0d7944619752b24dec7ed5bbc9747540_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0d7944619752b24dec7ed5bbc9747540_JaffaCakes118
Size

298KB
MD5

0d7944619752b24dec7ed5bbc9747540
SHA1

cccfd6ec41c092672d2507267b29e11f3c9cda34
SHA256

c1b106f414d8d30b24d9caab1d7ed1511606e418e99aca3760b27127292d4368
SHA512

04ed43d3367cd1de56d44be2b8717f5ac9127a5ab978dddbcb002ab5063a185ade0cfab17d189a4c5b466e7759ad92fa76ec302f726dcacabd80c6a79b53c4fe
SSDEEP

6144:R3Ekt/sxn2AQVkp3rybqQTD8SHOw4PKG9kPQT6sMKXq/LYodnCRmUVJl:R3EosgoOqLSHOw4R9kPpJKXq/xd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d7944619752b24dec7ed5bbc9747540_JaffaCakes118

Files

0d7944619752b24dec7ed5bbc9747540_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0aa5c4c4154cabab3ad600351485111f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

PDB Paths

D:\lthw\xji5ik\21\1\c3rkoy\v6ifbtg\40yo\4evb\34xfum9xw.pdb

Imports

kernel32

GlobalFree
HeapCreate
DeviceIoControl
SetHandleCount
GetTimeZoneInformation
CreateDirectoryA
GetOEMCP
HeapAlloc
OpenEventW
GetModuleHandleA
lstrcpyA
LCMapStringW
GetProcAddress
GetSystemDefaultUILanguage
GetSystemTimeAsFileTime
LoadLibraryA
GetExitCodeThread
GetLocaleInfoA
GetCommandLineW
UnhandledExceptionFilter
GetUserDefaultLCID
LoadResource
GetThreadPriority
TerminateProcess
GetModuleHandleW
lstrcpynW
FindFirstFileA
GetEnvironmentStrings
GetFullPathNameW
OpenThread
GetCurrentProcess
FormatMessageW
GetVolumeInformationA
GetTempFileNameA
GetFileAttributesA
CopyFileW
ReleaseMutex
VirtualAlloc
RemoveDirectoryW
ResetEvent
GetWindowsDirectoryW
GetFileSizeEx
CreateFileA
GetFileSize
TlsFree
OpenProcess
Sleep
GetStdHandle
IsDBCSLeadByteEx
SetVolumeMountPointW
CreateProcessA
EnumSystemLocalesW
GetSystemDirectoryW
CompareStringA
VirtualFree
GetACP
SetThreadPriority
GetModuleFileNameA
GetWindowsDirectoryA
HeapDestroy
GetVersion
GetTempPathW
SizeofResource
VirtualQueryEx
RaiseException
ReadFile
InitializeCriticalSection
WaitForSingleObject
LocalFree
GetUserDefaultUILanguage
ResumeThread
CloseHandle
GetVersionExW
SetFileAttributesW
InterlockedDecrement
InterlockedExchange
CreateDirectoryW
GetCPInfoExW
EnumCalendarInfoW
FindNextFileW
OutputDebugStringW
SetEvent
SetConsoleCtrlHandler
WriteFile
lstrcmpiW
FindNextChangeNotification
CreateToolhelp32Snapshot
MoveFileExA
GetFileAttributesW
LoadLibraryExW
SwitchToThread
CreateEventA
FindResourceA
FreeLibrary
WideCharToMultiByte
VirtualQuery
GetCurrentThreadId
GetVolumeNameForVolumeMountPointW
GetCPInfo
FindResourceW
IsValidLocale
GetTempPathA
SetFileAttributesA
GetFileType
HeapFree
EnterCriticalSection
SetLocalTime
FindFirstChangeNotificationW
GetThreadLocale
SetEndOfFile
GetSystemInfo
CompareStringW
FileTimeToSystemTime
DeleteFileW
TerminateThread
GetTickCount
TlsGetValue
lstrcpyW
VirtualProtect
GetStartupInfoW
OpenMutexA
DeleteVolumeMountPointW
GetExitCodeProcess
GetProcessHeap
GetModuleFileNameW
CreateEventW
GetDiskFreeSpaceW
IsDebuggerPresent
MoveFileExW
FindFirstFileW
GetVersionExA
RtlUnwind
LeaveCriticalSection
ExpandEnvironmentStringsA
CreateFileW
LocalAlloc
GetStartupInfoA
lstrlenA
TlsSetValue
GetComputerNameExA
GetSystemDirectoryA
GlobalAlloc
FindClose
SleepEx
FindNextFileA
GetCurrentThread
CreateProcessW
WaitForMultipleObjects
HeapSize
TlsAlloc
TryEnterCriticalSection
MultiByteToWideChar
GetStringTypeA
Process32FirstW
GetLocaleInfoW
QueryPerformanceCounter
lstrlenW
CreateThread
GetFileInformationByHandle
SetThreadLocale
CreateMutexW
GetCommandLineA
GetLastError
RemoveDirectoryA
GetLocalTime
Process32NextW
GetSystemDefaultLangID
LCMapStringA
DeleteCriticalSection
LoadLibraryW
GetSystemDefaultLCID
DeleteFileA
LockResource
ExitProcess
GetCurrentDirectoryA
InterlockedIncrement
GetStringTypeW
SuspendThread
SetFilePointer
GetDateFormatW

user32

PostThreadMessageA
wsprintfW
GetWindowThreadProcessId
KillTimer
MessageBoxW
SystemParametersInfoA
SetWindowLongA
ShowWindow
TranslateMessage
SetTimer
GetWindowLongA
RegisterWindowMessageA
MsgWaitForMultipleObjects
LoadStringW
MessageBoxA
PeekMessageW
wsprintfA
FindWindowA

advapi32

LsaClose
RegCreateKeyExA
LookupPrivilegeValueA
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
CryptHashData
RegEnumValueW
RegCloseKey
RegQueryValueExW
ConvertSidToStringSidW
LogonUserA
RegOpenCurrentUser
LookupAccountNameA
StartServiceCtrlDispatcherW
LsaFreeMemory
CryptReleaseContext
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DuplicateTokenEx
LsaEnumerateAccountsWithUserRight
RegSetValueExA
LsaOpenPolicy
OpenThreadToken
ImpersonateLoggedOnUser
CryptDecrypt
RegQueryValueExA
OpenProcessToken
SetThreadToken
InitiateSystemShutdownA
SetTokenInformation
CryptAcquireContextA
DuplicateToken
RegDeleteKeyW
FreeSid
CryptDestroyHash
RevertToSelf
GetTokenInformation
CreateProcessAsUserW
AllocateAndInitializeSid
CryptCreateHash
CryptEncrypt
CreateProcessAsUserA
CryptDeriveKey
RegEnumKeyW
RegOpenKeyExA
EqualSid
LsaRemoveAccountRights
AdjustTokenPrivileges
RegEnumValueA
IsTextUnicode
RegisterServiceCtrlHandlerExW
SetServiceStatus
RegDeleteValueA
CryptDestroyKey
StartServiceA

ole32

CoSetProxyBlanket
StringFromCLSID
CoCreateInstance
CoInitializeEx
CoInitialize
CoUninitialize
IsEqualGUID
CoInitializeSecurity
CoRevertToSelf
CoImpersonateClient
CoCreateGuid

oleaut32

SafeArrayPtrOfIndex
VariantClear
SysStringLen
SysStringByteLen
SysReAllocStringLen
SafeArrayGetLBound
GetErrorInfo
SysFreeString
SafeArrayGetUBound
SysAllocString
VariantCopy
VariantChangeType
SafeArrayCreate
SysAllocStringLen
VariantInit

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

iphlpapi

GetAdaptersInfo

wsock32

htons
bind
recvfrom
htonl
socket
setsockopt
sendto
ntohl
recv
inet_addr
WSACleanup
getsockname
closesocket
ntohs
connect
WSAStartup
ioctlsocket
shutdown
WSAGetLastError
send
getpeername

netapi32

NetUserGetInfo
NetUserAdd
NetApiBufferFree
NetLocalGroupAddMembers
NetWkstaGetInfo
NetUserDel

wtsapi32

WTSFreeMemory

msvcrt

_iob
_i64toa
atexit
__set_app_type
memset
strcspn
_vsnprintf
fgets
ungetc
fwrite
strcpy
puts
fflush
strncpy
fgetc
sscanf
_CIcos
_setmode
_cexit
__getmainargs
__mb_cur_max
abort
atoi
_isctype
__p__fmode
fread
sprintf
strcmp
strtoul
strlen
strtol
fputc
_pctype
memmove
_onexit
signal
realloc
fclose
_assert
malloc
getenv
exit
putchar
fputs
remove
fprintf
__p__environ
fopen
strchr
free

Sections

.text
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0aa5c4c4154cabab3ad600351485111f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

version

iphlpapi

wsock32

netapi32

wtsapi32

msvcrt

Sections

.text Size: 193KB - Virtual size: 192KB

.rdata Size: 67KB - Virtual size: 66KB

.data Size: 11KB - Virtual size: 44KB

.text1 Size: 2KB - Virtual size: 2KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 193KB - Virtual size: 192KB

.rdata
Size: 67KB - Virtual size: 66KB

.data
Size: 11KB - Virtual size: 44KB

.text1
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 6KB - Virtual size: 6KB