e18236b30245253a7dfeee435a9b27ab_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e18236b30245253a7dfeee435a9b27ab_JaffaCakes118
Size

329KB
MD5

e18236b30245253a7dfeee435a9b27ab
SHA1

410c0a29a29e1fa1870633665a7908dbaad891be
SHA256

c45951554bbae9837fdf4705df7558d59fbe10d85d2740aa0513d1c03071e14c
SHA512

fcb904f7b4d4299fd79b0b1829877ec05a6dfb94f2ad7976108d1d0aaecb9cc7a10ac64eea57e8af63c01a3f4fefeeb430497c51ea8923917c1ba8976324dcbc
SSDEEP

6144:mz+zvWnEWJwmg/vdWnJ8pL4Gq1qGWpIkpc9UG7t678mrZb+JCZLH12YK5QJOz:mz+iEWJO/vdWmpVgWpCBhmrF+Jsh2YKj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e18236b30245253a7dfeee435a9b27ab_JaffaCakes118

Files

e18236b30245253a7dfeee435a9b27ab_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2cf62dc9c5dd4e79bd1a489943ca9e86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
IsDebuggerPresent
LoadLibraryA
GetLastError
GetProcessId
GetProcAddress
CreateWaitableTimerW
VirtualFree
UnmapViewOfFile
LoadLibraryW
GetTickCount
LeaveCriticalSection
SizeofResource
GetCurrentProcess
GetSystemTimeAsFileTime
GlobalUnlock
InitializeSListHead
RtlCaptureStackBackTrace
InterlockedIncrement
RaiseException
EnterCriticalSection
ProcessIdToSessionId
CompareStringW
MapViewOfFile
InitializeCriticalSectionAndSpinCount
CancelIo
LockResource
GetFileSize
GetVersion
Sleep
SleepEx
DuplicateHandle
GetFullPathNameA
OutputDebugStringW
CreateFileW
DebugBreak
VirtualQuery
LocalAlloc
FindResourceW
PulseEvent
lstrcmpiA
InterlockedFlushSList
WriteFile
InterlockedExchange
LoadResource
CreateFileMappingA
TryEnterCriticalSection
FindFirstFileW
QueryPerformanceFrequency
SetUnhandledExceptionFilter
WideCharToMultiByte
CreateFileMappingW
InterlockedPushEntrySList
CreateFileA
UnhandledExceptionFilter
FreeLibrary
ExitProcess
GetModuleHandleW
SetLastError
OutputDebugStringA
SetEvent
GetCurrentThreadId
MulDiv
GetVersionExW
SetThreadPriority
CreateEventW
DelayLoadFailureHook
WaitForSingleObjectEx
RtlUnwind
SetProcessWorkingSetSize
QueryPerformanceCounter
WaitForMultipleObjects
WaitForSingleObject
GetSystemInfo
InterlockedDecrement
GetVersionExA
GetProcessWorkingSetSize
FindClose
SetWaitableTimer
SystemTimeToFileTime
VirtualLock
HeapReAlloc
CloseHandle
GetProcessHeap
GetCurrentProcessId
VirtualAlloc
DeleteCriticalSection
InterlockedExchangeAdd
GetCurrentThread
TerminateThread
InterlockedCompareExchange
HeapAlloc
QueryDepthSList
ReadFile
DisableThreadLibraryCalls
GetModuleHandleA
GetSystemDirectoryW
ResetEvent
TerminateProcess
GetOverlappedResult
IsProcessorFeaturePresent
HeapFree
InitializeCriticalSection
CreateThread

psapi

GetProcessMemoryInfo

ole32

CoCreateInstance
PropVariantCopy
PropVariantClear
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize

rpcrt4

RpcServerUnregisterIfEx
RpcBindingSetAuthInfoExW
UuidCreate
RpcServerRegisterIfEx
RpcBindingFromStringBindingW
RpcStringFreeW
RpcBindingFree
RpcSsDestroyClientContext
NdrAsyncServerCall
I_RpcExceptionFilter
RpcAsyncCancelCall
RpcEpRegisterW
RpcServerUseProtseqW
RpcBindingVectorFree
RpcAsyncGetCallStatus
RpcServerInqBindings
RpcServerInqCallAttributesW
NdrAsyncClientCall
RpcAsyncCompleteCall
RpcStringBindingComposeW
UuidToStringW
RpcAsyncInitializeHandle

msvcrt

_isnan
strchr
_XcptFilter
wcsstr
_CIcos
_fpclass
_CIacos
memcpy
_CIexp
_CIsinh
_clearfp
toupper
_CItan
isspace
_CIatan
_resetstkoflw
calloc
isxdigit
_lock
__dllonexit
memset
_copysign
isdigit
_adjust_fdiv
_finite
_onexit
modf
_wtoi
clock
_amsg_exit
_CIpow
isalnum
_strdup
_purecall
atof
_CIlog
setlocale
ceil
_CIatan2
_vsnwprintf
malloc
_unlock
_wcsicmp
atoi
_CIcosh
wcschr
_errno
_wtof
_CIsin
_CItanh
memmove
qsort
_controlfp
isalpha
_vsnprintf
_stricmp
floor
_CIsqrt
_initterm
realloc
free
_CIasin
tolower
_CIfmod
wcstol

advapi32

GetTraceEnableFlags
RegOpenKeyA
GetTraceEnableLevel
RegCloseKey
GetTraceLoggerHandle
RegQueryValueExA
RegOpenKeyExW
RegisterTraceGuidsW
TraceMessage
TraceEvent
RegQueryValueExW
UnregisterTraceGuids

gdi32

CreateDCW
GetDIBits
BitBlt
GetRegionData
SelectObject
DrawEscape
SelectPalette
GetDeviceCaps
RealizePalette
CombineRgn
CreateCompatibleBitmap
CreateICW
RectInRegion
GetSystemPaletteEntries
CreateCompatibleDC
GdiEntry13
DeleteDC
CreateDIBSection
CreatePalette
DeleteObject
SetLayout
GetRgnBox
GetDCOrgEx
CreateRectRgnIndirect
OffsetRgn

ntdll

RtlNumberGenericTableElements
RtlInsertElementGenericTable
NtAddAtom
RtlInitializeGenericTable
RtlUlongByteSwap
RtlEnumerateGenericTableWithoutSplaying
DbgBreakPoint
RtlFindClearBitsAndSet
RtlLookupElementGenericTable
RtlClearBits
DbgPrintEx
RtlIsGenericTableEmpty
NtCreateSection
NtUnmapViewOfSection
RtlDeleteElementGenericTable
NtQuerySystemInformation
NtMapViewOfSection
RtlInitializeBitMap
NtAllocateVirtualMemory

user32

IntersectRect
ReleaseDC
PeekMessageW
TranslateMessage
DispatchMessageW
GetMonitorInfoW
SystemParametersInfoW
PostMessageW
SetLayeredWindowAttributes
GetDC
EnumDisplaySettingsW
MsgWaitForMultipleObjects
EnumDisplayMonitors
CopyRect
IsWindow
ClientToScreen
EnumDisplayDevicesW
UpdateLayeredWindow
IsRectEmpty
InvalidateRect
EqualRect
RegisterWindowMessageW
SetRect
GetWindowLongW
GetGuiResources
GetDesktopWindow
OffsetRect
GetClientRect
GetWindowDC

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2cf62dc9c5dd4e79bd1a489943ca9e86

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

psapi

ole32

rpcrt4

msvcrt

advapi32

gdi32

ntdll

user32

Sections

.text Size: 27KB - Virtual size: 26KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 248KB - Virtual size: 248KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 12KB - Virtual size: 1.4MB

.text
Size: 27KB - Virtual size: 26KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 248KB - Virtual size: 248KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 12KB - Virtual size: 1.4MB