16167246dfdbbf17ea5e234b220bfdfa_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16167246dfdbbf17ea5e234b220bfdfa_JaffaCakes118
Size

853KB
MD5

16167246dfdbbf17ea5e234b220bfdfa
SHA1

83cca2b1e487bae87744c7d2b10955812edba624
SHA256

956050bbd1acebcfd5b7572d2adcbc55c24019db80e07d6f6f1715469ed014e3
SHA512

fffe9b694529814537f0fc11b8f84422fedf104e4d0c4f9952c8e59e32f53cab9984311b2eab7c2dcc577a077eb208742591f25cadab6b94d96bd474659f6150
SSDEEP

24576:78txUIWQZFcsGbqHjNf8b6+dl1LklYREr6xd:AtaInZFZGWp666nglYRI6xd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16167246dfdbbf17ea5e234b220bfdfa_JaffaCakes118

Files

16167246dfdbbf17ea5e234b220bfdfa_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a1fd6b7c40a52b7cd18c5146bf5c0176

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCreate
WritePrivateProfileSectionA
IsBadHugeReadPtr
Module32NextW
SetFileShortNameW
GetNumberFormatA
InterlockedPopEntrySList
ShowConsoleCursor
VirtualAlloc
FindFirstVolumeA
QueryInformationJobObject
FindCloseChangeNotification
GetConsoleAliasA
CommConfigDialogA
GetSystemWindowsDirectoryA
CreateFileW
VirtualAllocEx
ContinueDebugEvent
GetModuleHandleW
IsDebuggerPresent
_lcreat
LoadLibraryA
EnumSystemLocalesA
ResetWriteWatch
GetStringTypeW
MapViewOfFile
InitializeCriticalSection

sqlwoa

_SendMessage@16
_GetDlgItemText@16
_GetOpenFileName@4
newMultiByteFromWideChar
_GetObject@12
_MoveFile@8
_SetProp@12
_CreateFontIndirect@4
_SendDlgItemMessage@20
_CreateFont@56
_GetTextExtentPoint32@16
_SetWindowText@8
_DeleteFile@4
_DefWindowProc@16
_SetWindowLong@12
_tsystem
_GetVersionEx@4
_MessageBox@16
_CommDlg_OpenSave_GetFolderPath@12
_ExtTextOut@32
_FormatMessage@28
_GetUserName@8
_CallWindowProc@20
_GetWindowText@12
_RemoveProp@8

advapi32

RegSetKeySecurity
GetTrusteeFormA
ProcessIdleTasks
StartTraceA
GetMultipleTrusteeA
WmiFileHandleToInstanceNameA
ElfReadEventLogA
ImpersonateSelf
TraceMessage
WmiMofEnumerateResourcesW
RegSetValueW
WmiReceiveNotificationsW
GetEffectiveRightsFromAclW
ObjectCloseAuditAlarmA
AddAuditAccessAce
ObjectOpenAuditAlarmW
LsaRemoveAccountRights
CryptDuplicateKey
SystemFunction036
LsaICLookupNames

version

GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
VerQueryValueW
VerLanguageNameA
VerInstallFileW
VerFindFileW
VerInstallFileA
GetFileVersionInfoA
VerQueryValueA
VerFindFileA
GetFileVersionInfoW
VerLanguageNameW

cmutil

CmFmtMsgW
??0CIniA@@QAE@PAUHINSTANCE__@@PBD111@Z
?SetSection@CIniA@@QAEXPBD@Z
CmRealloc
?CIniW_WriteEntryToReg@CIniW@@IBEHPAUHKEY__@@PBG1PBEKK@Z
CmConvertRelativePathW
?OpenFile@CmLogFile@@AAEJXZ
??_FCIniW@@QAEXXZ
?Start@CmLogFile@@QAEJH@Z
?SetHInst@CIniA@@QAEXPAUHINSTANCE__@@@Z
CmStrrchrW
SzToWzWithAlloc
CmStrCatAllocA
?SetFile@CIniW@@QAEXPBG@Z
?DeInit@CmLogFile@@QAEJXZ
?GetSection@CIniA@@QBEPBDXZ
??4CRandom@@QAEAAV0@ABV0@@Z
CmWinHelp

Sections

.text
Size: 754KB - Virtual size: 753KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a1fd6b7c40a52b7cd18c5146bf5c0176

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

sqlwoa

advapi32

version

cmutil

Sections

.text Size: 754KB - Virtual size: 753KB

.rdata Size: 91KB - Virtual size: 90KB

.data Size: 4KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 754KB - Virtual size: 753KB

.rdata
Size: 91KB - Virtual size: 90KB

.data
Size: 4KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB