077728fa70e5409a6769a602730626fc_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

077728fa70e5409a6769a602730626fc_JaffaCakes118
Size

126KB
MD5

077728fa70e5409a6769a602730626fc
SHA1

2472af30dd686bb5d5b03c7e606378e0e505800f
SHA256

f9b8d706eae1a9496d7bd251ea3abee368106d8a22c9ab81ebbafa622a4f6319
SHA512

20ae0e384990c28741c0eacd479e116ad6adab6f1ac8c999886fd5082a065c9db34263f97eeb3ea1f4d7321db912daa279c8271789207c08bce3cef0fc21742e
SSDEEP

3072:EWaWV0yg265eenLQlsvMWL5t0688PKOzqbwh2Kk5xGPVwS7TwtnbiJqNDj:EDWVy6ykG0z8PKOzZY5w4tnbiJODj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
077728fa70e5409a6769a602730626fc_JaffaCakes118

Files

077728fa70e5409a6769a602730626fc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b6e95d979e33cfca0be3ff16303afe1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerFindFileW
GetFileVersionInfoSizeW
VerLanguageNameA
GetFileVersionInfoW
VerQueryValueA
VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

GetProcAddress
OpenMutexW
GetStdHandle
GetModuleHandleW
GlobalLock
InterlockedDecrement
SetErrorMode
LoadLibraryA
FormatMessageA
GetTickCount
GetThreadLocale
FindFirstFileA
lstrcpyW
LoadLibraryW
GlobalUnlock
SetFilePointer
GetWindowsDirectoryW
OutputDebugStringA
FileTimeToLocalFileTime
DisableThreadLibraryCalls
CreateProcessA
GetProcessHeap
InterlockedExchange
OutputDebugStringW
GetCurrentProcess
HeapReAlloc
GetCommandLineA
GetOEMCP
QueryPerformanceCounter
EnterCriticalSection
GetSystemTimeAsFileTime
GetCommandLineW
lstrcpynW
FlushFileBuffers
CreateEventA
lstrcmpW
OpenEventA
GetConsoleMode
VirtualProtect
CreateFileA
GetSystemInfo
IsBadReadPtr
MulDiv
SetHandleCount
GetVersionExA
DeleteFileA
GetVersion
GetFileAttributesW
RtlUnwind
SetLastError
GetACP
WriteFile
GetDriveTypeW
Sleep
GetFileType
VirtualAlloc
FindNextFileA
HeapSize
GetCurrentThread
OpenEventW
LoadLibraryExW
MapViewOfFile
CreateDirectoryW
FindResourceW
SizeofResource
CreateMutexA
DeleteFileW
TerminateProcess
CreateDirectoryA
LCMapStringW
LocalAlloc
FileTimeToSystemTime
OpenMutexA
LocalFree
GetFileSize
GetModuleHandleA

shell32

SHGetPathFromIDListA
SHBindToParent
DragQueryFileA
ShellExecuteA
SHGetFileInfoW
SHBrowseForFolderW
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFolderPathW
CommandLineToArgvW
SHGetMalloc
SHGetDesktopFolder
SHFileOperationW

user32

EndPaint
CharNextA
GetClassNameA
RegisterClipboardFormatW
RegisterClassExA
EnableMenuItem
LoadBitmapA
LoadStringW
GetWindowTextW
GetDlgCtrlID
TranslateMessage
ReleaseDC
CreateWindowExW
LoadStringA
CreatePopupMenu
EnumChildWindows
PtInRect
GetCapture
SystemParametersInfoW
IsWindow
SystemParametersInfoA
GetWindowTextA
GetActiveWindow
SendMessageA
UnregisterClassW
GetMessagePos
SetDlgItemTextA
BeginPaint
EndDialog
PeekMessageA
OffsetRect
GetFocus
SetWindowTextW
SetCursor
CallWindowProcA
GetForegroundWindow
CheckMenuItem
CreateWindowExA
CharUpperW
GetDlgItem
ExitWindowsEx
DestroyWindow
CharPrevW
EqualRect
IsDlgButtonChecked
IsWindowEnabled
LoadIconW
DrawTextW
FindWindowA
SetRect
GetKeyState

msvcrt

__p__osver
rand
ctime
exit
_commit
_ftol
srand
_rotl
_access
malloc

comctl32

CreateToolbar

advapi32

RegEnumValueW
MakeSelfRelativeSD
IsValidSecurityDescriptor
QueryServiceStatus
OpenServiceW
RegCreateKeyExA
ConvertStringSecurityDescriptorToSecurityDescriptorW
AddAce
RegOpenKeyW
GetSecurityDescriptorOwner
RegQueryInfoKeyW
LsaQueryInformationPolicy
AdjustTokenPrivileges
RevertToSelf
OpenSCManagerW
RegSetValueExW
OpenProcessToken
SetEntriesInAclW
GetUserNameA
RegEnumKeyW
RegSetValueA
RegSetValueW
LsaOpenPolicy
GetSecurityDescriptorControl
GetSidLengthRequired
RegOpenKeyExW
RegFlushKey
LookupPrivilegeValueW
GetTraceEnableLevel
ControlService
GetAce
InitializeAcl
SetSecurityDescriptorOwner
RegCloseKey
UnlockServiceDatabase
OpenServiceA
CryptGetHashParam
ReportEventW
CryptAcquireContextA
RegCreateKeyW
RegisterTraceGuidsW
CryptHashData
ImpersonateLoggedOnUser
SetServiceStatus
RegSetValueExA
GetTraceEnableFlags
ChangeServiceConfigW
SetSecurityDescriptorGroup
DeleteService
SetFileSecurityW
StartServiceW
LockServiceDatabase
RegCreateKeyExW
CryptCreateHash
RegDeleteKeyA
RegQueryValueW
RegEnumKeyA
RegDeleteValueW
GetTokenInformation
DuplicateTokenEx
UnregisterTraceGuids
SetSecurityDescriptorDacl
RegQueryValueA
RegEnumKeyExA
ConvertSidToStringSidW
GetAclInformation
CheckTokenMembership
OpenSCManagerA
CryptDestroyKey

rpcrt4

NdrDllGetClassObject
RpcImpersonateClient
RpcStringFreeW
CStdStubBuffer_CountRefs
RpcServerUnregisterIf
RpcRaiseException
RpcStringBindingComposeW
UuidToStringA
RpcBindingFromStringBindingW
NdrDllUnregisterProxy
CStdStubBuffer_Connect
IUnknown_QueryInterface_Proxy
RpcBindingVectorFree
CStdStubBuffer_DebugServerRelease
RpcBindingSetAuthInfoW
RpcBindingSetAuthInfoExW
UuidCreate
UuidToStringW
RpcServerInqBindings
CStdStubBuffer_Invoke
NdrOleFree
RpcBindingFree
RpcServerRegisterAuthInfoW
RpcRevertToSelf
RpcServerUseProtseqEpW
IUnknown_AddRef_Proxy
NdrServerCall2
RpcBindingToStringBindingW
RpcStringFreeA
NdrCStdStubBuffer2_Release

ntdll

NtSetInformationProcess
memmove
RtlLengthSid
RtlStringFromGUID
RtlSetEnvironmentVariable
RtlCreateAcl
RtlSubAuthoritySid
NtWaitForSingleObject
NtSetInformationThread
RtlTimeToTimeFields
sprintf
NtOpenSymbolicLinkObject
wcsncpy
RtlCopyLuid
RtlRunDecodeUnicodeString
RtlCreateSecurityDescriptor
RtlPrefixUnicodeString
RtlInitializeCriticalSectionAndSpinCount
RtlUnwind
RtlNewSecurityObject
wcscmp
strrchr
RtlAdjustPrivilege
NtCreateSection
NtDuplicateToken
NlsMbOemCodePageTag
RtlSizeHeap
NtQueryObject
RtlDeleteElementGenericTable
_snwprintf
_stricmp
RtlInsertElementGenericTable
NtQueryInformationFile
wcschr
NtQueryVirtualMemory
NtDeleteValueKey
NtQueryDirectoryObject
RtlDeleteSecurityObject
RtlClearBits
NlsMbCodePageTag
NtCancelIoFile
NtQueryInformationToken
atol
RtlQueryInformationAcl
RtlExpandEnvironmentStrings_U
RtlAddAce
NtAllocateVirtualMemory
RtlQueryRegistryValues
RtlInitializeGenericTable
RtlFreeAnsiString
NtTerminateThread
RtlCopyUnicodeString
RtlFreeHeap
RtlUnicodeToMultiByteN
RtlQueueWorkItem
_chkstk
wcstol
_wcsupr
NtWriteFile
RtlImageNtHeader
NtEnumerateValueKey
RtlLengthSecurityDescriptor
_wcslwr
atoi
RtlUnicodeStringToInteger
RtlUnicodeStringToAnsiString
RtlCreateHeap
RtlRunEncodeUnicodeString

shlwapi

PathIsRelativeW
PathFindFileNameA
StrStrW
PathSkipRootW
SHDeleteValueW
StrChrIW
PathIsURLW
SHGetValueW
PathIsDirectoryW
PathAppendW
StrToIntW
SHRegGetBoolUSValueW
PathIsRootW
PathStripToRootA
StrTrimW
PathGetDriveNumberW
StrCmpNIW
StrChrW
StrCmpIW
StrCmpNW
PathIsUNCW
SHSetValueW
PathAddBackslashW
PathFindExtensionA
PathFindExtensionW
StrStrIA
StrCatW
StrCatBuffW
PathRemoveFileSpecA
StrRChrW
StrCmpW
PathRemoveFileSpecW
SHStrDupW
UrlIsW
SHDeleteKeyW
StrStrIW
StrCpyW
wnsprintfA
PathCombineW
StrDupW
PathRemoveBlanksW
PathFindFileNameW
UrlUnescapeW
SHDeleteKeyA
SHDeleteValueA
UrlCanonicalizeW
PathFileExistsW
PathCreateFromUrlW
PathAppendA
PathRemoveExtensionW
wnsprintfW
StrCmpNIA

gdi32

GetPaletteEntries
SetMapMode
DPtoLP
LineTo
SelectPalette
GetBkMode
TextOutW
SetWindowExtEx
Escape
GetViewportExtEx
CreatePalette
SetTextColor
TranslateCharsetInfo
Polyline
SetPixel
CreateCompatibleDC
CreatePen
PtVisible
Rectangle
SetViewportOrgEx
DeleteMetaFile
ExtTextOutW
Ellipse
OffsetRgn
RestoreDC
ScaleWindowExtEx
ScaleViewportExtEx
GetPixel
ExcludeClipRect

Sections

DATA
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 482B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 512B - Virtual size: 489B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b6e95d979e33cfca0be3ff16303afe1e

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

shell32

user32

msvcrt

comctl32

advapi32

rpcrt4

ntdll

shlwapi

gdi32

Sections

DATA Size: 23KB - Virtual size: 22KB

.code Size: 99KB - Virtual size: 99KB

.idata Size: 512B - Virtual size: 482B

.idata Size: 1KB - Virtual size: 43KB

DATA Size: 512B - Virtual size: 489B

DATA
Size: 23KB - Virtual size: 22KB

.code
Size: 99KB - Virtual size: 99KB

.idata
Size: 512B - Virtual size: 482B

.idata
Size: 1KB - Virtual size: 43KB

DATA
Size: 512B - Virtual size: 489B