12ae8954cf08a6f860cfdd2f2232465c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

12ae8954cf08a6f860cfdd2f2232465c_JaffaCakes118
Size

1.2MB
MD5

12ae8954cf08a6f860cfdd2f2232465c
SHA1

b98311487dc4b3faa8e991606b648770c4097f87
SHA256

62c7080abea886fa19a76e6f21936df88fc380b3b52abff8dd97e8c1f13dd0b7
SHA512

bdbfe485a50d3cee583582bd6ab83af80fc2ed996392a5a52ff10461a0cab98c845ec0bd4e907c699e64d78f6a80a289b400b7859d19addda3d834653251e28b
SSDEEP

24576:8SgTU8ZDXVR9ijI4JoWF4OANWkwmGFD9JVs0z4L+FrhY+:8UqXVikio1O9k/WjVB4LqW+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12ae8954cf08a6f860cfdd2f2232465c_JaffaCakes118

Files

12ae8954cf08a6f860cfdd2f2232465c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8542032b7fe882430d9e1d3ee31dde56

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Need\Or\Server\To.pdb

Imports

kernel32

FindFirstFileW
CompareStringW
GetComputerNameExW
GetConsoleOutputCP
ReadConsoleW
SetConsoleMode
GetConsoleMode
PeekConsoleInputW
GetModuleFileNameW
SetLastError
WriteFile
WriteConsoleW
GetTimeZoneInformation
LocalReAlloc
GetComputerNameA
GetFileType
SetLocalTime
GetProfileStringW
GetCommandLineW
GetStdHandle
SetThreadLocale
GetSystemDefaultLangID
GetCPInfo
GetTimeFormatW
GetSystemTime
WideCharToMultiByte
GetComputerNameW
GlobalAlloc
GlobalFree
Sleep
lstrlenW
GetFileAttributesW
SetConsoleCtrlHandler
OpenFile
ExpandEnvironmentStringsA
lstrlenA
LocalAlloc
CreateEventA
InterlockedIncrement
FreeLibrary
GetProcAddress
LoadLibraryW
InterlockedDecrement
CloseHandle
WaitForSingleObject
GetLastError
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryW
UnhandledExceptionFilter
SearchPathW
QueryPerformanceCounter
LocalFree
ResetEvent
CreateTimerQueueTimer
CreateTimerQueue
CreateThread
lstrcmpiW
QueueUserAPC
SleepEx
DeleteTimerQueueTimer
VerSetConditionMask
VerifyVersionInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetOEMCP
GetModuleHandleW
SetVolumeMountPointW
FindNextVolumeW
FindVolumeClose
lstrcatW
ExitThread
ResumeThread
DeleteVolumeMountPointW
IsBadCodePtr
lstrcpyA
IsBadWritePtr
LoadLibraryA
GetVolumeNameForVolumeMountPointW
SetEndOfFile
SetFilePointerEx
TerminateThread
FindFirstVolumeW
HeapAlloc
GetProcessHeap
HeapFree
QueryDosDeviceW
DeviceIoControl
CreateFileW
DefineDosDeviceW
GetDriveTypeW
lstrcmpiA
lstrcmpW
CreateEventW
LeaveCriticalSection
EnterCriticalSection
GetCurrentThread
IsBadStringPtrW
IsBadReadPtr
lstrcpyW
MultiByteToWideChar

user32

RegisterDeviceNotificationW
UnregisterDeviceNotification
CharToOemW
wsprintfW
LoadStringW
LoadIconW
LoadCursorW
DestroyWindow
DefWindowProcW
ShowWindow
CreateWindowExW

advapi32

AllocateAndInitializeSid
GetAce
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
EqualSid
GetSidLengthRequired
CopySid
GetSidSubAuthority
RegOpenKeyW
IsTextUnicode
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
RegDeleteKeyW
RegOpenKeyExA
InitiateSystemShutdownExW
RegLoadKeyW
ReportEventW
RegOpenKeyA
RegQueryValueExA
LookupPrivilegeValueW
PrivilegeCheck
IsValidSid
FreeSid
OpenProcessToken
SetServiceStatus
StartServiceCtrlDispatcherW
RegDeleteValueW
GetServiceKeyNameW
QueryServiceStatus
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetTokenInformation
OpenThreadToken
LookupAccountSidW
RegSetValueExW
RegCreateKeyExW
GetSecurityDescriptorDacl

ole32

CoSuspendClassObjects
CoRevertToSelf
CoTaskMemAlloc
CoSetProxyBlanket
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoInitializeEx

msvcrt

iswctype
putchar
fputs
wcscat
wcschr
exit
wcslen
getchar
wcscmp
memmove
malloc
calloc
wcsrchr
srand
rand
wcsncat
realloc
sprintf
setlocale
qsort
wcsspn
wcscpy
wcsncmp
wcsncpy
fread
wcstod
fwprintf
fprintf
wprintf
vswprintf
free
vfwprintf
swprintf
wcsstr
towupper
fclose
fopen
printf
strstr

secur32

GetUserNameExW

setupapi

SetupDiOpenDeviceInterfaceW
SetupDiGetClassDevsExW
SetupDiGetClassDevsW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiCreateDeviceInfoList
SetupDiOpenDevRegKey
SetupDiEnumDeviceInterfaces

rpcrt4

RpcStringFreeW
RpcServerUseProtseqEpW
UuidCreate
RpcImpersonateClient
RpcRevertToSelf
RpcServerRegisterAuthInfoW
RpcServerRegisterIf
RpcServerListen
RpcBindingInqAuthClientW
UuidEqual
RpcBindingFree
RpcStringBindingComposeW
RpcAsyncCompleteCall
UuidFromStringW
RpcMgmtStopServerListening
RpcServerUnregisterIf

rasapi32

RasHangUpA
RasFreeEapUserIdentityA
RasDialA
RasGetErrorStringA
RasGetConnectStatusA
RasEnumConnectionsA

Sections

.text
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8542032b7fe882430d9e1d3ee31dde56

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

msvcrt

secur32

setupapi

rpcrt4

rasapi32

Sections

.text Size: 176KB - Virtual size: 173KB

.idata Size: 8KB - Virtual size: 7KB

.rdata Size: 88KB - Virtual size: 84KB

.data Size: 104KB - Virtual size: 2.6MB

.rsrc Size: 28KB - Virtual size: 24KB

.text
Size: 176KB - Virtual size: 173KB

.idata
Size: 8KB - Virtual size: 7KB

.rdata
Size: 88KB - Virtual size: 84KB

.data
Size: 104KB - Virtual size: 2.6MB

.rsrc
Size: 28KB - Virtual size: 24KB