0a9341190e4a4d68a4743e3151a09ddc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0a9341190e4a4d68a4743e3151a09ddc_JaffaCakes118
Size

230KB
MD5

0a9341190e4a4d68a4743e3151a09ddc
SHA1

787652dd0305ba0673278d4ed92bb2632cb203ba
SHA256

e36d79d97a4ea869a40aa5fe103b24f0b283d68f2c5977b40a6f15e4f7548c0e
SHA512

e48c5f73c7b56d4999e24760b37c4e1124337391f27908dd32db0d0ecc521d5aa2d56c61e33f9f02ecd2349e7ada8ebf896f251ccdb3f54c9edc6564274762e1
SSDEEP

6144:tMGixtyRPhA5prAGabXDzOHtXlycBlFpSMiCcmqZXP9Z:tMGixSheAZDzOHtXrBl7piCyFr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a9341190e4a4d68a4743e3151a09ddc_JaffaCakes118

Files

0a9341190e4a4d68a4743e3151a09ddc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fe01bd42cc589494fb86166913cafb80

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
RegQueryValueExA
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
RegDeleteValueW
RegSaveKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumValueW
CryptAcquireContextW
CryptDecrypt
CryptEncrypt
CryptDestroyKey
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
CryptReleaseContext
RegCloseKey
RegQueryValueExW
EqualSid
RegQueryInfoKeyW
CloseServiceHandle
StartServiceW
GetUserNameW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegEnumKeyExW
FreeSid
RegOpenKeyExA

gdi32

SelectObject
CreateFontIndirectW
GetObjectW
GetCurrentObject
DeleteObject

kernel32

HeapAlloc
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
DeleteFileW
GetVersion
HeapFree
GetLastError
GetProcAddress
LoadLibraryW
TlsGetValue
TlsSetValue
IsBadCodePtr
GetModuleHandleW
IsBadWritePtr
WideCharToMultiByte
GetACP
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
ResetEvent
LocalAlloc
LocalFree
CloseHandle
ReleaseMutex
GetCurrentThreadId
MultiByteToWideChar
IsBadStringPtrA
IsBadStringPtrW
DeleteCriticalSection
TlsFree
FreeLibrary
SetEvent
InitializeCriticalSection
CreateMutexW
TlsAlloc
GetProcessHeap
GetTickCount
Sleep
GetComputerNameW
GetCurrentProcessId
IsBadReadPtr
lstrlenW
lstrlenA
FreeLibraryAndExitThread
CreateThread
CreateEventW
lstrcmpiW
GetModuleFileNameW
OutputDebugStringW

msvcrt

wcslen
_wcsicmp
free
wcscpy
iswctype
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_except_handler3
_wtol
wcscspn
wcscat
iswdigit
wcscmp
__CxxFrameHandler
wcschr
_wtoi
??2@YAPAXI@Z
??3@YAXPAX@Z
malloc
_vsnprintf
wcsrchr

rpcrt4

RpcStringFreeW
NdrClientCall2
I_RpcExceptionFilter
RpcBindingFree
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingSetAuthInfoW

rtutils

TraceDeregisterW
TraceRegisterExW
TraceVprintfExA

shlwapi

ord217
ord346
StrChrW
StrToIntW
ord191
StrCmpIW
StrCmpW
StrCpyNW
StrCmpNW

user32

PostMessageW
DestroyWindow
DefWindowProcW
RegisterClassW
LoadStringW
GetUserObjectInformationW
GetThreadDesktop
GetSystemMetrics
IsWindow
wsprintfA
wsprintfW
SendMessageW
EnableWindow
GetDlgItem
SendDlgItemMessageW
EndDialog
GetClientRect
CheckRadioButton
SetWindowTextW
SetFocus
GetFocus
GetWindowTextW
SetWindowLongW
GetWindowLongW
DialogBoxParamW
GetParent
MessageBeep
SetForegroundWindow
EnumWindows
MessageBoxW
IsWindowEnabled
ShowWindow
GetKeyState
SetWindowPos
CreateWindowExW
KillTimer
SetTimer
GetWindowRect
CloseClipboard
CallWindowProcW
SetClipboardData
GetClipboardData
OpenClipboard
EnumChildWindows
SetDlgItemInt
GetDlgItemInt
WinHelpW
GetActiveWindow

winmm

waveInMessage
waveOutMessage
midiInMessage
midiOutMessage

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ggu
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.orpc
Size: 172KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe01bd42cc589494fb86166913cafb80

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

msvcrt

rpcrt4

rtutils

shlwapi

user32

winmm

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 6KB - Virtual size: 8KB

.data Size: 3KB - Virtual size: 8KB

.idata Size: 172KB - Virtual size: 172KB

.ggu Size: 512B - Virtual size: 4KB

.orpc Size: 172KB - Virtual size: 212KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 6KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 8KB

.idata
Size: 172KB - Virtual size: 172KB

.ggu
Size: 512B - Virtual size: 4KB

.orpc
Size: 172KB - Virtual size: 212KB

.rsrc
Size: 6KB - Virtual size: 6KB