dc3b90e35c212c1b2a5fa44a91aec6c8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dc3b90e35c212c1b2a5fa44a91aec6c8_JaffaCakes118
Size

36KB
MD5

dc3b90e35c212c1b2a5fa44a91aec6c8
SHA1

678edeed846caf992fa87256fdac68dd395aa109
SHA256

d82d0b889022ab6300cdec9a9ce04f4eb88abaadc281cf6495cf5bf4169af1f5
SHA512

86edbc265c65096f132fd511b803a780d2fd0e4c87112343d778fc05d787c27575216a95bc15eecf473eef0ac5275a61b68ce0460d1bd80b715457c84932b20d
SSDEEP

768:5lIsB4zy0Q3dBwBueZXITsTKuX3m0omEKemFKgdBZCvMNdJkTtffZo:zDmVhBniTDYAmEKbFKgdavgQ5o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc3b90e35c212c1b2a5fa44a91aec6c8_JaffaCakes118

Files

dc3b90e35c212c1b2a5fa44a91aec6c8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

42698770ae13446f4707c4f145f136e6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dssec

DSCreateISecurityInfoObjectEx

amstream

DllRegisterServer
DllCanUnloadNow
DllUnregisterServer
DllGetClassObject

mmcshext

DllGetClassObject
DllUnregisterServer
DllCanUnloadNow
DllRegisterServer

qmgrprxy

DllCanUnloadNow
DllUnregisterServer
DllRegisterServer
DllGetClassObject

inetmib1

SnmpExtensionTrap
SnmpExtensionInit
SnmpExtensionQuery
SnmpExtensionInitEx

dinput

DllGetClassObject

kernel32

WritePrivateProfileStringW
IsValidLanguageGroup
SetCalendarInfoW
FindNextFileW
EndUpdateResourceW
GetWindowsDirectoryA
FormatMessageA
FatalExit
PulseEvent
OpenWaitableTimerA
GetCommandLineW
ChangeTimerQueueTimer
GetCurrentDirectoryW
SetNamedPipeHandleState
QueryPerformanceFrequency
SetHandleContext
SetFileValidData
EnumCalendarInfoExA
SetTermsrvAppInstallMode
FileTimeToSystemTime
MapUserPhysicalPages
EnumDateFormatsA
SwitchToThread
MultiByteToWideChar
BackupRead
GetCommandLineA
SizeofResource
LocalHandle
CopyLZFile
GetCurrencyFormatW
GetACP
lstrcmpi
CreateWaitableTimerW
SetFileApisToOEM
GetNumaNodeProcessorMask
GetDevicePowerState
CreateTimerQueueTimer
LoadLibraryW
GetProcessAffinityMask
OpenEventA
IsProcessInJob
DeleteFileA
Heap32ListFirst
GetFileAttributesW
WritePrivateProfileSectionA
SetVDMCurrentDirectories
CreateSemaphoreA
GetQueuedCompletionStatus
GetBinaryTypeW
CreateMemoryResourceNotification
GetConsoleTitleW
FindNextChangeNotification
GetProcAddress
SleepEx
GlobalMemoryStatus
FreeLibraryAndExitThread
SetTimeZoneInformation
OpenMutexA
lstrcat
VerSetConditionMask
FreeResource
GetConsoleCommandHistoryLengthW

user32

RegisterClassExW
RegisterSystemThread
TrackPopupMenu
UnhookWinEvent
DialogBoxIndirectParamW
GrayStringA
ChangeClipboardChain
DrawIconEx
TileChildWindows
RemoveMenu
GetWindowModuleFileNameA
CreateDialogIndirectParamW
UnpackDDElParam
MonitorFromPoint
CheckDlgButton
DdeAccessData
GetAltTabInfoW
DdeQueryStringW
SendInput
CloseClipboard
UnregisterDeviceNotification
EnumDesktopsW
LoadCursorW
WindowFromDC
DestroyWindow
RegisterTasklist
CreateMenu
PrivateExtractIconExA
AllowSetForegroundWindow
RegisterClassExA
ChangeDisplaySettingsExA
BringWindowToTop
SetMessageExtraInfo
KillTimer
NotifyWinEvent
SetDlgItemTextA
GetWindowContextHelpId
GetSysColorBrush
SetCaretBlinkTime
CreateDialogIndirectParamA
LoadBitmapA
IsClipboardFormatAvailable
FlashWindowEx
CreateWindowExW
LoadStringA
GetInputState
ToAsciiEx
SystemParametersInfoA
ModifyMenuA
RegisterMessagePumpHook
EnumDisplaySettingsA
SendDlgItemMessageA
TabbedTextOutA
EnumWindowStationsA
GetClassNameW
ReasonCodeNeedsComment
DdeCreateStringHandleW
TranslateAcceleratorW
DdeDisconnect
GetClipboardFormatNameW
CreateIconFromResource
GetWindowLongW
EnableMenuItem
CharUpperBuffA
MBToWCSEx
RegisterHotKey
GetClipboardOwner
SetCapture
SetWindowPlacement
SetDeskWallpaper

gdi32

GdiPrinterThunk
StartFormPage
SetTextColor
GetOutlineTextMetricsA
SetROP2
GdiConvertMetaFilePict
GetCharWidthInfo
GdiPlayPrivatePageEMF
GdiFixUpHandle
CreateMetaFileA
StretchDIBits
DdEntry19
EqualRgn
DdEntry2
EngGetCurrentCodePage
ChoosePixelFormat
GetCharacterPlacementA
GdiInitSpool
GdiSwapBuffers
GetCharWidth32A
DdEntry6
ExtEscape
GdiInitializeLanguagePack
BRUSHOBJ_pvAllocRbrush
DdEntry28

advapi32

AccessCheckByTypeAndAuditAlarmW
RegOpenUserClassesRoot
GetEffectiveRightsFromAclA
ConvertSidToStringSidW
ElfReportEventA
LsaQueryTrustedDomainInfoByName
WmiExecuteMethodA
UninstallApplication
LogonUserA
EnableTrace
FindFirstFreeAce
CryptGenKey
GetOverlappedAccessResults
CreateRestrictedToken
WmiQuerySingleInstanceMultipleA
OpenEncryptedFileRawW
LsaQuerySecurityObject
SystemFunction032
LsaICLookupSidsWithCreds
ElfClearEventLogFileA
BackupEventLogW
SaferSetLevelInformation
CreatePrivateObjectSecurity
CryptImportKey
MakeAbsoluteSD

netapi32

NetAlertRaiseEx
NetErrorLogRead
I_NetServerAuthenticate
RxNetServerEnum
NetpGetFileSecurity
DsEnumerateDomainTrustsW
NetServerEnum
NetDfsRemove
NetUserChangePassword
NetSessionGetInfo
NetLocalGroupDelMembers
NetpHexDump
NetReplImportDirDel
NetpDbgPrint
I_NetServerAuthenticate2
I_NetLogonControl2
NetSetPrimaryComputerName
I_BrowserQueryEmulatedDomains
NetShareEnum
NetLocalGroupEnum
NetWkstaUserGetInfo
NetpIsUncComputerNameValid
NetpwPathCanonicalize
NetpwNameValidate
NetUserEnum

winsta

ServerLicensingDeactivateCurrentPolicy
WinStationQueryInformationA
_WinStationBreakPoint
ServerLicensingOpenA
WinStationCheckLoopBack
WinStationCloseServer
WinStationSetInformationW
ServerLicensingLoadPolicy
ServerLicensingUnloadPolicy
WinStationEnumerateLicenses
_WinStationNotifyLogon
WinStationRegisterConsoleNotification
_WinStationNotifyLogoff
WinStationVirtualOpen

Sections

.ki
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.JrdAK
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.MzbL
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qXjzC
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.XT
Size: 3KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mkG
Size: 91KB - Virtual size: 146KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HZBV
Size: 11KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QJZ
Size: 1KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42698770ae13446f4707c4f145f136e6

Headers

File Characteristics

Imports

dssec

amstream

mmcshext

qmgrprxy

inetmib1

dinput

kernel32

user32

gdi32

advapi32

netapi32

winsta

Sections

.ki Size: 1024B - Virtual size: 882B

.JrdAK Size: 2KB - Virtual size: 1KB

.MzbL Size: 25KB - Virtual size: 24KB

.qXjzC Size: 7KB - Virtual size: 7KB

.XT Size: 3KB - Virtual size: 48KB

.mkG Size: 91KB - Virtual size: 146KB

.HZBV Size: 11KB - Virtual size: 46KB

.QJZ Size: 1KB - Virtual size: 47KB

.rsrc Size: 21KB - Virtual size: 20KB

.reloc Size: 3KB - Virtual size: 4KB

.ki
Size: 1024B - Virtual size: 882B

.JrdAK
Size: 2KB - Virtual size: 1KB

.MzbL
Size: 25KB - Virtual size: 24KB

.qXjzC
Size: 7KB - Virtual size: 7KB

.XT
Size: 3KB - Virtual size: 48KB

.mkG
Size: 91KB - Virtual size: 146KB

.HZBV
Size: 11KB - Virtual size: 46KB

.QJZ
Size: 1KB - Virtual size: 47KB

.rsrc
Size: 21KB - Virtual size: 20KB

.reloc
Size: 3KB - Virtual size: 4KB