10954fab5713d68962c868ac8f4cf051_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

10954fab5713d68962c868ac8f4cf051_JaffaCakes118
Size

182KB
MD5

10954fab5713d68962c868ac8f4cf051
SHA1

218a0d83edbdb6e201df8f5eaaa5f7dbdbdef898
SHA256

2be58ca2d08475b46ed8256c24b8493f7cd14620d22af3afaa978bbcb7ac3d1c
SHA512

1fbdffa208a47328b379488750d843c9165b6697afb85dab1acf189ffc984a0d7d3c7a34f72dabfd2789ae27a0846ed9cd993e988ce3c0c5c25059a44234ed14
SSDEEP

3072:XL/y2EaL75B+C2T7BhXAbF0N++8vIF536hTANFGk/q+4q59zmsc8mDiGv:b/ys3H+C2T7BFivIr36QK+4+NTtmeG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10954fab5713d68962c868ac8f4cf051_JaffaCakes118

Files

10954fab5713d68962c868ac8f4cf051_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c01c170497c613c5a0307576e15c89d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

msmsgs.pdb

Imports

kernel32

GetCurrentThreadId
GetDateFormatW
GetFileAttributesW
GetFullPathNameW
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
GetWindowsDirectoryW
InterlockedCompareExchange
InterlockedExchange
LoadLibraryW
LocalFree
QueryPerformanceCounter
GetCurrentProcessId
RtlUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
lstrlenW
GetCurrentProcess
FreeLibrary
FormatMessageW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
ExitProcess
CloseHandle

ole32

CLSIDFromString

advapi32

OpenProcessToken
LsaEnumerateTrustedDomains
LookupPrivilegeValueW
InitiateSystemShutdownExW
CloseServiceHandle
AdjustTokenPrivileges
RegCloseKey
RegSetValueExW
OpenServiceW

setupapi

SetupScanFileQueueW
CM_Add_Empty_Log_Conf_Ex
CM_Add_Res_Des
CM_Add_Res_Des_Ex
CM_Connect_MachineW
CM_Disconnect_Machine
CM_Enumerate_Classes
CM_Free_Log_Conf_Handle
CM_Free_Range_List
CM_Free_Res_Des_Handle
CM_Get_DevNode_Status_Ex
CM_Get_Device_ID_ExW
CM_Get_First_Log_Conf_Ex
CM_Get_Next_Res_Des_Ex
CM_Get_Res_Des_Data_Ex
CM_Get_Res_Des_Data_Size_Ex
CM_Locate_DevNode_ExW
CM_Reenumerate_DevNode_Ex
SetupCloseFileQueue
SetupCloseInfFile
SetupCopyOEMInfW
SetupDiBuildDriverInfoList
SetupDiCallClassInstaller
SetupDiClassGuidsFromNameExW
SetupDiClassNameFromGuidExW
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoListExW
SetupDiCreateDeviceInfoW
SetupDiDestroyDeviceInfoList
SetupDiDestroyDriverInfoList
SetupDiEnumDeviceInfo
SetupDiEnumDriverInfoW
SetupDiGetClassDescriptionExW
SetupDiGetClassDevsExW
SetupDiGetDeviceInfoListDetailW
SetupDiGetDeviceInstallParamsW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDriverInfoDetailW
SetupDiGetINFClassW
SetupDiLoadClassIcon
SetupDiOpenClassRegKeyExW
SetupDiOpenDevRegKey
SetupDiOpenDeviceInfoW
SetupDiSetClassInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiSetDeviceRegistryPropertyW
SetupDiSetSelectedDriverW
SetupFindFirstLineW
SetupGetFieldCount
SetupGetInfSections
SetupGetStringFieldW
SetupOpenFileQueue
SetupOpenInfFileW
SetupPromptReboot

ntdll

_wcsicmp
_wcsnicmp
iswalpha
memset
towlower
towupper
wcsrchr
_strlwr

user32

LoadStringW
CharNextW
CharPrevW

shell32

SHGetSettings
SHGetFolderPathW
DragFinish

msvcrt

_exit
_execve
_controlfp
_clearfp
_cexit
_amsg_exit
_initterm
__setusermatherr
__set_app_type
__p__fmode
__p__commode
_XcptFilter
_mbsrchr
_mbsspnp
_wexecvp
exit
fputs
wprintf
__wgetmainargs
fputws

Exports

Exports

Clear
CreateQuery
FIsHTMLFile
GetBuffers
ReplaceCharsW
UpdateTextureState

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c01c170497c613c5a0307576e15c89d4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

advapi32

setupapi

ntdll

user32

shell32

msvcrt

Exports

Exports

Sections

.text Size: 58KB - Virtual size: 57KB

.rdata Size: 103KB - Virtual size: 103KB

.data Size: 9KB - Virtual size: 9KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 58KB - Virtual size: 57KB

.rdata
Size: 103KB - Virtual size: 103KB

.data
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 12KB - Virtual size: 12KB