocStringByteLen
SysStringLen
GetErrorInfo
SafeArrayGetLBound

Sections

.text
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 341KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 259KB - Virtual size: 597KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

858a0b7b6835cf396eeb2d912dce3306

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

Sections

.text Size: 207KB - Virtual size: 207KB

.rdata Size: 341KB - Virtual size: 341KB

.data Size: 259KB - Virtual size: 597KB

.tls Size: 7KB - Virtual size: 7KB

.rsrc Size: 14KB - Virtual size: 14KB

.text
Size: 207KB - Virtual size: 207KB

.rdata
Size: 341KB - Virtual size: 341KB

.data
Size: 259KB - Virtual size: 597KB

.tls
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 14KB - Virtual size: 14KB