0d748e4039be8c104e5282411f02e29c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0d748e4039be8c104e5282411f02e29c_JaffaCakes118
Size

137KB
MD5

0d748e4039be8c104e5282411f02e29c
SHA1

11cb5d09a75a04b7cbaf2ecd6c95dc821ffec1da
SHA256

bc9a872d5ceb80398ce6af69338a3090c4489dbf19452483be82815361e1b9f0
SHA512

e64588453df0036c71b638f8a4ec3c70e8cbfb6acd57f79e7744f8fcf4e645e275068a3ee1763bd21fafe66620097b137d8ce93b612ad3cdbf6cfc99936275cb
SSDEEP

3072:/199nrLoZ/6W4hpq/cTVp7zKv+6fnbPoCvGwHrBuv5qAND5sp1g:9jLoJh4/XVp7oxDQErBEDi3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d748e4039be8c104e5282411f02e29c_JaffaCakes118

Files

0d748e4039be8c104e5282411f02e29c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6cb93fbe3581d4d8c4f45ac2bb4c73ff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PeekMessageA
GetMessageA
CharNextA
GetWindowTextA
MessageBoxA
GetWindowThreadProcessId
wsprintfW
EnumWindows
PostThreadMessageA
DispatchMessageA
KillTimer
SetTimer
LoadStringA
IsWindowVisible
CharUpperA
wsprintfA

kernel32

GetOEMCP
SizeofResource
MultiByteToWideChar
GetPrivateProfileStringA
VirtualProtect
GetPrivateProfileSectionNamesA
FreeEnvironmentStringsW
GetProcAddress
GetVersionExA
HeapCreate
GetCPInfo
lstrcpyA
FreeEnvironmentStringsA
LockResource
UnmapViewOfFile
WriteProfileStringA
CreateMutexA
LCMapStringW
SetLastError
OpenProcess
GetCommandLineA
GetStdHandle
InitializeCriticalSection
WideCharToMultiByte
CreateFileMappingA
GetModuleFileNameA
LoadResource
lstrcatA
TlsFree
GetSystemDirectoryA
LocalSize
GetPrivateProfileIntA
MapViewOfFile
TerminateThread
ReleaseMutex
GetTickCount
IsBadCodePtr
CreateFileA
WaitForSingleObject
SetFilePointer
FindResourceA
GetVersion
VirtualQuery
GetProcessTimes
TerminateProcess
ClearCommError
TlsAlloc
GetEnvironmentStringsW
TlsSetValue
WriteFile
GetFileAttributesA
ExitProcess
VirtualAlloc
LeaveCriticalSection
lstrcpynA
DuplicateHandle
EnumResourceNamesW
GetModuleFileNameW
CompareStringA
FreeLibrary
LoadLibraryW
GetPrivateProfileSectionA
LoadLibraryA
FindResourceExA
SetEvent
GetStartupInfoA
GetProfileStringA
GetComputerNameA
GetModuleHandleW
RaiseException
GetLastError
FindClose
SetUnhandledExceptionFilter
RtlUnwind
InterlockedIncrement
InterlockedExchange
WritePrivateProfileStringA
GetCurrentProcess
HeapAlloc
IsBadReadPtr
CreateEventA
CompareStringW
DeleteCriticalSection
CreateProcessA
FlushFileBuffers
ExitProcess
LocalAlloc
SetEndOfFile
InterlockedDecrement
GetModuleHandleA
FindFirstFileA
QueryPerformanceCounter
GetEnvironmentStrings
lstrcmpiA
GetCurrentProcessId
lstrlenA
GetProcessHeap
CreateDirectoryA
SetErrorMode
UnhandledExceptionFilter
GetLocaleInfoA
LCMapStringA
VirtualFree
SetStdHandle
IsBadWritePtr
ReadProcessMemory
SetLastError
ReadFile
GetExitCodeProcess
GetThreadLocale
GetStringTypeA
CreateThread
CloseHandle
TlsGetValue
GetStringTypeW
SetEnvironmentVariableA
SetHandleCount
GetCurrentThreadId
LocalFree
GetFileType
GetSystemInfo
HeapDestroy
Sleep
GetACP
GetSystemTimeAsFileTime
HeapReAlloc
InterlockedCompareExchange
EnterCriticalSection
FormatMessageA
LoadLibraryExA
IsDBCSLeadByte
HeapSize
CreateProcessW
lstrlenW
GetCurrentThread
HeapFree

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

advapi32

GetUserNameA
FreeSid
LookupAccountNameA
RegisterServiceCtrlHandlerA
MakeSelfRelativeSD
OpenServiceA
GetAclInformation
MakeAbsoluteSD
DeleteService
AddAce
RegConnectRegistryA
RegQueryValueExW
ReportEventA
RegSetKeySecurity
RegEnumKeyA
RegQueryInfoKeyA
RegCreateKeyExA
GetSecurityDescriptorSacl
GetSecurityDescriptorGroup
RegDeleteKeyA
SetSecurityDescriptorGroup
CopySid
GetSecurityDescriptorLength
OpenSCManagerA
RegCloseKey
OpenProcessToken
AccessCheck
ChangeServiceConfigA
RegEnumValueA
AdjustTokenPrivileges
AllocateAndInitializeSid
LookupAccountSidA
DeregisterEventSource
GetAce
PrivilegeCheck
InitializeAcl
GetSecurityDescriptorDacl
EqualSid
SetSecurityDescriptorDacl
RegisterEventSourceA
RegOpenKeyExA
GetTokenInformation
AddAccessAllowedAce
StartServiceCtrlDispatcherA
RegEnumKeyExA
CloseServiceHandle
GetSidSubAuthority
IsValidSid
DuplicateTokenEx
SetSecurityDescriptorOwner
GetSecurityDescriptorControl
DuplicateToken
RegQueryValueExA
CreateServiceA
RegDeleteValueA
GetSecurityDescriptorOwner
RegSetValueExA
InitializeSecurityDescriptor
GetSidLengthRequired
InitializeSid
OpenThreadToken
LookupPrivilegeValueA
QueryServiceStatus
IsValidSecurityDescriptor
GetLengthSid
RegCreateKeyA
LookupAccountSidW
AddAccessDeniedAce
SetSecurityDescriptorSacl
SetServiceStatus
ControlService
SetThreadToken
RegOpenKeyExW

ole32

CoGetClassObject
CoRegisterClassObject
CoUninitialize
CoCreateInstance
CoQueryProxyBlanket
CoImpersonateClient
CoSetProxyBlanket
CoInitializeSecurity
CoTaskMemAlloc
CLSIDFromString
CoGetCallContext
StringFromGUID2
CoDisconnectObject
CoRevertToSelf
CoTaskMemRealloc
CoCreateGuid
StringFromCLSID
CoInitializeEx
CoTaskMemFree
StringFromIID
CoRevokeClassObject

shlwapi

PathFindExtensionA

rpcrt4

RpcBindingSetAuthInfoA
RpcStringBindingComposeA
NdrClientCall
RpcBindingFromStringBindingA
RpcStringFreeA

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 512B - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6cb93fbe3581d4d8c4f45ac2bb4c73ff

Headers

File Characteristics

Imports

user32

kernel32

version

advapi32

ole32

shlwapi

rpcrt4

Sections

.text Size: 93KB - Virtual size: 93KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 35KB - Virtual size: 35KB

.rscr Size: 512B - Virtual size: 216KB

.text
Size: 93KB - Virtual size: 93KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 35KB - Virtual size: 35KB

.rscr
Size: 512B - Virtual size: 216KB