d6221a0cf5412204e98ba3c3948794cb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d6221a0cf5412204e98ba3c3948794cb_JaffaCakes118
Size

97KB
MD5

d6221a0cf5412204e98ba3c3948794cb
SHA1

65e171b6ab2afd04aede275cdd216e0bac7b72b7
SHA256

80e5725894d78f1d213938cc4a058590208bfac396141e80bf0c9206e699664b
SHA512

b45f223b31ff3ecb1d5ec5e35761da99d8b2f54a4f532a2fbda5d8a25ce4c5397594f2e9bbc3505f6ac51f45e4dd062049afabf48ec95d4aac9eb939961615ad
SSDEEP

1536:KLGHve5a4LmtaCwpPeInevX0lBiajrZjUY3LHxXZVRD2tTI19tm68pD8FU1B/GpF:KSeoQIIev0lBiwZIMNZzD2tQtX+1z/QF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6221a0cf5412204e98ba3c3948794cb_JaffaCakes118

Files

d6221a0cf5412204e98ba3c3948794cb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0ef99f1e9cbc5d26e3c5126f2ba751dc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3
wcschr

advapi32

GetLengthSid
QueryServiceStatus
OpenServiceW
RegSetValueExW
AllocateAndInitializeSid
OpenThreadToken
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
FreeSid
OpenProcessToken
CreateProcessWithLogonW
IsValidSid
OpenSCManagerW
RegQueryValueExW
LsaClose
CopySid
RegOpenKeyExA
RegEnumKeyW
LookupAccountSidW
LsaStorePrivateData
LsaOpenPolicy
CheckTokenMembership
GetTokenInformation
RegQueryValueExA
RegDeleteValueW
CloseServiceHandle
EqualSid
LookupAccountNameW

ntdsapi

DsCrackNamesW
DsFreeNameResultW

shlwapi

UrlGetPartW
StrToIntExW
SHSetValueW
StrChrW
PathAppendW
PathRemoveBackslashW
SHGetValueW
StrToIntW
StrCatBuffW
PathGetDriveNumberW
PathFindExtensionW
wnsprintfW
AssocQueryStringW
SHStrDupW
PathRenameExtensionW
StrCmpW
PathMatchSpecW
PathCombineW
UrlCombineW
PathParseIconLocationW
PathFindFileNameW
PathIsUNCW
SHRegGetBoolUSValueW
StrCmpIW
StrRetToBufW
PathIsUNCServerW
StrCmpNIW
StrDupW
PathRemoveFileSpecW
StrCpyNW

netapi32

NetApiBufferFree
NetUnjoinDomain
NetUserGetLocalGroups
NetUserDel
NetRenameMachineInDomain
NetLocalGroupGetMembers
NetValidateName
NetUserAdd
NetJoinDomain
NetUserSetInfo
DsRoleGetPrimaryDomainInformation
NetLocalGroupDelMembers
DsGetDcNameW
NetUserGetInfo
DsRoleFreeMemory
NetLocalGroupEnum
NetLocalGroupAddMembers

urlmon

URLDownloadToCacheFileW

mpr

WNetCancelConnection2W
WNetEnumResourceW
WNetAddConnection3W
WNetGetConnectionW
WNetOpenEnumW
WNetCloseEnum

ole32

CoGetInterfaceAndReleaseStream
CoUninitialize
ReleaseStgMedium
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoCreateFreeThreadedMarshaler
CreateBindCtx
CoMarshalInterThreadInterfaceInStream
CoInitialize

secur32

TranslateNameW

ntdll

NtAllocateVirtualMemory
RtlGetNtProductType
RtlRunEncodeUnicodeString
RtlLargeIntegerShiftRight

gdi32

SelectObject
GetDeviceCaps
SetTextColor
SetBkColor
GetObjectW
DeleteObject
CreateFontIndirectW
ExtTextOutW
GetTextMetricsW

kernel32

lstrcpynW
GetSystemTimeAsFileTime
FormatMessageW
GetTickCount
GetLastError
LoadLibraryW
GetGeoInfoW
GetCurrentThreadId
GetVersionExA
CreateEventW
GetLocaleInfoW
GlobalLock
LoadLibraryA
lstrcmpiW
GetModuleHandleW
GetCurrentProcess
lstrcmpiA
GetComputerNameW
GetSystemDefaultLCID
GetACP
MultiByteToWideChar
GetUserDefaultLangID
MulDiv
SetEvent
DelayLoadFailureHook
UnhandledExceptionFilter
GetUserGeoID
SetComputerNameExW
GlobalUnlock
CloseHandle
QueryPerformanceCounter
InterlockedCompareExchange
LocalFree
TerminateProcess
InterlockedDecrement
LocalAlloc
SetUnhandledExceptionFilter
GetCurrentProcessId
GetWindowsDirectoryW
DosDateTimeToFileTime
WideCharToMultiByte
ExpandEnvironmentStringsW
CreateThread
FreeLibrary
lstrcpyW
InterlockedIncrement
GetUserDefaultLCID
OpenEventW
DnsHostnameToComputerNameW
CreateProcessW
GetProcAddress
ExitProcess
GetCurrentThread
WaitForSingleObject
GetModuleFileNameW
ResetEvent
lstrlenW

shell32

SHGetDesktopFolder
SHParseDisplayName
SHBrowseForFolderW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteExW
SHCreateShellItem
SHBindToParent
SHGetSpecialFolderLocation

user32

GetWindowLongW
GetSystemMetrics
PostMessageW
SetWindowTextW
LoadImageW
RegisterWindowMessageW
SetCursor
ReleaseDC
CharNextW
SetFocus
SendMessageW
DrawFocusRect
RegisterClipboardFormatW
SetForegroundWindow
LoadIconW
MessageBoxW
GetDlgItem
SetWindowPos
DialogBoxParamW
CheckRadioButton
IsWindow
SetWindowLongW
KillTimer
CharLowerBuffW
ShowWindow
SystemParametersInfoW
GetSysColor
CheckDlgButton
FindWindowW
SetDlgItemTextW
OffsetRect
EnableWindow
DestroyIcon
GetDesktopWindow
GetDC
GetDlgCtrlID
IsWindowVisible
GetParent
GetDialogBaseUnits
SendDlgItemMessageW
IsDlgButtonChecked
GetWindowTextLengthW
MapWindowPoints
IsWindowEnabled
GetDlgItemTextW
RedrawWindow
GetWindowTextW
GetWindowRect
SetTimer
GetClientRect
DrawTextExW
EndDialog
LoadCursorW
MoveWindow
WinHelpW
LoadStringW
GetWindowLongA

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 91KB - Virtual size: 620KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ef99f1e9cbc5d26e3c5126f2ba751dc

Headers

File Characteristics

Imports

msvcrt

advapi32

ntdsapi

shlwapi

netapi32

urlmon

mpr

ole32

secur32

ntdll

gdi32

kernel32

shell32

user32

Sections

.text Size: 35KB - Virtual size: 35KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 91KB - Virtual size: 620KB

.rsrc Size: 190KB - Virtual size: 190KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 91KB - Virtual size: 620KB

.rsrc
Size: 190KB - Virtual size: 190KB