15259dfebf6cd00e9938012677ec2e35_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

15259dfebf6cd00e9938012677ec2e35_JaffaCakes118
Size

370KB
MD5

15259dfebf6cd00e9938012677ec2e35
SHA1

8c2a08102dd8a60b22a9d54813d74ad0fd957467
SHA256

f469502949635e07311f55fd04302b328a02c639d9b0515ad1cadd10c59d228e
SHA512

4a3d1a3706c711613f9daf8dce62002b36705a20709b96593378d42c12d0168a795a98efe2de8196935edee45fbe8df8c6f7268baf5be8de326231442b60b8b6
SSDEEP

6144:zcit3Dlr0+VW51EveRLFBgC40I7WUtG31sPmpaVJ/37Ebne9bLFAEG/YWt0jv:O+ViEv0FBgC4H7Xs3Keq7gObLFKta

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15259dfebf6cd00e9938012677ec2e35_JaffaCakes118

Files

15259dfebf6cd00e9938012677ec2e35_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ef98f4d5d3c64732991fd7276d8f7556

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

DdeReconnect
SetWindowsHookA
TabbedTextOutA
MapDialogRect
SendNotifyMessageW
CountClipboardFormats
EqualRect
IsClipboardFormatAvailable
ReuseDDElParam
DialogBoxParamA
InsertMenuItemA
EndDeferWindowPos
GetAppCompatFlags
CreateSystemThreads
MsgWaitForMultipleObjectsEx
SetWindowsHookExW
GetClassNameA
DdeUnaccessData
ModifyMenuA
DrawCaptionTempA
UnregisterHotKey
DragObject
CreateDialogIndirectParamAorW
DdeImpersonateClient
EnumWindowStationsA
AlignRects
CharLowerBuffW
IsCharLowerA
DeregisterShellHookWindow
SetDlgItemTextA
LoadMenuA

ntdll

RtlSetSaclSecurityDescriptor
LdrUnloadAlternateResourceModule
NtWaitForKeyedEvent
NtQueryObject
wcscmp
ZwMapUserPhysicalPages
ZwCreateKeyedEvent
ZwRemoveProcessDebug
RtlHashUnicodeString
NtQuerySecurityObject
RtlSystemTimeToLocalTime
RtlFindClearBits
NtSetThreadExecutionState
ZwReplaceKey
ZwReadFile
NtCompleteConnectPort
ZwSetEventBoostPriority
ZwSetLowWaitHighEventPair
NtReplyWaitReplyPort
RtlPcToFileHeader
RtlUpcaseUnicodeStringToCountedOemString
__iscsymf
NtDeleteKey
RtlAddAuditAccessAce
RtlUnicodeToMultiByteN
RtlUnicodeStringToInteger
strncat
NtFsControlFile
RtlCustomCPToUnicodeN
_itoa
ZwCancelIoFile
RtlEqualUnicodeString
ZwAdjustGroupsToken
RtlImageDirectoryEntryToData
RtlIpv4StringToAddressA
ZwDuplicateObject

kernel32

PeekConsoleInputW
SetEvent
GetCPInfo
GetModuleHandleExA
VirtualAlloc
SetProcessShutdownParameters
RegisterWowExec
LoadLibraryA
GetConsoleTitleA
GetACP
EnumDateFormatsExW
WaitForSingleObjectEx
CloseConsoleHandle
GetProcessHeap
SetThreadExecutionState
GetConsoleAliasesW
GetVolumePathNamesForVolumeNameA
LocalAlloc
GlobalHandle
GetLocaleInfoW
GetStringTypeExW
FileTimeToLocalFileTime
BackupRead
HeapCreate
_hread
IsSystemResumeAutomatic
UTRegister
GetCompressedFileSizeA
RtlCaptureStackBackTrace
GetNamedPipeInfo
GetThreadSelectorEntry
GetSystemTimeAsFileTime
CreateEventA
WriteConsoleInputVDMW

uniplat

FreeOverStruct
WinntIsWorkstation
UmPlatformInitialize
ReinitOverStruct
UnimodemNotifyTSP
CreateOverStructPool
SyncDeviceIoControl
UnimodemQueueUserAPC
ResetCallCount
CallBeginning
AllocateOverStructEx
StopMonitorThread
StopMonitoringHandle
CreateUnimodemTimer
UnimodemWaitCommEventEx
MonitorHandle
SetUnimodemTimer
UnimodemReadFileEx
DestroyOverStructPool
CancelUnimodemTimer
UmPlatformDeinitialize
UnimodemWriteFileEx
CallEnding
StartMonitorThread
FreeUnimodemTimer
UnimodemDeviceIoControlEx

resutils

ResUtilVerifyResourceService
ResUtilGetResourceNameDependency
ResUtilTerminateServiceProcessFromResDll
ResUtilSetPropertyTableEx
ResUtilFindDependentDiskResourceDriveLetter
ResUtilFindLongProperty
ResUtilFindBinaryProperty
ResUtilSetPropertyTable
ResUtilStopResourceService
ClusWorkerCreate
ResUtilSetUnknownProperties
ResUtilSetMultiSzValue
ResUtilSetPropertyParameterBlock
ResUtilEnumResources
ResUtilStartResourceService
ResUtilDupString
ResUtilVerifyPrivatePropertyList
ResUtilAddUnknownProperties
ResUtilPropertyListFromParameterBlock
ResUtilGetResourceDependentIPAddressProps
ResUtilGetProperties
ResUtilEnumProperties
ResUtilFindMultiSzProperty
ResUtilFindSzProperty
ResUtilGetSzProperty
ResUtilGetEnvironmentWithNetName
ResUtilSetExpandSzValue
ResUtilSetPrivatePropertyList
ClusWorkerTerminate

inetcomm

MimeOleGetCharsetInfo
MimeOleGetCodePageInfo
DllGetClassObject
MimeOleOpenFileStream
MimeOleFileTimeToInetDate
MimeEditDocumentFromStream
MimeOleGetRelatedSection
MimeOleGenerateMID
HrAttachDataFromBodyPart
MimeOleGetExtContentType
MimeEditViewSource
EssKeyExchPreferenceEncodeEx
MimeOleGetCodePageCharset
MimeOleDecodeHeader
HrSaveAttachToFile
HrAthGetFileName
MimeOleGetContentTypeExt
EssSecurityLabelEncodeEx
EssSignCertificateDecodeEx
EssMLHistoryEncodeEx
CreateSMTPTransport
MimeEditGetBackgroundImageUrl
MimeOleGetBodyPropW
MimeOleCreateMessage
HrGetAttachIconByFile
MimeOleAlgStrengthFromSMimeCap
MimeOleSetPropW
MimeOleGetInternat
MimeOleClearDirtyTree
MimeOleParseMhtmlUrl
EssSignCertificateEncodeEx
MimeOleSMimeCapGetEncAlg
EssContentHintDecodeEx
MimeGetAddressFormatW
HrAthGetFileNameW
MimeOleSetCompatMode
MimeOleGetCertsFromThumbprints
MimeOleCreateMessageParts
MimeEditCreateMimeDocument
MimeOleGetFileInfoW
MimeOleSMimeCapAddSMimeCap
CreateRASTransport
MimeOleSMimeCapInit

perfdisk

CollectDiskObjectData
OpenDiskObject
CloseDiskObject

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef98f4d5d3c64732991fd7276d8f7556

Headers

File Characteristics

Imports

user32

ntdll

kernel32

uniplat

resutils

inetcomm

perfdisk

Sections

.text Size: 132KB - Virtual size: 132KB

.rdata Size: 116KB - Virtual size: 116KB

.data Size: 1024B - Virtual size: 464KB

.rsrc Size: 119KB - Virtual size: 119KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 132KB - Virtual size: 132KB

.rdata
Size: 116KB - Virtual size: 116KB

.data
Size: 1024B - Virtual size: 464KB

.rsrc
Size: 119KB - Virtual size: 119KB

.reloc
Size: 1024B - Virtual size: 1024B