e1cc4c25c3dca7357a2f099b0df73da9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e1cc4c25c3dca7357a2f099b0df73da9_JaffaCakes118
Size

490KB
MD5

e1cc4c25c3dca7357a2f099b0df73da9
SHA1

85c0c89e4783a46d7bd13dc8184fce2387fe7fb9
SHA256

334dfda74df3450844ecade402a621c41462612ce94bf134cd83195aaabd7104
SHA512

0dda146965ad9eea3dbf372d1e94487c59f4a520cba915c2e409c7560b32716af925a18032f44755b4c82ce6c7fa6a7501f50722f7b19bde0a36da159ea22558
SSDEEP

6144:qPVBtQt0FeG9jXzvT8X8jiv5b9yIgYwnAKBfwiG9Glj9UvsMbFofndmLhSKgQi:qPilG9jLT4pyIPwntFl9OyfndmLh13i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1cc4c25c3dca7357a2f099b0df73da9_JaffaCakes118

Files

e1cc4c25c3dca7357a2f099b0df73da9_JaffaCakes118
.exe windows:6 windows x86 arch:x86

7882bc5d4416b5742ea36b1767b4412e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

lpksetup.pdb

Imports

advapi32

EventWrite
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
InitiateShutdownW
EventRegister
EventUnregister
RegQueryInfoKeyW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegGetValueW
RegEnumValueW
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetEntriesInAclW
CreateWellKnownSid
InitializeSecurityDescriptor
RegDeleteKeyW
RegDeleteTreeW
AdjustTokenPrivileges
PrivilegeCheck
LookupPrivilegeValueW
OpenProcessToken

kernel32

OpenProcess
HeapFree
GetProcessHeap
K32EnumProcesses
GetWindowsDirectoryW
GetLastError
TerminateThread
GetModuleHandleW
CreateEventW
CreateMutexW
CreateThread
WaitForMultipleObjectsEx
WaitForSingleObjectEx
SetEvent
ReleaseMutex
GetVersionExW
GetLocaleInfoEx
WriteFile
CreateFileW
GetLocalTime
HeapSetInformation
FormatMessageW
WaitForSingleObject
lstrlenW
RaiseException
LoadLibraryW
GetProcAddress
FreeLibrary
ExpandEnvironmentStringsW
GetModuleFileNameW
ExitProcess
GetCurrentThreadId
GetCommandLineW
QueryFullProcessImageNameW
LeaveCriticalSection
GetFileAttributesW
GetProductInfo
GetSystemTimeAsFileTime
GetTickCount64
GetLocaleInfoW
GetSystemDefaultUILanguage
GetNativeSystemInfo
GetFileMUIPath
GetSystemDirectoryW
SearchPathW
GetCurrentDirectoryW
InterlockedCompareExchange
HeapAlloc
GetThreadPreferredUILanguages
InterlockedExchange
FindClose
GetUserPreferredUILanguages
GetDiskFreeSpaceExW
GetSystemPreferredUILanguages
GetCurrentProcess
NotifyUILanguageChange
SetProcessPreferredUILanguages
GetTempPathW
FindNextFileW
DeleteFileW
RemoveDirectoryW
FindFirstFileW
CreateProcessW
GetExitCodeThread
LocaleNameToLCID
CreateDirectoryW
EnumUILanguagesW
GetUILanguageInfo
GetExitCodeProcess
LocalFree
LocalAlloc
GetCurrentProcessId
CloseHandle
EnterCriticalSection
Sleep
SetLastError
MulDiv
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
VirtualQuery
GetSystemInfo
VirtualFree
VirtualAlloc
VirtualProtect
UnhandledExceptionFilter
TerminateProcess
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
GetStartupInfoW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
InitializeCriticalSection
GetFileAttributesExW

gdi32

SetTextColor
SelectObject
CreateRectRgn
SetBkMode

user32

EndPaint
SetWindowLongW
GetWindowLongW
SetDlgItemTextW
DefWindowProcW
SetActiveWindow
SetForegroundWindow
GetAncestor
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
CharNextW
CharUpperW
MessageBoxW
GetDlgItemTextW
SetCursor
LoadCursorW
GetDlgItem
SendDlgItemMessageW
ExitWindowsEx
DestroyWindow
ShowWindow
EnableWindow
GetDlgCtrlID
GetFocus
UnregisterClassW
AllowSetForegroundWindow
RegisterClassExW
LoadIconW
SystemParametersInfoW
SetTimer
KillTimer
FindWindowW
SendNotifyMessageW
LoadStringW
GetSysColor
SendMessageW
GetParent
SetWindowRgn
GetClientRect
SetWindowPos
RegisterWindowMessageW
CreateWindowExW
GetSystemMetrics
LoadImageW
DestroyIcon
BeginPaint
DrawTextW
MapWindowPoints
InvalidateRect
GetWindowRect
UnregisterClassA

msvcrt

_wfopen
fgetws
_wcsnicmp
iswctype
_isctype
towupper
toupper
iswspace
wcscat_s
_wgetcwd
_wsetlocale
malloc
_ltow_s
wcsncmp
memmove
_wgetenv
wcscpy_s
tolower
sprintf_s
memchr
localeconv
free
_wcsicoll
wcstoul
wcstol
_ftol2
ceil
fclose
_vsnwprintf
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
towlower
wcsncpy_s
wcsstr
??0exception@@QAE@XZ
_wcsicmp
wcschr
_CxxThrowException
iswalpha
memset
memcpy_s
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
memmove_s
__CxxFrameHandler3
_purecall
_controlfp
_onexit
_lock
__dllonexit
_unlock
__uncaught_exception
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
abort
__mb_cur_max
__crtLCMapStringW
__crtGetStringTypeW
setlocale
___mb_cur_max_func
_errno
___lc_handle_func
___lc_codepage_func
__pctype_func
_callnewh
strcspn

ntdll

RtlNtStatusToDosError
RtlGetUILanguageInfo
WinSqmIsOptedIn
RtlGetNtProductType
NtGetMUIRegistryInfo
RtlpSetPreferredUILanguages
NtIsUILanguageComitted
WinSqmAddToStream

shell32

SHGetIDListFromObject
SHCreateItemInKnownFolder
ord28
SHBrowseForFolderW
ord51
SHGetDataFromIDListW
SHBindToFolderIDListParent
SHGetPathFromIDListW
ShellExecuteExW

comctl32

ord17
CreatePropertySheetPageW
PropertySheetW
ord345
ImageList_Destroy
ImageList_Create
ImageList_ReplaceIcon
ord344

ole32

CoGetObject
CoInitialize
CoRegisterClassObject
CoRevokeClassObject
StringFromGUID2
CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize
CoResumeClassObjects
CoSetProxyBlanket
CoInitializeSecurity
CoGetCallContext
CoWaitForMultipleHandles
CoSuspendClassObjects

oleaut32

SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VariantInit
VariantClear
SysFreeString
SysStringLen

slc

SLGetWindowsInformationDWORD
SLGetWindowsInformation

dpx

DpxNewJob

shlwapi

PathFindExtensionW
StrStrIW
StrStrNW
StrCmpIW
StrRetToStrW
ord158
PathFileExistsW
PathRemoveFileSpecW
ord219
PathMatchSpecExW
PathRemoveBackslashW
PathIsDirectoryW

Sections

.text
Size: 331KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rvzisvi
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7882bc5d4416b5742ea36b1767b4412e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ntdll

shell32

comctl32

ole32

oleaut32

slc

dpx

shlwapi

Sections

.text Size: 331KB - Virtual size: 331KB

.data Size: 1024B - Virtual size: 19KB

.rsrc Size: 111KB - Virtual size: 111KB

.reloc Size: 45KB - Virtual size: 45KB

rvzisvi Size: - Virtual size: 4KB

.text
Size: 331KB - Virtual size: 331KB

.data
Size: 1024B - Virtual size: 19KB

.rsrc
Size: 111KB - Virtual size: 111KB

.reloc
Size: 45KB - Virtual size: 45KB

rvzisvi
Size: - Virtual size: 4KB