d720f432b5de8793b276fe3bce1db698_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d720f432b5de8793b276fe3bce1db698_JaffaCakes118
Size

238KB
MD5

d720f432b5de8793b276fe3bce1db698
SHA1

ed3b305da3d2faade1d7a9f9f08d63a00d226649
SHA256

f5bded5986eff3f9a97444f4a293639b38f6a34e42c32b723cbb5d3a3dfba39d
SHA512

eca306d29d40baa4c0b18f30a3e780a2752505cad4ef4515a042e691e6a542f9bbcf2fd91aa72d0c24b18b3992d12830d060c11e23eabc7677e0fd858381bafb
SSDEEP

6144:IQyPo3BORsm4JlF8UvTwVxMRhln+F6BFfm:IQ13sRsmgGfD4C6nm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d720f432b5de8793b276fe3bce1db698_JaffaCakes118

Files

d720f432b5de8793b276fe3bce1db698_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ff7346329016648147b91d5c700e36a1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

\\cpvsbuild\drops\v7.0\raw\9466\vsbuilt\retail\bin\i386\vs7jit.pdb

Imports

rpcrt4

RpcStringBindingComposeA
RpcBindingSetAuthInfoA
RpcBindingFromStringBindingA
RpcStringFreeA
NdrClientCall

ole32

CoImpersonateClient
StringFromGUID2
CoQueryProxyBlanket
CoSetProxyBlanket
CoDisconnectObject
CoCreateInstanceEx
StringFromCLSID
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateInstance
CoRegisterClassObject
CoRevokeClassObject
CoGetCallContext
CoCreateGuid
CoRevertToSelf

oleaut32

VarBstrCat
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysAllocString
SysFreeString
VarUI4FromStr
SysAllocStringLen

user32

SendDlgItemMessageA
CharUpperA
DispatchMessageA
TranslateMessage
GetMessageA
MessageBoxA
CharNextA
SetWindowLongA
GetWindowLongA
SendMessageA
SetWindowTextA
GetWindowTextA
GetDC
ShowWindow
SetTimer
KillTimer
IsWindowEnabled
wsprintfW
PostThreadMessageA
EnumWindows
LoadStringA
GetWindowThreadProcessId
IsWindowVisible
RegisterWindowMessageA
MessageBoxW
DialogBoxParamA
SetForegroundWindow
wsprintfA
EndDialog
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgItem
SetDlgItemTextA
UnregisterClassA
IsDlgButtonChecked
CheckDlgButton
EnableWindow

wsock32

socket
closesocket
setsockopt
send
bind
connect
recv
gethostbyname
ioctlsocket
WSAGetLastError
WSAStartup
htonl
ntohl
htons

advapi32

OpenServiceA
OpenSCManagerA
CloseServiceHandle
QueryServiceStatus
LookupAccountSidA
AdjustTokenPrivileges
LookupPrivilegeValueA
PrivilegeCheck
RegQueryValueExW
LookupAccountSidW
IsValidSid
EqualSid
GetSecurityDescriptorLength
IsValidSecurityDescriptor
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorSacl
MakeAbsoluteSD
SetSecurityDescriptorDacl
MakeSelfRelativeSD
GetLengthSid
InitializeAcl
AddAccessAllowedAce
AddAccessDeniedAce
GetAce
OpenProcessToken
GetTokenInformation
GetUserNameA
AllocateAndInitializeSid
GetSidLengthRequired
CopySid
FreeSid
LookupAccountNameA
RegOpenKeyExW
RegConnectRegistryA
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
OpenThreadToken
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

kernel32

GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
WriteFile
HeapReAlloc
CreateThread
TlsGetValue
TlsSetValue
ExitThread
RtlUnwind
ExitProcess
GetStartupInfoA
RaiseException
ReadProcessMemory
SetFilePointer
ReadFile
LocalSize
FindFirstFileA
FindClose
GetModuleHandleW
Sleep
SetPriorityClass
CreateProcessW
GetExitCodeProcess
ReleaseMutex
CreateMutexA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateFileA
GetSystemDirectoryA
SetEnvironmentVariableA
SetErrorMode
GetModuleHandleA
GetProcAddress
TlsFree
GetTickCount
lstrcatA
GetSystemTimeAsFileTime
VirtualAlloc
IsBadWritePtr
HeapSize
GetOEMCP
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
FindResourceExA
LockResource
GetCurrentProcessId
GetCommandLineA
OpenProcess
DuplicateHandle
GetProfileStringA
GetFileAttributesA
LocalFree
VirtualProtect
GetSystemInfo
VirtualQuery
SetStdHandle
FlushFileBuffers
SetEndOfFile
TlsAlloc
HeapDestroy
HeapCreate
VirtualFree
LocalAlloc
QueryPerformanceCounter
ResumeThread
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
IsDBCSLeadByte
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
GetVersion
CompareStringA
lstrlenW
CompareStringW
lstrcmpiA
lstrlenA
GetLastError
TerminateProcess
SetLastError
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
LoadLibraryA
WaitForSingleObject
CloseHandle
CreateEventA
CreateProcessA
GetCurrentThread
DeleteCriticalSection
GetModuleFileNameA
SetEvent
GetCurrentThreadId
SetUnhandledExceptionFilter
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcpynA

gdi32

GetTextExtentPoint32A

icmp

IcmpCloseHandle
IcmpSendEcho
IcmpCreateFile

Sections

.text
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ff7346329016648147b91d5c700e36a1

Headers

File Characteristics

PDB Paths

Imports

rpcrt4

ole32

oleaut32

user32

wsock32

advapi32

kernel32

gdi32

icmp

Sections

.text Size: 136KB - Virtual size: 134KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 88KB - Virtual size: 88KB

.text
Size: 136KB - Virtual size: 134KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 88KB - Virtual size: 88KB