d2bef9c9aa1806ac52de6939b445c276_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d2bef9c9aa1806ac52de6939b445c276_JaffaCakes118
Size

59KB
MD5

d2bef9c9aa1806ac52de6939b445c276
SHA1

fcf15a1db414ecc292c97a60345381b8ae99bb6c
SHA256

4aa031bca8ecc1be800e8c5ab0808d2ecda410e46af9860e6cb92c8aca5bd450
SHA512

9928b17aa0d2b5996c9d474a2637e94934dc2f29cec06b71f2b757f68a563911232e25de04056fd030f4712802ce3520ebdbd5bb25cf19001842792baf2d8d94
SSDEEP

768:/QfvTw9e4pgg9mj/NiiVHA/GvNcwTdFKcNRTegtEkvKsQLygN:/0Twbpb9iZVH9vNcwnKcjemEUKsQWgN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2bef9c9aa1806ac52de6939b445c276_JaffaCakes118

Files

d2bef9c9aa1806ac52de6939b445c276_JaffaCakes118
.exe windows:4 windows x86 arch:x86

500d1c83cbb4a715df82d7d464d36fe5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
RaiseException
GetVolumePathNameW
GetStringTypeExW
FreeLibrary
HeapAlloc
SetThreadLocale
GetThreadLocale
WaitForSingleObject
CreateEventW
GetModuleHandleW
SetLastError
GetLongPathNameW
WideCharToMultiByte
lstrlenA
GetProcessHeap
HeapFree
EnterCriticalSection
ConnectNamedPipe
lstrlenW
LeaveCriticalSection
CloseHandle
FindResourceExW
LoadResource
LockResource
LCMapStringW
GetUserDefaultLCID
GetVolumeNameForVolumeMountPointW
OpenProcess
DeviceIoControl
GetDriveTypeW
HeapDestroy
HeapReAlloc
HeapSize
GetACP
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ResetEvent
CreateNamedPipeW
DisconnectNamedPipe
GetLocalTime
CancelIo
GetOverlappedResult
WaitForMultipleObjects
GetFileSizeEx
CreateFileW
ReadFile
GetComputerNameW
LocalFree
DeleteCriticalSection
SizeofResource
FindResourceW
FormatMessageW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetStartupInfoW
VirtualAlloc

user32

wsprintfW
UnregisterClassA
LoadStringW

advapi32

CopySid
ConvertSidToStringSidW
RegOpenCurrentUser
DuplicateTokenEx
RevertToSelf
ImpersonateNamedPipeClient
GetSidSubAuthority
MakeAbsoluteSD
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
GetAclInformation
InitializeAcl
GetSecurityDescriptorControl
AddAce
GetSecurityDescriptorOwner
SetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSidLengthRequired
InitializeSid
ConvertStringSidToSidW
LookupAccountSidW
OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
EqualSid
IsValidSid
CheckTokenMembership
GetTokenInformation
GetLengthSid
DuplicateToken
OpenThreadToken
SetThreadToken

shell32

SHGetFolderPathW

ole32

CoGetClassObject
StringFromGUID2
OleRun
CoFreeUnusedLibraries
CoInitializeEx
CoUninitialize
CoLoadLibrary
CoRevertToSelf
CoCreateInstance
CoImpersonateClient
StringFromCLSID
CoTaskMemFree

oleaut32

SysFreeString
SysStringLen
LoadRegTypeLi
LoadTypeLi
SafeArrayCopy
SafeArrayGetVartype
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SafeArrayDestroy
VariantClear
SafeArrayUnlock
SafeArrayGetLBound
SafeArrayGetUBound
VariantCopy
SysAllocStringLen
VariantInit
GetErrorInfo
SafeArrayGetDim
SafeArrayLock
VariantChangeType
VarBstrCmp
SafeArrayGetElement
VariantCopyInd
SafeArrayRedim
SafeArrayCreate
VariantTimeToSystemTime
SystemTimeToVariantTime

psapi

GetModuleFileNameExW

shlwapi

PathSkipRootW
PathIsFileSpecW
PathMatchSpecW
PathStripPathW
PathIsUNCW

userenv

GetUserProfileDirectoryW
UnloadUserProfile

setupapi

CM_Get_Device_IDW
CM_Get_Parent
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInfoW
SetupDiGetDeviceRegistryPropertyW
CM_Get_Device_ID_Size
CM_Locate_DevNodeW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsExW
SetupDiGetDeviceInstanceIdW

mscms

CreateColorTransformW
DeleteColorTransform
UninstallColorProfileA
InternalGetDeviceConfig
CreateProfileFromLogColorSpaceW
SetColorProfileElementSize

cryptdlg

CertModifyCertificatesToTrust

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UB
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.B
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.aVo
Size: 512B - Virtual size: 507B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.NmtRX
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dcSpbY
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ImDFP
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fXJI
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MJK
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eg
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.GfGwJ
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

500d1c83cbb4a715df82d7d464d36fe5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

psapi

shlwapi

userenv

setupapi

mscms

cryptdlg

Sections

.text Size: 16KB - Virtual size: 16KB

.UB Size: 1KB - Virtual size: 1KB

.B Size: 1KB - Virtual size: 1KB

.aVo Size: 512B - Virtual size: 507B

.rdata Size: 5KB - Virtual size: 4KB

.NmtRX Size: 2KB - Virtual size: 2KB

.dcSpbY Size: 1KB - Virtual size: 1KB

.ImDFP Size: 512B - Virtual size: 308B

.fXJI Size: 1KB - Virtual size: 2KB

.data Size: 13KB - Virtual size: 204KB

.MJK Size: 1024B - Virtual size: 1KB

.eg Size: 2KB - Virtual size: 1KB

.GfGwJ Size: 2KB - Virtual size: 2KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 16KB - Virtual size: 16KB

.UB
Size: 1KB - Virtual size: 1KB

.B
Size: 1KB - Virtual size: 1KB

.aVo
Size: 512B - Virtual size: 507B

.rdata
Size: 5KB - Virtual size: 4KB

.NmtRX
Size: 2KB - Virtual size: 2KB

.dcSpbY
Size: 1KB - Virtual size: 1KB

.ImDFP
Size: 512B - Virtual size: 308B

.fXJI
Size: 1KB - Virtual size: 2KB

.data
Size: 13KB - Virtual size: 204KB

.MJK
Size: 1024B - Virtual size: 1KB

.eg
Size: 2KB - Virtual size: 1KB

.GfGwJ
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 9KB - Virtual size: 9KB