0ae6a083338943d92759d86a69561acb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0ae6a083338943d92759d86a69561acb_JaffaCakes118
Size

1.5MB
MD5

0ae6a083338943d92759d86a69561acb
SHA1

08bfff50f5cbc771146f38020cf45aacffc4db2f
SHA256

09ae61626ea7f519ef6a329ebab40f2c3f03f79b21c742f0014bf2cd1873c66e
SHA512

1c66aef241b423928557b709d19e0678e9ecc0a176d4c0a1d60dad8c6a1bdb4fdb166ab258cfb8977751e37bbf089487cdeecb2e664b3982bbb26652625f8d08
SSDEEP

24576:yB/JXQ6h5MM3cgQMBRVMg81jkaPyo4PAsEj6qhnbPqDRHDB9flhIOjZleV:ydJXQuMM3jNBR+g81jkaPyoOAXj6qtq2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ae6a083338943d92759d86a69561acb_JaffaCakes118

Files

0ae6a083338943d92759d86a69561acb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6bec3fec48947c342a7d65f6d2510931

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
RpcImpersonateClient
NdrDllGetClassObject
CStdStubBuffer_Invoke
RpcBindingSetAuthInfoExW
RpcServerUnregisterIf
RpcBindingFree
UuidToStringW
RpcBindingVectorFree
CStdStubBuffer_AddRef
UuidToStringA
NdrDllRegisterProxy
RpcRevertToSelf
RpcServerRegisterAuthInfoW
NdrOleAllocate
RpcStringFreeW
RpcRaiseException
NdrServerCall2
RpcBindingFromStringBindingW
UuidFromStringW
NdrCStdStubBuffer2_Release
UuidCreate
RpcStringFreeA
RpcStringBindingParseW
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
RpcBindingSetAuthInfoW
RpcServerUseProtseqEpW
IUnknown_Release_Proxy
NdrCStdStubBuffer_Release
RpcEpResolveBinding
NdrDllCanUnloadNow
RpcBindingToStringBindingW
CStdStubBuffer_CountRefs
RpcStringBindingComposeW
NdrClientCall2
CStdStubBuffer_IsIIDSupported

shlwapi

PathRemoveBackslashW
SHDeleteValueW
StrStrIA
SHStrDupW
PathSkipRootW
PathCombineW
StrToIntW
StrCatW
SHDeleteValueA
UrlIsW
PathRemoveFileSpecW
PathIsRelativeW
StrChrIW
PathFindExtensionW
PathRemoveBlanksW
wnsprintfW
StrStrIW
StrRChrW
PathStripToRootA
StrStrW
PathIsUNCW
UrlCanonicalizeW
PathFindExtensionA
PathFindFileNameW
UrlUnescapeW
PathGetDriveNumberW
StrTrimW
SHDeleteKeyA
StrToIntExW
SHGetValueW
PathRemoveExtensionW
SHSetValueW
StrCatBuffW
StrCmpIW
StrCpyNW
StrRetToBufW
StrCmpNIA

advapi32

RegisterTraceGuidsW
RegCreateKeyExA
RegCloseKey
SetSecurityDescriptorGroup
LookupAccountSidW
SetEntriesInAclW
ReportEventW
GetSidLengthRequired
RevertToSelf
RegQueryValueW
GetAclInformation
OpenServiceW
ChangeServiceConfigW
CryptDestroyHash
GetSidSubAuthorityCount
AdjustTokenPrivileges
ControlService
GetSecurityDescriptorControl
RegEnumKeyA
RegEnumKeyExA
RegQueryInfoKeyA
CopySid
LockServiceDatabase
RegOpenKeyA
EqualSid
RegOpenKeyExW
DeleteService
RegCreateKeyExW
GetAce
RegQueryValueExW
RegOpenKeyExA
LookupPrivilegeValueA
RegCreateKeyW
QueryServiceConfigW
InitializeAcl
OpenServiceA
RegFlushKey
RegEnumKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LsaQueryInformationPolicy
RegEnumValueA
CryptReleaseContext
AddAce
IsValidSid
RegDeleteValueW

msvcrt

isleadbyte
isxdigit
__setusermatherr
wcschr
_ultoa
_acmdln
_wfopen
strchr
_cexit
wcscmp
_strdup
sprintf
rand
__p__fmode
towlower
_iob
_lock
strncmp
iswdigit
wcstombs
_itow
fclose
memmove

kernel32

CreateFileMappingA
lstrcatA
IsDebuggerPresent
FormatMessageA
GetConsoleMode
CreateMutexA
GetUserDefaultLCID
LeaveCriticalSection
GetThreadLocale
DisableThreadLibraryCalls
ResumeThread
MapViewOfFile
OutputDebugStringW
GetModuleHandleA
WriteConsoleW
ExitProcess
ResetEvent
GetCommandLineW
GetConsoleOutputCP
VirtualAlloc
SetThreadPriority
CreateDirectoryW
GetFileType
CreateMutexW
CreateEventA
GetLocaleInfoW
TlsAlloc
GetExitCodeProcess
ReadFile
CreateFileA
FindFirstFileW
IsBadCodePtr
LoadLibraryA
SetFilePointer
GetCurrentProcessId
GetTempPathA

comctl32

ImageList_Create
CreatePropertySheetPageW
ImageList_Draw
ImageList_Destroy

oleaut32

SafeArrayGetUBound
SysStringLen
VariantCopyInd
SysAllocStringByteLen
SysFreeString
SysAllocStringLen
SafeArrayPutElement
SafeArrayAccessData
RegisterTypeLib
GetActiveObject
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayPtrOfIndex
LoadTypeLib
GetErrorInfo
SysReAllocStringLen
VariantChangeTypeEx
SysStringByteLen
SafeArrayCreate
VariantClear
VariantCopy

version

VerQueryValueW
VerFindFileW
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFileVersionInfoSizeA

ole32

CoGetClassObject
OleRegGetUserType
CreateOleAdviseHolder
CoImpersonateClient
StgCreateDocfileOnILockBytes
CoMarshalInterThreadInterfaceInStream
StgOpenStorage
StringFromGUID2
CoRevokeClassObject
CoCreateFreeThreadedMarshaler
WriteClassStm
StgCreateDocfile
CoDisconnectObject
OleRegEnumVerbs
GetHGlobalFromStream
StringFromIID
PropVariantClear
OleSaveToStream
CoSetProxyBlanket
CreateILockBytesOnHGlobal
OleRegGetMiscStatus
PropVariantCopy
GetRunningObjectTable
CoGetMalloc
CLSIDFromString
StringFromCLSID

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.4MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6bec3fec48947c342a7d65f6d2510931

Headers

File Characteristics

Imports

rpcrt4

shlwapi

advapi32

msvcrt

kernel32

comctl32

oleaut32

version

ole32

Sections

.text Size: 33KB - Virtual size: 33KB

.data Size: 1.4MB - Virtual size: 2.9MB

.tls Size: 9KB - Virtual size: 9KB

.tls Size: - Virtual size: 19KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 1.4MB - Virtual size: 2.9MB

.tls
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 19KB

.rsrc
Size: 8KB - Virtual size: 8KB