12f2789b7f4e8527e7d563936cf2687c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

12f2789b7f4e8527e7d563936cf2687c_JaffaCakes118
Size

396KB
MD5

12f2789b7f4e8527e7d563936cf2687c
SHA1

a1b843e21da3abcc578b9b4ff1971244dcaa63ec
SHA256

bbd843e60c25026d9e3a28e41cdb7be9b5533093eda5c13381c5c207e6b5d312
SHA512

d10375ed8269072994aaa067ac41b86c549bc4c5627b62d1ed3f8e5f17be1c52c7fc8846cfe241f4c2cb8dd7c95da373502f9b172ebfcb009852427d297c54c7
SSDEEP

6144:gUDxYMrmq/lGTXnOVYrJPI+W8MgJOtdvE4WedN+i3J5nEySP4IR2Cilzr:GtelEnHrlI9T8QvE4WOPvEyk4kO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12f2789b7f4e8527e7d563936cf2687c_JaffaCakes118

Files

12f2789b7f4e8527e7d563936cf2687c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6ff676ddde9c4e9110110ee4dc13a632

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Files\With\Name\Clients\Directory\Whitespace.pdb

Imports

kernel32

Sleep
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MulDiv
FreeLibrary
DisableThreadLibraryCalls
LocalLock
WideCharToMultiByte
CloseHandle
WaitForSingleObject
QueryPerformanceCounter
GetSystemTimeAsFileTime
UnhandledExceptionFilter
TerminateProcess
GetThreadLocale
GetVersionExW
GetSystemWindowsDirectoryW
lstrcpyA
lstrlenA
lstrcatA
CreateMailslotA
GetTimeZoneInformation
GetComputerNameExW
FlushFileBuffers
LeaveCriticalSection
GetWindowsDirectoryW
CreateDirectoryW
SetFilePointer
MoveFileExW
GetCurrentThread
GetTickCount
CreateEventW
CreateFileW
GetLastError
WaitForSingleObjectEx
SetMailslotInfo
RemoveDirectoryA
ReadFile
lstrcmpiW
IsBadWritePtr
GetModuleFileNameA
SetThreadPriority
CreateThread
ExitThread
LocalHandle
GetStartupInfoA
LocalFree

user32

FindWindowW
ShowWindow

advapi32

StartServiceA
RegOpenKeyExA
RegQueryValueExA
ConvertSidToStringSidW
LookupAccountNameW
RegSetKeySecurity
RegGetKeySecurity
EnumServicesStatusW
OpenSCManagerA
OpenServiceA
RegQueryInfoKeyW
RegFlushKey
RegEnumValueW
ChangeServiceConfigW
EnumDependentServicesW
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
RevertToSelf
RegDeleteKeyW
RegCreateKeyExW
GetSidSubAuthority
RegConnectRegistryW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AccessCheck
SetFileSecurityW
RegSetValueExW
GetFileSecurityW

msvcrt

wcsspn
wcsstr
wcsncmp
malloc
free
wcstombs
wcsrchr
strcspn
towupper
wcscspn
time
rand
wcschr
sprintf
swprintf
qsort
isdigit
wcsncat
wcscmp
memmove
wcscat
wcsncpy
wcslen
iswdigit
wcstoul

winmm

mmioAscend
timeKillEvent
timeSetEvent
mciSetDriverData
midiOutGetNumDevs
mmioSeek
mmioClose
mmioRead
mciGetDriverData
mmTaskCreate
midiOutPrepareHeader
timeGetDevCaps
midiOutLongMsg
midiOutOpen
timeGetTime
timeBeginPeriod
midiOutUnprepareHeader
midiOutCachePatches
midiOutCacheDrumPatches

rpcrt4

RpcStringFreeA
UuidCreate
RpcStringFreeW
RpcBindingSetAuthInfoW
RpcEpResolveBinding
RpcBindingFromStringBindingW
RpcRevertToSelf
RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
RpcBindingFree
UuidToStringA

Sections

.text
Size: 384KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6ff676ddde9c4e9110110ee4dc13a632

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcrt

winmm

rpcrt4

Sections

.text Size: 384KB - Virtual size: 380KB

.data Size: 8KB - Virtual size: 13KB

.text
Size: 384KB - Virtual size: 380KB

.data
Size: 8KB - Virtual size: 13KB