e0895fb16c80bffb57a2d36e057cc498_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e0895fb16c80bffb57a2d36e057cc498_JaffaCakes118
Size

169KB
MD5

e0895fb16c80bffb57a2d36e057cc498
SHA1

c563eade521b530e75ada89ffba58063df3b7386
SHA256

18928eb5e258ccb02cd4eed87555a73bed1417ca13c28b169669622a52b6ea80
SHA512

30db6790c766b0ece5eab77be8cdc9bae36fb746ae9e2a51222106850cab4e1fa095a32241adbebf5c3766667f288e3eb1b81257d58fe4243c062ecbc67f9bf9
SSDEEP

3072:YTdbIZntmQH+ykRJehW44YZAHGcySuR3pl2avtkgDmzBHJgYciU4DMmwf2AhmCx:udbIZntmQer3wW7YCHFySK3pl2ytkimy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0895fb16c80bffb57a2d36e057cc498_JaffaCakes118

Files

e0895fb16c80bffb57a2d36e057cc498_JaffaCakes118
.exe windows:1 windows x86 arch:x86

b3d7586b17704eef9d881e5536885f90

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcscmp
_CxxThrowException
_vsnprintf
malloc
?terminate@@YAXXZ
wcsncpy
wcschr
_initterm
_purecall
atol
wcsncmp
rand
_vsnwprintf
wcslen
__CxxFrameHandler
sscanf
_onexit
free
swscanf
qsort
__dllonexit
wcsstr
iswspace

ncobjapi

WmiEventSourceConnect
WmiCreateObjectWithFormat
WmiEventSourceDisconnect
WmiSetAndCommitObject
WmiIsObjectActive
WmiDestroyObject

user32

DispatchMessageA
MsgWaitForMultipleObjects

advapi32

SetSecurityDescriptorGroup
GetLengthSid
IsValidSecurityDescriptor
CryptGenRandom
SetSecurityDescriptorOwner
RegSetValueExW
RegEnumKeyExW
CopySid
RegOpenKeyExW
GetSecurityDescriptorLength
EqualSid
SetSecurityDescriptorDacl
AccessCheck
RegCloseKey
IsValidSid
CryptReleaseContext
OpenThreadToken
GetSecurityDescriptorDacl
RegDeleteKeyW
RegCreateKeyW
InitializeSecurityDescriptor
RegOpenKeyW
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptAcquireContextW
AllocateAndInitializeSid
FreeSid
GetTokenInformation
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl

ole32

CoDisconnectObject
CLSIDFromString
CoInitialize
CoGetClassObject
CoImpersonateClient
CoRevertToSelf
StringFromGUID2
CoGetCallContext
CoSwitchCallContext
CoCreateInstance

oleaut32

SafeArrayUnaccessData
SafeArrayGetUBound
SysAllocStringLen
VariantInit
SysAllocString
SafeArrayCreateVector
SafeArrayCreate
SysFreeString
SafeArrayGetLBound
GetErrorInfo
SafeArrayAccessData
VariantClear

kernel32

GetLocalTime
InitAtomTable
Module32Next
InterlockedExchangeAdd
GetUserDefaultLangID
EnumDateFormatsA
TerminateProcess
GetConsoleHardwareState
GetPrivateProfileIntA
Sleep
DebugBreak
GetCommConfig
ReplaceFile
WriteProfileStringA
InterlockedExchange
UnhandledExceptionFilter
GetCurrentProcessId
FindFirstChangeNotificationA
EnterCriticalSection
RtlCaptureStackBackTrace
SetConsoleTitleA
CreateDirectoryExA
HeapFree
SetClientTimeZoneInformation
GetShortPathNameW
OpenFile
ResetEvent
GlobalReAlloc
SetUnhandledExceptionFilter
BaseCheckAppcompatCache
EnumCalendarInfoA
SetConsoleLocalEUDC
lstrcmpi
UnregisterConsoleIME
LocalFree
GetConsoleCommandHistoryLengthW
TerminateThread
LCMapStringW
QueryPerformanceCounter
CreateEventW
SetConsoleMode
SwitchToThread
TlsSetValue
GetComputerNameW
HeapReAlloc
OpenFileMappingA
SetCriticalSectionSpinCount
SetThreadPriorityBoost
GetCurrentDirectoryA
EscapeCommFunction
QueryPerformanceCounter
LeaveCriticalSection
WaitForSingleObject
ActivateActCtx
SetEvent
GlobalAddAtomW
SetProcessAffinityMask
GlobalWire
VirtualAlloc
PrivMoveFileIdentityW
GetComputerNameW
GetVersionExA
GetCurrentThread
SetConsoleTitleW
GetSystemTimeAsFileTime
InterlockedDecrement
Thread32Next
HeapAlloc
GetBinaryTypeW
Heap32ListNext
FileTimeToDosDateTime
WriteConsoleOutputAttribute
InterlockedIncrement
GetNamedPipeHandleStateW
ReleaseActCtx
GetCurrentProcess
CloseHandle
GetLastError
GetProcessHeap
GetComPlusPackageInstallStatus
SetLastError
lstrlenW
FindFirstVolumeMountPointA
GetSystemWow64DirectoryW
FindFirstFileW
ShowConsoleCursor
DeleteTimerQueueTimer
RtlZeroMemory
RegisterWowBaseHandlers
GetVersion
RemoveVectoredExceptionHandler
VerifyVersionInfoW
LockResource
DeleteCriticalSection
GetLastError
CreateTimerQueueTimer
TlsAlloc
GetCommandLineW
DeactivateActCtx
ReadConsoleOutputA
BackupWrite
GetFileAttributesW
GetTickCount
CreateDirectoryW
SetConsoleKeyShortcuts

dsprop

DllCanUnloadNow
ADsPropSetHwnd

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.IL
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.GL
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.oo
Size: 3KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.diG
Size: 2KB - Virtual size: 47KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wknPli
Size: 3KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jn
Size: 1KB - Virtual size: 11KB

IMAGE_SCN_MEM_READ

.KG
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 123KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3d7586b17704eef9d881e5536885f90

Headers

File Characteristics

Imports

msvcrt

ncobjapi

user32

advapi32

ole32

oleaut32

kernel32

dsprop

Sections

.text Size: 15KB - Virtual size: 14KB

.IL Size: 1KB - Virtual size: 4KB

.GL Size: 2KB - Virtual size: 5KB

.rdata Size: 5KB - Virtual size: 5KB

.oo Size: 3KB - Virtual size: 35KB

.data Size: 8KB - Virtual size: 12KB

.diG Size: 2KB - Virtual size: 47KB

.wknPli Size: 3KB - Virtual size: 38KB

.jn Size: 1KB - Virtual size: 11KB

.KG Size: 2KB - Virtual size: 5KB

.rsrc Size: 123KB - Virtual size: 184KB

.text
Size: 15KB - Virtual size: 14KB

.IL
Size: 1KB - Virtual size: 4KB

.GL
Size: 2KB - Virtual size: 5KB

.rdata
Size: 5KB - Virtual size: 5KB

.oo
Size: 3KB - Virtual size: 35KB

.data
Size: 8KB - Virtual size: 12KB

.diG
Size: 2KB - Virtual size: 47KB

.wknPli
Size: 3KB - Virtual size: 38KB

.jn
Size: 1KB - Virtual size: 11KB

.KG
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 123KB - Virtual size: 184KB