f8f29297c7ca345746a14b3193cdb686_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f8f29297c7ca345746a14b3193cdb686_JaffaCakes118
Size

54KB
MD5

f8f29297c7ca345746a14b3193cdb686
SHA1

99b1c86b5bc7fc03d329cf2937fb5fdc0ea84681
SHA256

196eb4787e83a40d832faab7c55d1b7e23c7d94812f0a7e6022ebd82adf60274
SHA512

c216ea6b5905bfe52d6702f5afda7beeab75de3d4013ed7642040bb50ec0e687ced1b781fd89d90f5817a2850b9f1c99f21194b2d159657bb84f97f3a19c1fe0
SSDEEP

768:et5dYKV4MkWXKba15cZfTUBTWtssrEV9WAxWTgccYg6ek6nQoV1WRsKzM3v4/rI:et5dYK4PewfwZmdBINfO+VQRsKo3v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f8f29297c7ca345746a14b3193cdb686_JaffaCakes118

Files

f8f29297c7ca345746a14b3193cdb686_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1a96c73d31c5b37330b9b1adc565e718

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

auxOutMessage

kernel32

GetCurrentThreadId
GetCurrentProcessId
GetEnvironmentVariableW
GetFileTime
InterlockedDecrement
GetVolumeInformationW
DuplicateHandle
FreeLibrary
SetWaitableTimer
SetFileTime
LocalReAlloc
OpenProcess
VirtualAlloc
GetUserDefaultLCID
GetCurrentActCtx
GetCurrentThread
CreateWaitableTimerW
InterlockedIncrement
GetFileAttributesW
lstrlenW
SetErrorMode
GlobalAlloc
GetLocalTime
ReleaseActCtx
lstrcmpA
DeleteFileW
CompareFileTime
UnmapViewOfFile
FindResourceW
LeaveCriticalSection
GlobalLock
GetDriveTypeW
GetVersionExW
TerminateProcess
LoadResource
CreateFileMappingW
GetTimeFormatW
SetFileAttributesW
FormatMessageW
CloseHandle
LockResource
MapViewOfFile
SetCurrentDirectoryW
IsBadStringPtrW
GlobalFree
IsBadWritePtr
GetComputerNameExW
FindFirstFileW
GetFileSize
GetLocaleInfoW
ReadFile
lstrcmpW
GetLastError
ExitThread
Sleep
GetTickCount
GlobalUnlock
LocalFree
SetFilePointer
CreateThread
FileTimeToSystemTime
EnterCriticalSection
InitializeCriticalSection
GetComputerNameW
GetSystemTimeAsFileTime
MulDiv
LoadLibraryW
DeactivateActCtx
QueryPerformanceCounter
GlobalReAlloc
GetSystemTime
GetFileType
WriteFile
GetFullPathNameW
CompareStringW
UnhandledExceptionFilter
SystemTimeToFileTime
GetUserDefaultUILanguage
DeleteCriticalSection
CancelWaitableTimer
FindClose
SearchPathW
FindNextFileW
CreateDirectoryW
ExpandEnvironmentStringsW
LocalAlloc
ActivateActCtx
WideCharToMultiByte
DisableThreadLibraryCalls
GetDateFormatW
SetUnhandledExceptionFilter
GetCurrentProcess
GetProcAddress
lstrcpynW
CreateFileW
lstrcmpiW
SetEndOfFile

advapi32

CloseServiceHandle
GetSecurityInfo
RegEnumKeyExW
AdjustTokenPrivileges
OpenProcessToken
RegDeleteKeyW
OpenThreadToken
SetEntriesInAclW
RegOpenKeyExW
ImpersonateSelf
QueryServiceStatus
SetSecurityDescriptorOwner
GetUserNameW
RegQueryValueExW
RegCloseKey
AccessCheck
SetSecurityInfo
LookupPrivilegeValueW
ControlService
FreeSid
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
RevertToSelf
OpenSCManagerW
StartServiceW
CheckTokenMembership
AllocateAndInitializeSid
GetFileSecurityW
RegConnectRegistryW
RegSetValueExW
LookupAccountSidW
OpenServiceW

rpcrt4

RpcStringBindingComposeW
RpcEpResolveBinding
RpcBindingFromStringBindingW
NdrClientCall2
RpcBindingFree
RpcBindingSetAuthInfoExW
UuidCreate
RpcStringFreeW

comctl32

ImageList_Destroy
ImageList_SetOverlayImage
ImageList_AddMasked
InitCommonControlsEx
ImageList_Remove
ImageList_GetIcon
PropertySheetW
ImageList_ReplaceIcon
ImageList_Create
CreatePropertySheetPageW
DestroyPropertySheetPage

userenv

UnloadUserProfile

ntdsapi

DsMakeSpnW

ole32

CoGetCallContext
OleUninitialize
CoTaskMemFree
OleSetClipboard
OleGetClipboard
CoTaskMemAlloc
ReleaseStgMedium
CoCreateInstance
OleInitialize

shlwapi

PathFindExtensionW
PathRemoveFileSpecW
PathFindFileNameW

shell32

DragQueryFileW
SHGetPathFromIDListW
SHGetFolderPathW
SHChangeNotify
SHFileOperationW
ShellExecuteW
SHExtractIconsW

lz32

LZClose

gdi32

RealizePalette
CreatePalette
GetStockObject
DeleteObject
SelectObject
GetObjectW
BitBlt
CreateDIBitmap
SelectPalette
CreateCompatibleDC
GetDeviceCaps
CreateFontIndirectW
DeleteDC

mpr

WNetGetConnectionW
WNetGetResourceInformationW
WNetGetNetworkInformationW

user32

SetDlgItemTextW
GetMenuItemID
ReleaseDC
GetParent
SetMenuItemInfoW
GetDlgItemInt
MessageBeep
GetDlgItem
DestroyWindow
SendMessageW
CheckDlgButton
GetWindowRect
TrackPopupMenu
RemoveMenu
GetWindowThreadProcessId
DefWindowProcW
SetMenuDefaultItem
WinHelpW
GetDlgItemTextW
GetMenuItemInfoW
PostMessageW
RegisterWindowMessageW
DestroyMenu
InvalidateRect
IsWindow
RegisterClassW
EnumWindows
GetClassInfoW
EnableMenuItem
GetKeyState
GetSubMenu
SetCursor
GetMenuItemCount
DialogBoxParamW
GetWindowLongW
IsDlgButtonChecked
SendDlgItemMessageW
FindWindowW
GetClassNameW
SetWindowPos
LoadCursorW
SwitchToThisWindow
ShowWindow
SetForegroundWindow
GetForegroundWindow
DestroyIcon
MapWindowPoints
EnumChildWindows
SetTimer
SystemParametersInfoW
GetWindowTextLengthW
CheckRadioButton
LoadStringW
MessageBoxW
LoadImageW
KillTimer
LoadMenuW
ValidateRect
CheckMenuItem
GetDC
GetClientRect
SetWindowLongW
CreateWindowExW
EndDialog
EnableWindow
GetLastActivePopup
SetWindowTextW
GetWindowTextW
SetFocus
RegisterClipboardFormatW
GetWindow
GetSystemMetrics

comdlg32

CommDlgExtendedError
GetOpenFileNameW

secur32

GetUserNameExW

msvcrt

_wcsicmp
wcsspn
memmove
free
wcscmp
wcsstr
setlocale
_vsnwprintf
wcspbrk
_adjust_fdiv
_initterm
_except_handler3
wcsrchr
wcslen
wcsncpy
wcschr
malloc
wcstoul
_purecall
wcstombs
iswctype
rand
mbstowcs
_wcsnicmp
_itow
wcsncmp

Sections

.textbss
Size: 43KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a96c73d31c5b37330b9b1adc565e718

Headers

File Characteristics

Imports

version

winmm

kernel32

advapi32

rpcrt4

comctl32

userenv

ntdsapi

ole32

shlwapi

shell32

lz32

gdi32

mpr

user32

comdlg32

secur32

msvcrt

Sections

.textbss Size: 43KB - Virtual size: 1.3MB

.text Size: 512B - Virtual size: 420B

.idata Size: 8KB - Virtual size: 8KB

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 4B

.textbss
Size: 43KB - Virtual size: 1.3MB

.text
Size: 512B - Virtual size: 420B

.idata
Size: 8KB - Virtual size: 8KB

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 4B