13c2f6164273f1615261c280c2587c29_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

13c2f6164273f1615261c280c2587c29_JaffaCakes118
Size

258KB
MD5

13c2f6164273f1615261c280c2587c29
SHA1

881e6f3277fb7706e3dcf3682738b3c9b1b74c39
SHA256

d1810c64bd855519e5c00e28b6d82ae82d31dd1093de538af224e803e982ee01
SHA512

2341c3ce344c738bf10cc00be0769c9199a15c11b487ed339b1c1efc22d6b66e0b89ac86e239f3aab388a9b51f554fc72b75d5ad20ba8c52c944ac3c367978ca
SSDEEP

3072:HVzwxN15ogBAPTd5KlZ/KYgIKo/HtmGb8GEPEV5D36ztTF:HVgNITdc3/RgDo/NmgzEPELDMtT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13c2f6164273f1615261c280c2587c29_JaffaCakes118

Files

13c2f6164273f1615261c280c2587c29_JaffaCakes118
.exe windows:5 windows x86 arch:x86

571fbe167f402d603b6abce393de8324

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteProfileStringW
VirtualUnlock
TerminateThread
SetWaitableTimer
SetThreadPriorityBoost
SetEvent
SetConsoleTitleW
RtlFillMemory
ResumeThread
GetStartupInfoW
ReplaceFileW
ReadDirectoryChangesW
QueryPerformanceFrequency
OpenFileMappingA
LocalSize
InterlockedIncrement
InitializeCriticalSection
HeapDestroy
HeapCompact
GetVolumePathNameW
GetUserDefaultLangID
GetSystemWindowsDirectoryA
GetModuleHandleW
GetLogicalDrives
lstrcmp
GetFileTime
GetDefaultCommConfigW
GetConsoleAliasesLengthW
GetCommState
FreeLibrary
FreeConsole
FormatMessageA
FindResourceW
FindResourceExA
FindNextFileW
FindFirstVolumeW
FindFirstFileA
FindCloseChangeNotification
FatalAppExitW
ExitThread
EnumSystemCodePagesA
EnumCalendarInfoW
EnumCalendarInfoExA
EnumCalendarInfoA
DosDateTimeToFileTime
DeleteFileA
CreatePipe
CopyFileExA
ConvertThreadToFiber
GetOEMCP
lstrcmpiA
GetLocalTime
VirtualAlloc
GetStartupInfoA

user32

DefFrameProcA
DdeInitializeA
DdeEnableCallback
DdeAbandonTransaction
DestroyIcon
CreateAcceleratorTableW
CharPrevA
CharLowerA
ActivateKeyboardLayout
LoadIconA
DlgDirSelectExW
DrawMenuBar
EnableWindow
EndDialog
FindWindowExA
FlashWindow
GetAltTabInfoA
GetClipCursor
GetDlgItemTextW
GetLastInputInfo
GetOpenClipboardWindow
GetParent
GetPriorityClipboardFormat
GetQueueStatus
GetWindowInfo
GetWindowTextW
GrayStringA
InSendMessage
IsIconic
IsZoomed
LoadCursorA
MapVirtualKeyExA
MessageBoxIndirectW
ModifyMenuW
MonitorFromWindow
PaintDesktop
PeekMessageA
RegisterClassA
RegisterWindowMessageW
SetCapture
SetCaretBlinkTime
SetClassWord
SetMenu
SetMenuContextHelpId
SetMenuItemBitmaps
SetRectEmpty
SetWindowTextW
SetWindowsHookA
UnhookWinEvent
VkKeyScanExA
CreateMenu

gdi32

GetStockObject

advapi32

RegQueryMultipleValuesW
AccessCheckByTypeResultListAndAuditAlarmByHandleW
RegOpenKeyExW
AddAccessDeniedAceEx
ChangeServiceConfigW
ConvertAccessToSecurityDescriptorA
ConvertSDToStringSDRootDomainA
ConvertSidToStringSidA
CreatePrivateObjectSecurityEx
CryptGetHashParam
CryptHashSessionKey
CryptSetProviderExA
DeleteAce
DeleteService
ElfClearEventLogFileW
ElfOpenBackupEventLogA
EnumDependentServicesA
EnumServicesStatusExW
FindFirstFreeAce
GetMultipleTrusteeA
GetNumberOfEventLogRecords
GetServiceKeyNameW
GetTokenInformation
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
GetTrusteeNameW
ImpersonateNamedPipeClient
InitializeAcl
LockServiceDatabase
LookupSecurityDescriptorPartsA
LsaEnumerateAccounts
LsaEnumerateAccountsWithUserRight
LsaOpenPolicy
ObjectCloseAuditAlarmW
ObjectDeleteAuditAlarmA
ObjectPrivilegeAuditAlarmW
QueryServiceStatus
RegCloseKey
RegConnectRegistryW
RegCreateKeyExW
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegSetValueExW
RegSetValueW
RegisterTraceGuidsW
RevertToSelf
SetSecurityDescriptorRMControl
SystemFunction021
TraceEvent
UnregisterTraceGuids
AddAccessAllowedObjectAce

shell32

SHBrowseForFolderW
ShellHookProc
ShellExecuteEx
ShellExecuteA
ShellAboutW
SHPathPrepareForWriteA
SHLoadInProc
SHGetMalloc
DoEnvironmentSubstW
DragQueryFile
DragQueryFileA
DragQueryFileAorW
ExtractAssociatedIconExW
ExtractIconExW
ExtractIconW
FindExecutableA
FindExecutableW
SHAppBarMessage
SHBrowseForFolderA
Shell_NotifyIconW
SHChangeNotify
SHCreateDirectoryExA
SHCreateDirectoryExW
SHCreateProcessAsUserW
SHEmptyRecycleBinW
SHFileOperationW
SHGetDesktopFolder
SHGetDiskFreeSpaceA
SHGetDiskFreeSpaceExW
SHGetFileInfo
SHGetIconOverlayIndexA
SHGetInstanceExplorer

shlwapi

StrCmpNIW
StrCmpNW
StrRChrA
StrRChrW
StrRStrIW
StrStrIA
StrCmpNIA
StrStrW

msvcrt

_CxxThrowException
_XcptFilter
__CxxFrameHandler
__RTDynamicCast
__argc
__crtGetLocaleInfoW
__dllonexit
__lc_codepage
__p__commode
__p__fmode
__p__mbcasemap
__set_app_type
__setusermatherr
__unguarded_readlc_active
__wargv
__wgetmainargs
_adjust_fdiv
_c_exit
_callnewh
_cexit
_chgsign
_controlfp
_cscanf
_except_handler3
_execvpe
_exit
_fgetwchar
_findfirst
_get_sbh_threshold
_getdllprocaddr
_getws
_initterm
_iob
_ismbcdigit
_ismbcsymbol
_itoa
_itow
_ltoa
_ltow
_mbbtype
_mbslen
_mbsnbcnt
_memccpy
_mktemp
_nextafter
_onexit
_purecall
_snprintf
_snwprintf
_spawnv
_strlwr
_tell
_telli64
_ui64toa
_ui64tow
_ultow
_umask
_vsnwprintf
_wcmdln
_wcsicmp
_wcsnicmp
_wenviron
_wfreopen
_wtoi
atoi
exit
fgetpos
fputwc
free
fwrite
is_wctype
iswalnum
iswspace
malloc
memmove
putc
qsort
realloc
scanf
sprintf
strlen
strtol
swprintf
swscanf
time
wcscat
wcschr
wcscmp
wcscpy
wcslen
wcsncmp
wcsncpy
wcsrchr
wcsstr
wcstol
wcstombs
wcstoul

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text5
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text4
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text3
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text2
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

571fbe167f402d603b6abce393de8324

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

msvcrt

Sections

.text Size: 36KB - Virtual size: 35KB

.text5 Size: 13KB - Virtual size: 12KB

.text4 Size: 13KB - Virtual size: 12KB

.text3 Size: 125KB - Virtual size: 125KB

.text2 Size: 13KB - Virtual size: 12KB

.data Size: 1KB - Virtual size: 1KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 20KB - Virtual size: 19KB

.rsrc Size: 25KB - Virtual size: 24KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 36KB - Virtual size: 35KB

.text5
Size: 13KB - Virtual size: 12KB

.text4
Size: 13KB - Virtual size: 12KB

.text3
Size: 125KB - Virtual size: 125KB

.text2
Size: 13KB - Virtual size: 12KB

.data
Size: 1KB - Virtual size: 1KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 25KB - Virtual size: 24KB

.reloc
Size: 2KB - Virtual size: 2KB