06747557b62220f4b161173ba98d3c1b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

06747557b62220f4b161173ba98d3c1b_JaffaCakes118
Size

2.6MB
MD5

06747557b62220f4b161173ba98d3c1b
SHA1

0dd8be118fb7e0aef21b7a0fe1566e2f6a3f8354
SHA256

f45389f5bcf49bc416868361435c1ad9d825328f684061ec320e87ff221324d5
SHA512

7151c01d6bb953dc480d6e0df930fb6865068d22d587b0ca59aed8f4fe76fe07de971ecf309f09ee96d60fe682616e7052fb8cc1a89859bca3b34da033884e0f
SSDEEP

49152:uXr0M1x+SErsawsa2whmg9L+20j74CQeH3qvxBrJeKC6fjwy4s0DKgAD:uXrer1wswNA4CDa3rX9bwBG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06747557b62220f4b161173ba98d3c1b_JaffaCakes118

Files

06747557b62220f4b161173ba98d3c1b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b1a33a3c5afffb44e781ff4e29a582c6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowDC
CharNextA
CheckMenuItem
RedrawWindow
CharUpperW
GetSystemMetrics
GetPropA
GetCursorPos
GetSystemMenu
IsChild
GetParent
GetSubMenu
FillRect
RegisterWindowMessageA
GetDC
CheckDlgButton
SetWindowTextW
ScreenToClient
ShowWindow
RegisterClassA
SetDlgItemTextA
GetDesktopWindow
ClientToScreen
MsgWaitForMultipleObjects
CharPrevW
IsWindow
GetMessageA

kernel32

SetErrorMode
GetCurrentProcess
GetExitCodeProcess
FindResourceW
SystemTimeToFileTime
GetVersionExW
GetCommandLineW
InterlockedCompareExchange
GetVersion
DeleteFileW
lstrcmpA
FindResourceA
GetLocalTime
GetFileAttributesA
lstrcpynW
GetStringTypeA
CreateProcessW
FindClose
GetThreadLocale
LoadLibraryW
SetThreadPriority
GetModuleFileNameW
IsBadReadPtr
GetTickCount
UnmapViewOfFile
GetFileAttributesW
lstrcpynA
SetFileAttributesW
HeapSize
GetConsoleMode
ResetEvent
CreateFileMappingA
OpenMutexW
lstrcmpW
InterlockedIncrement
lstrcpyW
HeapReAlloc
SetLastError
GetCurrentThreadId
WaitForSingleObject
ExitProcess
GetCurrentThread
UnhandledExceptionFilter
HeapDestroy
GetModuleHandleA
GetStringTypeW
GetSystemDirectoryW
VirtualAllocEx

shell32

SHBrowseForFolderA
CommandLineToArgvW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHBrowseForFolderW
DragQueryFileW
SHFileOperationW
ShellExecuteA
SHGetFileInfoW
DragQueryFileA
SHGetFolderPathW
SHGetMalloc
ShellExecuteW
SHBindToParent
ShellExecuteExW
SHGetDesktopFolder
SHChangeNotify

oleaut32

SafeArrayGetUBound
LoadTypeLib
SafeArrayAccessData
VariantClear
SafeArrayGetLBound
SafeArrayPtrOfIndex
VariantCopyInd
CreateErrorInfo
RegisterTypeLib
VariantChangeTypeEx
SafeArrayGetElement
SysStringByteLen
SafeArrayPutElement
SysReAllocStringLen
GetErrorInfo
VariantCopy
SetErrorInfo
GetActiveObject
SafeArrayUnaccessData
VariantChangeType
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
SysFreeString
SafeArrayCreate
VariantInit
OleLoadPicture

msvcrt

__p__commode
wcsncat
??3@YAXPAX@Z
exit
iswspace
_except_handler3
isalpha
_ltoa
_fileno
_wsplitpath
fopen
wcschr
_snprintf
wcsncmp
towupper
_wcsupr
_acmdln
bsearch
strtok
_vsnwprintf

version

GetFileVersionInfoW
VerLanguageNameA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerFindFileW
VerQueryValueW
VerQueryValueA

atmlib

ATMFontAvailableA
ATMRemoveFont
ATMAddFontExW
ATMGetBuildStrA
ATMGetGlyphList
ATMEnumMMFontsW

advapi32

RegCreateKeyExA
GetSecurityDescriptorDacl
ImpersonateLoggedOnUser
RegEnumValueA
LookupPrivilegeValueA
LsaQueryInformationPolicy
GetSidSubAuthority
RegQueryInfoKeyW
ControlService
SetEntriesInAclW
RegDeleteKeyW
GetTraceEnableFlags
ConvertSidToStringSidW
EqualSid
ConvertStringSidToSidW
LookupAccountNameW
RegSetValueExA
OpenServiceA
CheckTokenMembership
RegOpenKeyW
OpenThreadToken
CryptAcquireContextA
RegOpenKeyExW
StartServiceW
DeleteService
InitializeAcl
SetNamedSecurityInfoW
RegQueryValueExW
AddAce
CryptGenRandom
OpenProcessToken
GetTraceLoggerHandle
RegSetValueExW
RegQueryInfoKeyA
OpenSCManagerA
DuplicateTokenEx
DeregisterEventSource
GetTokenInformation
RegEnumKeyA
RegCreateKeyExW
GetUserNameW
CryptGetHashParam
AllocateAndInitializeSid
RegCreateKeyW
UnregisterTraceGuids
RegQueryValueA
UnlockServiceDatabase

ole32

CoRevokeClassObject
CoFreeUnusedLibraries
CoTaskMemAlloc
CLSIDFromProgID
StringFromIID
CoUnmarshalInterface
CoRevertToSelf
CoGetObjectContext
OleRegGetUserType
CoCreateInstance
ReleaseStgMedium
CoMarshalInterThreadInterfaceInStream
OleRun
CreateStreamOnHGlobal
CreateOleAdviseHolder
StringFromGUID2
OleInitialize
CoImpersonateClient
ProgIDFromCLSID
CoMarshalInterface
MkParseDisplayName
CoInitializeSecurity
CoCreateFreeThreadedMarshaler
CreateDataAdviseHolder
StgCreateDocfileOnILockBytes
WriteClassStm
OleLoadFromStream
OleRegEnumVerbs
CreateILockBytesOnHGlobal
PropVariantCopy
OleSaveToStream
PropVariantClear
GetRunningObjectTable
CoGetClassObject
CoReleaseMarshalData
CoGetInterfaceAndReleaseStream
StgCreateDocfile
CoInitializeEx
OleRegGetMiscStatus
OleUninitialize
CoCreateInstanceEx
CoTaskMemRealloc
CreateItemMoniker
StgOpenStorage
IIDFromString
CoRegisterClassObject
StringFromCLSID
CoUninitialize

rpcrt4

NdrDllRegisterProxy
NdrOleAllocate
UuidToStringW
CStdStubBuffer_DebugServerRelease
UuidCreate
NdrCStdStubBuffer_Release
RpcServerRegisterIfEx
NdrDllGetClassObject
NdrStubForwardingFunction
CStdStubBuffer_QueryInterface
CStdStubBuffer_IsIIDSupported
RpcServerInqBindings
RpcRevertToSelf
NdrCStdStubBuffer2_Release
RpcBindingSetAuthInfoW
CStdStubBuffer_Disconnect
UuidFromStringW
CStdStubBuffer_Connect
NdrOleFree
CStdStubBuffer_Invoke
RpcStringFreeA
IUnknown_QueryInterface_Proxy
NdrDllUnregisterProxy
IUnknown_AddRef_Proxy
NdrStubCall2
RpcServerUnregisterIf
NdrDllCanUnloadNow
RpcServerUseProtseqEpW
RpcBindingFree
RpcRaiseException
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcEpResolveBinding
RpcImpersonateClient
NdrServerCall2
UuidToStringA
RpcBindingFromStringBindingW
CStdStubBuffer_AddRef
NdrClientCall2

Sections

.code
Size: 400KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 339KB - Virtual size: 733KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CODE
Size: 630KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEKD
Size: 1.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1a33a3c5afffb44e781ff4e29a582c6

Headers

File Characteristics

Imports

user32

kernel32

shell32

oleaut32

msvcrt

version

atmlib

advapi32

ole32

rpcrt4

Sections

.code Size: 400KB - Virtual size: 400KB

PAGE Size: 339KB - Virtual size: 733KB

RT_CODE Size: 630KB - Virtual size: 1.3MB

PAGEKD Size: 1.2MB - Virtual size: 3.2MB

.tls Size: - Virtual size: 13KB

.rsrc Size: 10KB - Virtual size: 9KB

.code
Size: 400KB - Virtual size: 400KB

PAGE
Size: 339KB - Virtual size: 733KB

RT_CODE
Size: 630KB - Virtual size: 1.3MB

PAGEKD
Size: 1.2MB - Virtual size: 3.2MB

.tls
Size: - Virtual size: 13KB

.rsrc
Size: 10KB - Virtual size: 9KB