0ea3d0db6b1f2f6901612cbd55728a00_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0ea3d0db6b1f2f6901612cbd55728a00_JaffaCakes118
Size

723KB
MD5

0ea3d0db6b1f2f6901612cbd55728a00
SHA1

7934b071257636a6129da0f0ddd28d8477006bc6
SHA256

09986ecec6a4a82b977320dcade76aca25a23548f40c9a041264beec20ac94c8
SHA512

094182883979b593cfd317e727d60a7a0e36e5702fd1a0ae7976c19861b22df414c64dfb49dbe115442933446eaf21878d10c717fb07f64023b261dfdd0357ad
SSDEEP

12288:vhVL7OEFr8XloXBjajMkuo2skOJEaoNFhUCdai0AXJiVIuALilOrn5Idhrz5AVpe:vhlOYr+loXBjKuQhJEa4UCY4XUVROrnK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ea3d0db6b1f2f6901612cbd55728a00_JaffaCakes118

Files

0ea3d0db6b1f2f6901612cbd55728a00_JaffaCakes118
.exe windows:4 windows x86 arch:x86

361220d0c7d069dff51dd2ce63dfc955

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

DrawAnimatedRects
GetMenuDefaultItem
GetClassInfoExW
GetLastInputInfo
HideCaret
LockWorkStation
SetMessageQueue
DefWindowProcA
OemToCharBuffA
SetWindowPos
CharUpperBuffA
EndDialog
GetMessageTime
wsprintfA
FillRect
SetProcessWindowStation
DrawStateA
CreateDialogParamW
RegisterClassW
GetClassInfoA
DlgDirListComboBoxA
GetDesktopWindow
DrawStateW
ValidateRect
GetWindowLongA
CopyImage
GetMenuInfo
SetUserObjectSecurity
ChildWindowFromPoint
IsCharAlphaNumericA
SetWindowLongA
SetClipboardData
GetWindow
UpdatePerUserSystemParameters
wsprintfW

iphlpapi

AllocateAndGetIpAddrTableFromStack
FlushIpNetTable
GetTcpStatistics
GetIfTable
InternalGetIfTable
GetBestRoute
InternalGetIpForwardTable
EnableRouter
CreateProxyArpEntry
GetUdpStatistics
GetBestInterface
DeleteProxyArpEntry
GetIfEntry
GetIpStatistics
InternalSetIpForwardEntry
NhGetInterfaceNameFromGuid
DeleteIpForwardEntry
InternalSetTcpEntry

msvcrt

isupper
_mbslen
_wfreopen
__p__fmode
_wunlink
__CxxLongjmpUnwind
__p__commode
tolower
_endthread
_wfsopen
_wsystem
isspace
_gmtime64
_errno
_chmod
_getdrive
srand
strcmp
towlower
wcsncmp

rtutils

RouterLogEventStringA
TracePrintfExA
RouterLogDeregisterW
RouterLogEventDataA
TraceDeregisterA
RouterLogRegisterW
TracePrintfExW
TraceDumpExA
LogErrorA
TraceRegisterExW
RouterLogDeregisterA
TracePrintfA
TraceDeregisterExA
MprSetupProtocolEnum
TraceDeregisterW
TracePutsExA
RouterLogEventExA
RouterLogEventA
TracePrintfW
LogEventW
RouterLogEventExW
TraceRegisterExA
RouterLogRegisterA
LogEventA
RouterLogEventW
RouterLogEventStringW
TraceVprintfExA
MprSetupProtocolFree

odbc32

VRetrieveDriverErrorsRowCol
SQLNativeSqlA
CursorLibLockDbc
ValidateErrorQueue
CursorLibTransact
PostODBCError
CursorLibLockDesc
VFreeErrors
LockHandle
SearchStatusCode
PostODBCComponentError
CursorLibLockStmt

advapi32

GetUserNameA
RegEnumKeyExW
SystemFunction027
CryptImportKey
LookupPrivilegeValueA
LsaQueryDomainInformationPolicy
GetFileSecurityW
SetSecurityDescriptorDacl
SystemFunction004
GetCurrentHwProfileW
GetAclInformation
QueryServiceStatus
GetCurrentHwProfileA
GetExplicitEntriesFromAclW
RegCreateKeyExA
OpenServiceW
SystemFunction017
CryptDestroyHash
RegQueryMultipleValuesW
BuildTrusteeWithSidW
StartServiceA
DecryptFileW
LsaOpenAccount

ole32

HWND_UserSize
CreateAntiMoniker
StgCreateStorageEx
StgOpenStorageOnILockBytes
WriteFmtUserTypeStg
IsAccelerator
StgIsStorageILockBytes
HPALETTE_UserFree
OleCreateStaticFromData
StgCreateDocfileOnILockBytes
CoTaskMemRealloc
CoGetStandardMarshal
GetHGlobalFromILockBytes
GetHGlobalFromStream
HWND_UserMarshal
CoCreateFreeThreadedMarshaler
OleSaveToStream
CoGetObject
ReadFmtUserTypeStg
HMENU_UserSize
OleIsRunning
CoTaskMemFree
StringFromGUID2
OleDuplicateData
OleRegEnumVerbs
StgIsStorageFile
CoEnableCallCancellation
WriteClassStg
CoUninitialize

kernel32

CreateProcessW
HeapCreate
SetThreadExecutionState
GetStringTypeW
SetFilePointer
SetHandleCount
CreateToolhelp32Snapshot
GetLocalTime
FreeLibraryAndExitThread
GetFileType
FatalAppExitA
FindCloseChangeNotification
FindVolumeClose
HeapSetInformation
CreateThread
WriteConsoleW
SizeofResource
GlobalMemoryStatus
QueryDosDeviceW
GetModuleHandleA
WriteFileEx
SetEnvironmentVariableA
ExitThread
SetThreadAffinityMask
VirtualAlloc
VirtualFreeEx
GetLastError
DisableThreadLibraryCalls
WritePrivateProfileStructW
GetCPInfoExW
WriteConsoleInputA
GetPrivateProfileSectionW
CreateDirectoryW
WriteTapemark
GetTempPathW
ReadConsoleInputW
GetFileAttributesA
SetCommState
PrivCopyFileExW
AddAtomW

Sections

.text
Size: 30KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 222KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 150KB - Virtual size: 413KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

361220d0c7d069dff51dd2ce63dfc955

Headers

DLL Characteristics

File Characteristics

Imports

user32

iphlpapi

msvcrt

rtutils

odbc32

advapi32

ole32

kernel32

Sections

.text Size: 30KB - Virtual size: 361KB

.rdata Size: 228KB - Virtual size: 265KB

.bss Size: 222KB - Virtual size: 250KB

.idata Size: 150KB - Virtual size: 413KB

.rsrc Size: 91KB - Virtual size: 90KB

.reloc Size: 1024B - Virtual size: 232B

.text
Size: 30KB - Virtual size: 361KB

.rdata
Size: 228KB - Virtual size: 265KB

.bss
Size: 222KB - Virtual size: 250KB

.idata
Size: 150KB - Virtual size: 413KB

.rsrc
Size: 91KB - Virtual size: 90KB

.reloc
Size: 1024B - Virtual size: 232B