0ffd08c42160b90ee47d7a9f0c111eac_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0ffd08c42160b90ee47d7a9f0c111eac_JaffaCakes118
Size

182KB
MD5

0ffd08c42160b90ee47d7a9f0c111eac
SHA1

75287b6eebaeed655b9516aff58babb1394e8798
SHA256

7b08286b72066dc7d8aab85d22563ca9fe8a2c48bb0836b071039beabc17eaf7
SHA512

2efc68325569ff7b30a98fa8636456671118175be9827a358ea87ccdf4317ac154e84659a82e56da6892a3f75efa0f6b347ed2001556fb677a6aef911174b5f9
SSDEEP

3072:wjq9v5stU3JlVPSDJZlCq2HUB+EmE/jJINl47:59Twp9tINl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ffd08c42160b90ee47d7a9f0c111eac_JaffaCakes118

Files

0ffd08c42160b90ee47d7a9f0c111eac_JaffaCakes118
.exe windows:6 windows x86 arch:x86

5b8851d2999b61f94ea0accd7b57c551

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

rdpinit.pdb

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
OpenThreadToken
OpenProcessToken
GetTokenInformation
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegFlushKey
RegOpenKeyW
RegCreateKeyExW
RegCreateKeyW

kernel32

HeapSetInformation
Sleep
GetModuleHandleW
SetProcessShutdownParameters
GetCurrentProcessId
ProcessIdToSessionId
GetCommandLineA
GetVersionExA
GetStartupInfoA
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThreadId
GetCurrentThread
HeapDestroy
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
OutputDebugStringA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
LeaveCriticalSection
GetVersionExW
EnterCriticalSection
FreeLibrary
LoadLibraryExA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
VirtualProtect
GetSystemInfo
VirtualQuery
CreateFileA
FlushFileBuffers
LocalAlloc
LocalFree
InterlockedCompareExchange
CreateEventW
SetEvent
ResetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateThread
GetModuleHandleExW
SwitchToThread
OpenThread
LoadLibraryW
FreeLibraryAndExitThread
GetProcessId
GetSystemDirectoryW
lstrcmpW
OpenProcess
HeapSize
RaiseException
CreateMutexW
GetLastError
CloseHandle
CompareStringW

ntdll

RtlUnwind
NtQueryInformationProcess

shell32

ShellExecuteExW

wtsapi32

WTSFreeMemory
WTSDisconnectSession
WTSVirtualChannelQuery
WTSVirtualChannelOpen
WTSVirtualChannelWrite
WTSLogoffSession
WTSQuerySessionInformationW

user32

DispatchMessageW
PeekMessageW
DefWindowProcW
RegisterClassExW
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
PostThreadMessageW
PostMessageW
SetWindowLongW
GetWindowLongW
LoadCursorW
SendNotifyMessageW
RegisterWindowMessageW
GetWindowThreadProcessId
IsWindow
SetWindowPos
DestroyIcon
CopyImage
GetIconInfo
GetSystemMetrics
DestroyWindow
CreateWindowExW
UnregisterClassW
GetClassInfoExW

shlwapi

ord8
ord9
PathCombineW

rpcrt4

RpcRevertToSelf
RpcImpersonateClient
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcServerListen
RpcServerRegisterIfEx
RpcMgmtWaitServerListen
RpcServerUseProtseqEpW
NdrServerCall2
RpcStringFreeW

gdi32

GetObjectW
DeleteDC
GetDIBits
SelectObject
DeleteObject
CreateCompatibleDC

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5b8851d2999b61f94ea0accd7b57c551

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

ntdll

shell32

wtsapi32

user32

shlwapi

rpcrt4

gdi32

Sections

.text Size: 136KB - Virtual size: 135KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 37KB - Virtual size: 38KB

.text
Size: 136KB - Virtual size: 135KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 37KB - Virtual size: 38KB