117fb58f5dbe646a53372924499de840_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

117fb58f5dbe646a53372924499de840_JaffaCakes118
Size

1022KB
MD5

117fb58f5dbe646a53372924499de840
SHA1

14c122e9e88dd960baa8e52d3bde672e333dcd44
SHA256

31a49abd1c2b407df1b5dca7766a31725fe1f5ae0b73dc6e2f22b36e24d79bf8
SHA512

447bef79933d038dd3d4a487253a0fa5eaa6ff119b6abfd32af5a499eaffefb4aa0a795232fe01b01234e947257b00ce83adbb7bdc238d912559e81e6866d1ba
SSDEEP

12288:siNTF7cP+H6WA5uYY11WjIYjs3mWvgILI/I0qXxd4xNLn9Kg/zfgFah8/M9:39Zcu6lUzyq2WvgHqfend/Lg0h7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
117fb58f5dbe646a53372924499de840_JaffaCakes118

Files

117fb58f5dbe646a53372924499de840_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f60c6372b71a7ac1fcbeb437e89b5340

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

LookupPrivilegeValueW
MakeSelfRelativeSD
RegQueryValueExA
GetTraceEnableLevel
LookupAccountSidW
GetSidLengthRequired
InitializeAcl
RevertToSelf
RegOverridePredefKey
EnumServiceGroupW
GetUserNameW
AddAccessDeniedAce
LsaRetrievePrivateData
CryptDestroyKey
RegSetValueExA
ConvertSidToStringSidW
RegCreateKeyExW
GetCurrentHwProfileA
GetSidSubAuthority
LookupAccountNameW
CreateProcessAsUserA
EqualSid
GetLengthSid
SystemFunction029
RegSaveKeyA
ReadEncryptedFileRaw

mscms

GetColorProfileHeader
TranslateBitmapBits
InstallColorProfileW
GetColorDirectoryW
InternalGetPS2PreviewCRD
GetStandardColorSpaceProfileW
InternalGetPS2CSAFromLCS
CreateColorTransformA
EnumColorProfilesW
IsColorProfileValid
CreateColorTransformW
TranslateColors
GetColorDirectoryA
CloseColorProfile
InternalGetPS2ColorRenderingDictionary
OpenColorProfileW
OpenColorProfileA
EnumColorProfilesA
UninstallColorProfileW
GetColorProfileElement
InternalGetPS2ColorSpaceArray
DeleteColorTransform

crypt32

CertAddSerializedElementToStore

winspool.drv

AddPrinterDriverW
DeletePrinter
ReadPrinter
StartDocPrinterW
SetJobW
EnumPrintProcessorsW
GetPrinterDriverW
AddPrintProcessorW
EnumMonitorsW
SetPrinterW
GetPrinterDataExW
PrinterProperties
FreePrinterNotifyInfo
GetPrinterW
EndPagePrinter
DeletePrinterDriverW
GetPrintProcessorDirectoryA
DeleteFormW
AbortPrinter
GetFormW
GetPrintProcessorDirectoryW

imm32

ImmGetConversionStatus
ImmLockIMC
ImmDisableIME
ImmDestroyContext
ImmUnlockIMC
ImmEscapeW
ImmSetOpenStatus
ImmNotifyIME
ImmRequestMessageW
ImmSetCandidateWindow
ImmGetCompositionFontW
ImmGetProperty
ImmEnumRegisterWordW
ImmRegisterWordW
ImmSetCompositionStringW
ImmSetHotKey
ImmCreateContext
ImmGetGuideLineW
ImmGetIMEFileNameA
ImmGetIMCCSize
ImmSetCompositionFontW
ImmGetIMEFileNameW
ImmLockIMCC
ImmAssociateContext
ImmGetImeMenuItemsW
ImmGetHotKey
ImmReleaseContext
ImmGetCandidateListW
ImmIsIME
ImmUnlockIMCC
ImmGetCompositionStringW
ImmConfigureIMEW

msvcrt

_wcsdup
wcsncpy
iswpunct
system
_gcvt
_wmakepath
floor
_CIasin
_msize
_CIsin
div
tan
_lseeki64
fopen
_getpid

user32

SetClassLongW
ReuseDDElParam
EnumWindows
GetFocus
GetDlgItemInt
SetFocus
CreateWindowExW
SetMenuContextHelpId
EnumDisplayDevicesA
LoadAcceleratorsA
SubtractRect
ChangeClipboardChain
PeekMessageA
GetClipboardViewer
GetMenuItemInfoA
CharNextW
IsWindowEnabled
DrawCaptionTempW

kernel32

GetFileAttributesW
GetLogicalDriveStringsA
GetWindowsDirectoryA
GetProfileSectionA
_lcreat
InterlockedIncrement
SetFileApisToOEM
OpenWaitableTimerA
LocalAlloc
VirtualAllocEx
_lread
WaitForMultipleObjects
ProcessIdToSessionId
GetPrivateProfileStructA
GetDateFormatA
DeleteCriticalSection
SetCommState
GetCurrencyFormatW
Sleep
GetCurrentProcess
ExpandEnvironmentStringsA
SignalObjectAndWait
WritePrivateProfileSectionA
GetCommandLineW
GetProcessVersion
Toolhelp32ReadProcessMemory
CompareStringW
OutputDebugStringW
FormatMessageW
GetModuleFileNameW
CreateJobObjectW
DuplicateHandle
SetFilePointer
BindIoCompletionCallback
WritePrivateProfileStringW
VirtualAlloc
LockFile
GetLastError
DisconnectNamedPipe
CopyFileExW
GetCommProperties
HeapReAlloc

Sections

CODE
Size: 97KB - Virtual size: 537KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 383KB - Virtual size: 815KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 395KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f60c6372b71a7ac1fcbeb437e89b5340

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

mscms

crypt32

winspool.drv

imm32

msvcrt

user32

kernel32

Sections

CODE Size: 97KB - Virtual size: 537KB

.data Size: 383KB - Virtual size: 815KB

.rdata Size: 395KB - Virtual size: 402KB

.rsrc Size: 144KB - Virtual size: 144KB

.reloc Size: 1KB - Virtual size: 1KB

CODE
Size: 97KB - Virtual size: 537KB

.data
Size: 383KB - Virtual size: 815KB

.rdata
Size: 395KB - Virtual size: 402KB

.rsrc
Size: 144KB - Virtual size: 144KB

.reloc
Size: 1KB - Virtual size: 1KB