080c1dc9cbf460d35a74243386a60260_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

080c1dc9cbf460d35a74243386a60260_JaffaCakes118
Size

217KB
MD5

080c1dc9cbf460d35a74243386a60260
SHA1

1ae565c904511677eaac8f92f1721673ee0d3b1e
SHA256

d9e64d8870302601c6c2e5d075ee2a4039b7f61e0b680c395ade21f546d560b1
SHA512

ed4a7bb370c46f24ff20419cc57555beb1db860d38e9a26765953d37e9a0b9445e4a449f868635b8360bbceac3150b44ecaae2bc023e4c39c359ec93473d91ce
SSDEEP

3072:ZxiRacZ4pwUj6VKFRdHdhp28jD5ebhrDwAWKatr+WjGBGAnCxofe3S8b7+X:ZxiUcZ4p6SvwclShYAWKRGAaofe3S8G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
080c1dc9cbf460d35a74243386a60260_JaffaCakes118

Files

080c1dc9cbf460d35a74243386a60260_JaffaCakes118
.exe windows:6 windows x86 arch:x86

d92c80d49382091310fb8db089f856a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

sctasks.pdb

Imports

msvcrt

_vsnwprintf
_CxxThrowException
__CxxFrameHandler3
wcsrchr
memset
free
memcpy_s
isspace
_wtol
_onexit
_lock
__dllonexit
_unlock
_controlfp
_except_handler4_common
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_memicmp
_get_osfhandle
_errno
_fileno
fflush
fprintf
__iob_func
wcstod
wcstoul
wcstol
_purecall
memcpy
srand
_iob
_XcptFilter
_exit
_cexit
__wgetmainargs
_callnewh
malloc
_ultow
_wtoi
iswdigit
wcstok
wcschr
iswpunct
iswspace
wcspbrk

api-ms-win-core-console-l1-1-0

WriteConsoleW
SetConsoleMode
GetConsoleMode
ReadConsoleW

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

CreateFileW
ReadFile
CompareFileTime
SetFilePointer
GetFileSizeEx
WriteFile

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-interlocked-l1-1-0

InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange

api-ms-win-core-libraryloader-l1-1-0

LoadStringW
GetProcAddress
FreeLibrary
LoadLibraryExA
GetModuleHandleA

api-ms-win-core-localization-l1-1-0

GetLocaleInfoW

api-ms-win-core-localregistry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-misc-l1-1-0

Sleep
LocalFree
lstrlenW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetLocalTime
SystemTimeToFileTime
GetSystemTimeAsFileTime

api-ms-win-security-base-l1-1-0

CreateWellKnownSid
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority

ntdll

EtwTraceMessage
WinSqmAddToStream
RtlNtStatusToDosError
RtlCreateVirtualAccountSid
RtlInitUnicodeString
WinSqmIsOptedIn

user32

CharUpperW
MessageBeep

ole32

IIDFromString
CoUninitialize
StringFromGUID2
CoCreateGuid
CoCreateInstance
CoInitializeSecurity
CoInitializeEx

oleaut32

SysAllocStringByteLen
SysStringByteLen
VariantTimeToSystemTime
SysFreeString
VariantInit
VariantClear
SysAllocStringLen
GetErrorInfo
SysStringLen
VarBstrCat
VariantChangeType
SysAllocString

shlwapi

StrChrW
StrRChrIW
StrStrIW
StrChrIW
StrStrW

kernel32

HeapSize
HeapFree
HeapAlloc
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DebugBreak
HeapValidate
WideCharToMultiByte
RegDeleteKeyExW
DeleteFileTransactedW
DeleteFileW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InitializeCriticalSection
RegSetValueExW
ExpandEnvironmentStringsW
UnregisterWait
GetComputerNameExW
CompareStringA
GetThreadLocale
CompareStringW
FileTimeToSystemTime
GetModuleFileNameW
ExitProcess
GetConsoleOutputCP
HeapReAlloc
lstrlenA
GetFileType
VerSetConditionMask
VerifyVersionInfoW
FormatMessageW
SetThreadUILanguage
DelayLoadFailureHook
GetComputerNameW

ktmw32

CommitTransaction
RollbackTransaction
CreateTransaction

Sections

.text
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rjnhgdl
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d92c80d49382091310fb8db089f856a9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-console-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-localization-l1-1-0

api-ms-win-core-localregistry-l1-1-0

api-ms-win-core-misc-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-security-base-l1-1-0

ntdll

user32

ole32

oleaut32

shlwapi

kernel32

ktmw32

Sections

.text Size: 139KB - Virtual size: 138KB

.data Size: 24KB - Virtual size: 24KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 34KB - Virtual size: 36KB

rjnhgdl Size: - Virtual size: 4KB

.text
Size: 139KB - Virtual size: 138KB

.data
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 34KB - Virtual size: 36KB

rjnhgdl
Size: - Virtual size: 4KB