10dc6ee6a602bd045f4bd9bb7a277907_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

10dc6ee6a602bd045f4bd9bb7a277907_JaffaCakes118
Size

156KB
MD5

10dc6ee6a602bd045f4bd9bb7a277907
SHA1

7ef513e5e506bde442ce0daec27be9e8f4de9599
SHA256

7857adf38f801ba3d7f3d32a6ed1c35120ce885827b04a6a7fb32b5ddd610d2e
SHA512

e77c1890c96a175edd6b32cfd3d393315f18f9200522542fa021c5a2991abd0383e021bba06882b9fdb7c00ab3a8d586606895fba0d6388bfd615aa9f2c3771c
SSDEEP

3072:cPEKkxNERsFOQ27xOWNwCYc85C0Ul3V23GRLwFpcSYM9+HMuuw:cPETxFFh27Zhq+M2G1b9+HM0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10dc6ee6a602bd045f4bd9bb7a277907_JaffaCakes118

Files

10dc6ee6a602bd045f4bd9bb7a277907_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cb1c7c8264c2e172e389630821086e49

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiSetSelectedDriverW
SetupDiSetSelectedDevice
SetupDiSetDeviceInterfaceDefault
SetupDiOpenDeviceInfoA
SetupDiGetDriverInfoDetailW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceInstanceIdA
SetupDiGetClassDevsA
SetupDiEnumDriverInfoW
SetupDiEnumDeviceInterfaces
SetupDiEnumDeviceInfo
SetupDiDestroyDriverInfoList
SetupDiCreateDeviceInfoList
SetupDiCallClassInstaller
SetupDiBuildDriverInfoList
CM_Request_Device_EjectW
CM_Locate_DevNodeA
CM_Get_Sibling
CM_Get_Parent
CM_Get_Device_ID_Size
CM_Get_Device_IDA
CM_Get_DevNode_Registry_PropertyW
CM_Get_DevNode_Registry_PropertyA
CM_Get_Depth
CM_Get_Child
CM_Free_Res_Des

ole32

CoInitialize
CoQueryProxyBlanket
CoSetProxyBlanket
CoTaskMemFree
CoCreateInstance
CLSIDFromString

shell32

SHGetFolderPathW

advapi32

CryptDuplicateHash
SystemFunction022
SystemFunction018
StartServiceCtrlDispatcherA
SetServiceStatus
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
SetSecurityDescriptorControl
SetEntriesInAclW
RevertToSelf
ReportEventW
RegisterServiceCtrlHandlerExA
RegisterEventSourceW
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
RegCloseKey
ProcessTrace
OpenThreadToken
OpenServiceW
OpenSCManagerW
OpenProcessToken
LsaRemoveAccountRights
LsaQuerySecurityObject
LsaICLookupSids
LsaGetUserName
InitializeSecurityDescriptor
InitializeAcl
ImpersonateSelf
GetUserNameW
GetTokenInformation
GetNamedSecurityInfoW
GetLengthSid
GetFileSecurityW
GetExplicitEntriesFromAclW
AccessCheck
AddAccessAllowedAce
AdjustTokenPrivileges
AllocateAndInitializeSid
ChangeServiceConfig2W
CloseServiceHandle
CreateServiceW
CryptAcquireContextA
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
DeleteService
DeregisterEventSource
EncryptionDisable
EnumServiceGroupW
EqualSid
FreeSid

kernel32

VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiA
lstrcpyW
lstrlenW
LockFile
MapViewOfFile
MoveFileW
MultiByteToWideChar
OpenProcess
OpenThread
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RemoveDirectoryW
ResetEvent
SetEndOfFile
SetEvent
SetFilePointer
SetLastError
SetTapePosition
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VerSetConditionMask
VirtualAlloc
ExitProcess
CancelIo
CancelTimerQueueTimer
ClearCommBreak
CloseHandle
ConnectNamedPipe
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileMappingA
CreateNamedPipeW
CreateThread
DeleteAtom
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle
LocalFree
ExpandEnvironmentStringsW
FatalExit
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindCloseChangeNotification
FindFirstFileW
FindNextFileW
FlushFileBuffers
FormatMessageW
FreeLibrary
GetACP
GetComputerNameExW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDevicePowerState
GetExitCodeThread
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
GetHandleInformation
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNamedPipeHandleStateA
GetProcAddress
GetShortPathNameW
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetThreadSelectorEntry
GetTickCount
GetVolumeInformationW
HeapCompact
HeapFree
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedExchange
IsBadReadPtr
IsDebuggerPresent
IsValidLanguageGroup
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
VirtualFree

ws2_32

WSAGetLastError
WSASetBlockingHook
WSCUnInstallNameSpace
__WSAFDIsSet
closesocket
connect
getsockopt
inet_addr
ioctlsocket
recv
select
send
socket
getsockname

user32

wsprintfW
SetRectEmpty
RegisterDeviceNotificationA
PeekMessageA
MsgWaitForMultipleObjectsEx
MessageBoxW

Exports

Exports

Alloc
EndSession
FIsValidFileNameCharA
GetRichEdClassStringW
PixelMap

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 841B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb1c7c8264c2e172e389630821086e49

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

ole32

shell32

advapi32

kernel32

ws2_32

user32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 94KB - Virtual size: 93KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 841B

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 94KB - Virtual size: 93KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 841B