137e446e45367de51d36374de2ec7134_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

137e446e45367de51d36374de2ec7134_JaffaCakes118
Size

853KB
MD5

137e446e45367de51d36374de2ec7134
SHA1

45e55ff8cf207e348ec9350e8c4c2f495c23ac8e
SHA256

0b1630180e4bfbc742d95848555a493d02932b03e05a81d39ea05a186fee32e9
SHA512

aa360ff496503e89c0c304cf41de5f6aa307aa17a602a0d947a324d2632b2b6829e726f93ff97ad76dc3fcd047b2080fe13a779f3e87b285f37e0d5a629c4da0
SSDEEP

12288:IrZ5G8b9zJEw2AxkRtQS1gjJoBRjWlcXBbi08s6zOb60hoLK5q0P37tOi8OXglB:IrLG8wAxkRRuuRjWel6RZKF30iKz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
137e446e45367de51d36374de2ec7134_JaffaCakes118

Files

137e446e45367de51d36374de2ec7134_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b1867c5ca7cbdbf59a7249c54d44edcf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

setupapi

SetupDiSetDeviceRegistryPropertyW
CM_Reenumerate_DevNode
CM_Free_Res_Des_Handle
CM_Locate_DevNodeW
SetupDiGetClassDevsA
SetupDiBuildClassInfoListExW
SetupRemoveFromSourceListW
pSetupStringTableAddStringEx
SetupQueueCopyW
SetupSetDirectoryIdExW
SetupInstallFilesFromInfSectionW
CM_Get_Sibling
SetupDiRegisterDeviceInfo

crypt32

CertGetEnhancedKeyUsage

kernel32

CallNamedPipeA
VerLanguageNameA
CreatePipe
GetNumberOfConsoleInputEvents
CreateMutexW
GetUserDefaultLCID
CompareStringA
FillConsoleOutputCharacterW
BackupWrite
VirtualFree
CloseHandle
GetPrivateProfileIntA
GetSystemDirectoryA
IsBadStringPtrW
LocalSize
GetLocalTime
EnumResourceLanguagesW
FindNextVolumeW
VirtualFreeEx
GetVersionExA
DnsHostnameToComputerNameW
ConnectNamedPipe
GetComputerNameA
WriteProfileStringW
GetSystemDefaultLangID
GetSystemDefaultLCID
GetVersion
GetConsoleTitleA
DisconnectNamedPipe
DeleteFileA
GetLastError
FindFirstFileExW
CreateToolhelp32Snapshot
VirtualAlloc
FindClose
SetConsoleKeyShortcuts
CancelDeviceWakeupRequest
SetCurrentDirectoryW

winspool.drv

GetPrinterA
StartDocPrinterW
EndDocPrinter
DeleteMonitorW
OpenPrinterW
EnumPrintersA
GetJobW
DocumentPropertiesW
PrinterProperties
DevicePropertySheets
ReadPrinter
WritePrinter
DeletePortW
OpenPrinterA
AddPrintProcessorW
FindNextPrinterChangeNotification
GetPrinterDataExW
EndPagePrinter
GetPrintProcessorDirectoryW
DeletePrintProcessorW
EnumFormsW
AddMonitorW

winmm

waveOutPrepareHeader
waveOutRestart
waveOutPause
waveOutGetDevCapsA
mixerGetID
mixerClose
mmTaskCreate
midiOutGetDevCapsA
midiOutCacheDrumPatches
timeKillEvent
midiOutShortMsg
waveOutClose
mmioAdvance
mixerGetDevCapsW
waveOutUnprepareHeader
timeSetEvent
mmioOpenW
midiStreamProperty
waveOutWrite
mmioClose
mixerGetNumDevs
timeEndPeriod
mmioRead
timeGetDevCaps
CloseDriver
mixerGetLineInfoW
waveOutGetID
waveOutGetPosition
waveOutGetErrorTextW
waveInGetDevCapsA
PlaySoundW

msvcrt

memcmp
strerror
__p__fmode
_wgetcwd
_putws
div
_open
__badioinfo
_amsg_exit
_wcsnicmp
_mbctolower
?terminate@@YAXXZ
_wsopen
??9type_info@@QBEHABV0@@Z
getc
_access
isalpha
sqrt
??2@YAPAXI@Z
_eof
_mbclen
__crtCompareStringA
_getcwd
exit
wcsrchr
wprintf
fwscanf
isupper
fsetpos
_findclose
setvbuf
_control87
scanf

advapi32

ImpersonateSelf
OpenThreadToken
GetNamedSecurityInfoA
LsaSetInformationPolicy
LsaDelete
OpenSCManagerA
CreateWellKnownSid
CreatePrivateObjectSecurity
LsaCreateTrustedDomainEx
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryInfoKeyW
TreeResetNamedSecurityInfoW
DuplicateTokenEx
RegNotifyChangeKeyValue
WmiQuerySingleInstanceW
GetPrivateObjectSecurity
LookupAccountNameA
AddAccessDeniedAce
CryptHashData
GetSidSubAuthorityCount
LookupAccountSidW
AreAllAccessesGranted
RegUnLoadKeyW
AccessCheckAndAuditAlarmA
GetSidSubAuthority
RegSetKeySecurity
RegEnumKeyW
EqualDomainSid

Sections

.text
Size: 56KB - Virtual size: 453KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 185KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 315KB - Virtual size: 540KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 135KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 782B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1867c5ca7cbdbf59a7249c54d44edcf

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

crypt32

kernel32

winspool.drv

winmm

msvcrt

advapi32

Sections

.text Size: 56KB - Virtual size: 453KB

.idata Size: 185KB - Virtual size: 346KB

.edata Size: 315KB - Virtual size: 540KB

INIT Size: 135KB - Virtual size: 144KB

.rsrc Size: 160KB - Virtual size: 159KB

.reloc Size: 1024B - Virtual size: 782B

.text
Size: 56KB - Virtual size: 453KB

.idata
Size: 185KB - Virtual size: 346KB

.edata
Size: 315KB - Virtual size: 540KB

INIT
Size: 135KB - Virtual size: 144KB

.rsrc
Size: 160KB - Virtual size: 159KB

.reloc
Size: 1024B - Virtual size: 782B