d67d597ab6f7661102729e4a5f313efe_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d67d597ab6f7661102729e4a5f313efe_JaffaCakes118
Size

148KB
MD5

d67d597ab6f7661102729e4a5f313efe
SHA1

a2ba6b9efefb02631d410738a46e8cfed114955e
SHA256

9ebca077e445b96763a78b34e1b523c5b17f108cc8876b035a3f61723af6b4f8
SHA512

16b8cb9886579a1e1451b9e979ec309a786ce8924e2287bf84590f7d94edc218a7e5bb8bfcfaf5196e2d0ea65c462d4b8358e03b30c90a5ec542773725d277a9
SSDEEP

1536:kaPKdshaV8wE7+a2kiWICDhRwLesEghAzdLw2XAYZvB068xB5zbrSJnD2Fez5xB4:kwaVj4TXoSsEk4anLllFez5xKYe5LZ9/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d67d597ab6f7661102729e4a5f313efe_JaffaCakes118

Files

d67d597ab6f7661102729e4a5f313efe_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cb70b4e358b34fb6efe20cee0fbe352b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSDisconnectSession
WTSEnumerateSessionsW
WTSLogoffSession
WTSQueryUserToken

netapi32

NetRemoteTOD
NetWkstaUserGetInfo
NetApiBufferFree

activeds

ord3

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
GetUserProfileDirectoryW

kernel32

WriteFile
InitializeCriticalSection
WideCharToMultiByte
LeaveCriticalSection
FileTimeToSystemTime
ReadFile
GetSystemDirectoryA
lstrcatA
DisconnectNamedPipe
FlushFileBuffers
FindFirstFileA
SetLastError
GetProcAddress
EnterCriticalSection
FindClose
ResetEvent
GetLocalTime
WaitForMultipleObjects
GetModuleFileNameA
DeleteCriticalSection
lstrcpyA
GetModuleHandleW
lstrcatW
CreateNamedPipeW
GetTimeZoneInformation
GetVersionExW
GetComputerNameW
GetFileSize
CreateFileW
GetWindowsDirectoryW
GetTimeFormatW
GetDateFormatW
MultiByteToWideChar
FindResourceA
SizeofResource
LockResource
LoadResource
FindResourceExA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapSize
GetModuleHandleA
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
ConnectNamedPipe
lstrlenA
SetFilePointer
CreateFileA
SetConsoleCtrlHandler
GlobalFree
GetModuleFileNameW
GetCommandLineW
OpenEventW
CreateEventW
SetEvent
WaitForSingleObject
LocalFree
lstrcmpiW
GetLastError
lstrlenW
SetSystemPowerState
FormatMessageW
Sleep
LoadLibraryW
GetTickCount
GetProcessHeap
GetCurrentProcess
FreeLibrary
lstrcpyW
CloseHandle
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
LocalAlloc
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapReAlloc
VirtualFree
HeapDestroy
HeapCreate
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InterlockedDecrement
InterlockedIncrement
ExitThread
GetCurrentThreadId
CreateThread
ExitProcess
HeapFree
HeapAlloc
GetCommandLineA
RaiseException
GetTimeFormatA
GetDateFormatA
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree

user32

LoadCursorW
SetCursor
wsprintfA
wvsprintfA
wsprintfW
SystemParametersInfoW
MessageBoxW

advapi32

GetLengthSid
CopySid
RegDeleteKeyW
IsValidSid
RegSetValueExA
GetSidSubAuthorityCount
GetSidSubAuthority
RegDeleteValueW
RegCreateKeyExW
GetSidIdentifierAuthority
ControlService
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExA
InitializeSecurityDescriptor
RegQueryValueExA
ReportEventW
SetServiceStatus
QueryServiceStatus
ChangeServiceConfig2W
DeregisterEventSource
RegisterServiceCtrlHandlerExW
OpenServiceW
StartServiceCtrlDispatcherW
OpenSCManagerW
DeleteService
CloseServiceHandle
RegisterEventSourceW
CreateServiceW
InitiateSystemShutdownW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
OpenProcessToken
RevertToSelf
ImpersonateLoggedOnUser
CreateProcessAsUserW

shell32

CommandLineToArgvW

ole32

CoUninitialize
CoInitialize

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
VarUdateFromDate
VarDateFromStr
VariantClear

odbc32

ord3
ord111
ord16
ord15
ord1
ord107
ord110
ord14
ord9
ord2

Sections

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb70b4e358b34fb6efe20cee0fbe352b

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

netapi32

activeds

userenv

kernel32

user32

advapi32

shell32

ole32

oleaut32

odbc32

Sections

.text Size: 111KB - Virtual size: 111KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 111KB - Virtual size: 111KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB