14523ef6064924701e5b1336046482c2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

14523ef6064924701e5b1336046482c2_JaffaCakes118
Size

2.0MB
MD5

14523ef6064924701e5b1336046482c2
SHA1

68f18fc0c26f66678afe3e0abae2b34f7f7b3199
SHA256

f43ea34aac3b64117a9ab34a5ae3bb430416af5570eb3ea6ce72b0c1f7f93f63
SHA512

5d989a64477d8d47209996658e6220d92c4621112f1d8e776ee93576b3314fa812ce502ff5eacbf5b879fbf8ffcf0ecf8d3454e4ad9cfa7f8e0be9c953a1af6d
SSDEEP

49152:PSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSG6666666666666666E:s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14523ef6064924701e5b1336046482c2_JaffaCakes118

Files

14523ef6064924701e5b1336046482c2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

27600c055723ef3022015da3e4b6e185

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__iob
_commit
rand
exit
_rotr
malloc
srand

rpcrt4

UuidCreate
RpcBindingVectorFree
CStdStubBuffer_DebugServerQueryInterface
RpcStringBindingParseW
RpcServerInqBindings
RpcServerUnregisterIf
CStdStubBuffer_Connect
UuidToStringA
CStdStubBuffer_Invoke
RpcServerRegisterIfEx
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcServerRegisterAuthInfoW
NdrStubForwardingFunction
RpcImpersonateClient
RpcRevertToSelf
NdrStubCall2
NdrDllRegisterProxy
NdrDllCanUnloadNow
IUnknown_AddRef_Proxy
RpcBindingSetAuthInfoExW
UuidToStringW
RpcBindingFree
RpcServerUseProtseqEpW
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_IsIIDSupported
UuidFromStringW
IUnknown_Release_Proxy

user32

RegisterClassA
EnumChildWindows
MsgWaitForMultipleObjects
UnregisterClassA
SystemParametersInfoW
SetWindowRgn
GetWindowRect
GetMenu
GetKeyState
IsWindowEnabled
CreateDialogParamW
GetClassNameA
GetSysColor
LoadStringA
wsprintfA
CopyRect
GetAncestor
GetPropA
CharUpperW
DrawFocusRect
LoadBitmapW
GetDC
CheckMenuItem
TranslateMessage
CheckRadioButton
CharPrevW
IsWindow
SetWindowTextA
SendDlgItemMessageA
GetMessageA
GetAsyncKeyState
IsMenu
GetDlgItem
GetWindowLongW
ScreenToClient
GetSystemMetrics
CreatePopupMenu
RegisterClassExW
SetCursor
DrawIcon
PostMessageA
DialogBoxParamW
MapWindowPoints
CharLowerW
WinHelpW
PeekMessageW
GetDesktopWindow
BeginPaint
RegisterClassExA
EnableMenuItem
IntersectRect
UnhookWindowsHookEx
SetWindowLongW
DispatchMessageA
SetCapture
LoadIconA
FindWindowA
PeekMessageA

kernel32

LoadLibraryW
CreateThread
lstrcmpiA
SetFileAttributesW
SetLastError
OpenMutexA
SetStdHandle
MapViewOfFile
InterlockedIncrement
lstrcatW
GetVersion
VirtualAlloc
WaitForMultipleObjects
GetProcessHeap
WaitForSingleObject
TlsGetValue
CreateMutexW
GetSystemDirectoryW
LocalAlloc
GetEnvironmentStringsW
LockResource
GetLocaleInfoA
GetStdHandle
GetWindowsDirectoryA
TerminateProcess
FindNextFileW
GetLocalTime
LoadLibraryA
GetCurrentThreadId
GetModuleHandleA
lstrcatA
OpenEventW
SetThreadPriority
GetStringTypeW
OpenMutexW
lstrcpynW
RaiseException
FindFirstFileA
FindResourceW
HeapDestroy
GetThreadLocale
ExitProcess
GetLastError
GetCurrentProcess
GetEnvironmentStrings
CreateProcessA
GetFullPathNameW
GetCommandLineA
FreeEnvironmentStringsA
LCMapStringW
QueryPerformanceCounter
HeapFree
IsBadWritePtr
GetComputerNameW

shell32

SHGetSpecialFolderLocation
DragQueryFileW
ShellExecuteA
SHChangeNotify
SHBindToParent
DragQueryFileA
SHGetPathFromIDListW
ShellExecuteW
SHGetDesktopFolder
SHFileOperationW
ShellExecuteExW
SHBrowseForFolderA
SHGetFileInfoW
SHGetMalloc
SHGetFolderPathW
SHGetSpecialFolderPathW
CommandLineToArgvW
SHBrowseForFolderW
SHGetPathFromIDListA

advapi32

QueryServiceConfigW
RegOpenKeyA
ReportEventW
CryptReleaseContext
GetAce
RegDeleteKeyA
ConvertStringSidToSidW
RegCreateKeyW
CryptDestroyKey
GetUserNameA
AddAce
GetTraceLoggerHandle
ConvertSidToStringSidW
IsValidSecurityDescriptor
InitializeAcl
CopySid
RegCloseKey
EqualSid
FreeSid
LsaFreeMemory
GetTraceEnableFlags
SetFileSecurityW
GetSecurityDescriptorControl
LookupAccountSidW
CryptHashData
LookupPrivilegeValueA
OpenServiceW
AllocateAndInitializeSid
RegOpenKeyExA
RegDeleteKeyW
AddAccessAllowedAce
AdjustTokenPrivileges
OpenSCManagerA
SetSecurityDescriptorGroup
RegQueryValueExA
GetSecurityDescriptorLength
CryptGetHashParam
RegNotifyChangeKeyValue
SetNamedSecurityInfoW
QueryServiceStatus
RegEnumKeyExA
DeleteService
RegDeleteValueW
RegQueryValueA
CheckTokenMembership
CryptCreateHash
RegisterEventSourceW
DeregisterEventSource
CryptDestroyHash
RegOpenKeyExW
GetUserNameW
UnregisterTraceGuids

gdi32

CreateDCA
CloseMetaFile
GetGlyphOutlineA
CreateFontIndirectA
SetViewportOrgEx
CreateFontIndirectW
SetTextAlign
CreateBrushIndirect
EndDoc
GetTextMetricsW
CreateDIBSection
CreatePalette
ExtTextOutW
GetNearestColor
GetTextExtentPointW
StartPage
LineTo
Escape
RectVisible
IntersectClipRect
DeleteMetaFile
GetObjectA
GetClipRgn
Rectangle
GetRgnBox

version

GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerQueryValueA
VerQueryValueW
GetFileVersionInfoW
VerLanguageNameA
VerFindFileW
GetFileVersionInfoA

shlwapi

PathCombineW
SHDeleteValueW
SHStrDupW
StrTrimW
PathStripToRootA
SHRegGetBoolUSValueW
PathRemoveBackslashW
PathRemoveBlanksW
StrCmpW
StrCatBuffW
wnsprintfA
wnsprintfW
SHDeleteKeyW
PathRemoveExtensionW
StrCmpIW
PathFindFileNameA
SHDeleteValueA
PathSkipRootW
StrCatW
StrDupW
StrCmpNIA
PathIsDirectoryW
StrToIntExW
PathIsRootW
StrCmpNIW
StrChrIW
PathRemoveFileSpecW
SHSetValueW
PathIsRelativeW
PathIsURLW
UrlCanonicalizeW
StrStrIW
SHDeleteKeyA
UrlIsW
PathIsUNCW
StrStrW
StrRetToBufW
AssocQueryStringW
StrCpyW
SHGetValueW
StrStrIA
PathAddBackslashW
UrlUnescapeW

Sections

.tls
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BSS
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 482B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27600c055723ef3022015da3e4b6e185

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

rpcrt4

user32

kernel32

shell32

advapi32

gdi32

version

shlwapi

Sections

.tls Size: 5KB - Virtual size: 4KB

.code Size: 53KB - Virtual size: 53KB

BSS Size: 1KB - Virtual size: 1KB

.edata Size: 1KB - Virtual size: 29KB

.tls Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 482B

.tls
Size: 5KB - Virtual size: 4KB

.code
Size: 53KB - Virtual size: 53KB

BSS
Size: 1KB - Virtual size: 1KB

.edata
Size: 1KB - Virtual size: 29KB

.tls
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 482B