fcc161e004e16193863ee4990f23e0aa_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fcc161e004e16193863ee4990f23e0aa_JaffaCakes118
Size

200KB
MD5

fcc161e004e16193863ee4990f23e0aa
SHA1

e176f35fab15b6662c34fe325613b34fd6f5a1e6
SHA256

0e650c3a15b82d546d7faf97d76074bda7816f32ca18ec0364cbcda68727fa99
SHA512

b5ef493576d50681f3279fc3fa14376d04f41d8e39daa1868bdc8af7aec46ab5f6f747ba6b856fdee00b7b1d8304e2e17dcaf61f1245b0375baea26fca484ad8
SSDEEP

3072:KUO59O6ocwC6Un6EDhC0bqSdVsP+Xvwx3/tR7hmubfNfRMdhJClOjV:Q59doX97I3qSdVOKI79Ikf0Tj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fcc161e004e16193863ee4990f23e0aa_JaffaCakes118

Files

fcc161e004e16193863ee4990f23e0aa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ab9c706e645047ee9d911b62fcd676bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Ali\Internal Projects\ls2\Release\lsServ.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

LeaveCriticalSection
GlobalReAlloc
GlobalHandle
EnterCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
lstrcmpW
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
WritePrivateProfileStringA
GetCurrentDirectoryA
GlobalFlags
GetCPInfo
GetOEMCP
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapAlloc
HeapFree
HeapReAlloc
LocalAlloc
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetDriveTypeA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
FindNextFileA
GetCurrentThread
GetCurrentThreadId
FreeLibrary
GlobalDeleteAtom
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
SetErrorMode
lstrcatA
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
LocalFree
LoadLibraryA
GetFullPathNameA
FindFirstFileA
FindClose
lstrcpyA
lstrcpynA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
InterlockedDecrement
FormatMessageA
SetUnhandledExceptionFilter
lstrlenA
lstrcmpiA
CompareStringA
CompareStringW
MultiByteToWideChar
GetVersion
CopyFileA
CreateFileA
ConnectNamedPipe
GetTickCount
SetNamedPipeHandleState
FlushFileBuffers
DisconnectNamedPipe
CreateNamedPipeA
GetCommandLineA
ExitProcess
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
GetModuleFileNameA
DeleteFileA
OpenEventA
Sleep
CreateThread
CreateEventA
WriteFile
SetFilePointerEx
ReadFile
GetModuleHandleA
GetProcAddress
GetFileAttributesA
GetLastError
SetLastError
GetDiskFreeSpaceA
GetVolumeInformationA
DeviceIoControl
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
GetCurrentProcessId
OpenProcess
ReadProcessMemory
WriteProcessMemory
CloseHandle
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
TerminateProcess

user32

ShowWindow
SetWindowTextA
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetCursor
GetMessageA
TranslateMessage
GetActiveWindow
GetCursorPos
ValidateRect
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
GetForegroundWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
GetMessagePos
LoadIconA
PeekMessageA
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
GetWindowTextA
SendMessageA
GetMessageTime
MessageBoxA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
UnhookWindowsHookEx
LoadCursorA
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
PostMessageA
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
wsprintfA
GetSystemMetrics
CharUpperA

gdi32

SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetStockObject
CreateBitmap
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
SaveDC
GetDeviceCaps
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
OffsetViewportOrgEx

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

DeleteService
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegOpenKeyA
StartServiceA
ControlService
StartServiceCtrlDispatcherA
OpenServiceA
ConvertStringSecurityDescriptorToSecurityDescriptorA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegisterServiceCtrlHandlerA
SetServiceStatus
DecryptFileA
RegCreateKeyExA
RegQueryValueExA
RegDeleteValueA
RegSetValueExA
RegCloseKey

comctl32

ord17

shlwapi

PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathFindExtensionA

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantChangeType
SysAllocString
SysFreeString
VariantClear
VariantInit

Sections

.text
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab9c706e645047ee9d911b62fcd676bf

Headers

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

ole32

oleaut32

Sections

.text Size: 144KB - Virtual size: 140KB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 4KB - Virtual size: 760B

.text
Size: 144KB - Virtual size: 140KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 4KB - Virtual size: 760B