16199ce12b20353910f454414eceb1e1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16199ce12b20353910f454414eceb1e1_JaffaCakes118
Size

818KB
MD5

16199ce12b20353910f454414eceb1e1
SHA1

76cd36334db7b9689639f1deef9649305161d99f
SHA256

282bc665dbf11db15e843042a78868772320eb1880bc0d319a4964d846e7d2f6
SHA512

41c69a8f100d135f98faa1a2fa9cd2d42fda3167909dcf3748fb70d8a4eb0d77a19e3a73e6f14aa99e812ee0029de5d48225d35ef9ee5a3d25a1aec3d500d293
SSDEEP

12288:eL0eUZHRbftieKd7Aouhwg7LaGnS4JWSB0MoGZscsd1FE9bBTI:s0eytFieHdJLaGS4wghjqib9I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16199ce12b20353910f454414eceb1e1_JaffaCakes118

Files

16199ce12b20353910f454414eceb1e1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

df58fa60062388843a0dec13d8e30580

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

EnumResourceLanguagesW
GlobalMemoryStatus
GetDateFormatA
Module32First
RtlZeroMemory
ChangeTimerQueueTimer
MapUserPhysicalPagesScatter
DebugBreak
GetLastError
GetCommModemStatus
VirtualAlloc
CreateFileA
ReadFile
IsDebuggerPresent
GlobalSize
DefineDosDeviceW
CreateProcessA
CreateEventA
GetWindowsDirectoryW
GetStartupInfoA
FindAtomW
ProcessIdToSessionId
GetDateFormatW
GetVolumePathNameA
PeekConsoleInputW
FindNextFileW
IsDBCSLeadByteEx
GetModuleFileNameW
FreeConsole
GetLogicalDriveStringsA
lstrlenA
OpenWaitableTimerW

msvcrt

tmpfile
_access
srand
_c_exit
iswctype
_purecall
_setmode
iswpunct
_acmdln
strtok
tolower
__getmainargs
_snprintf
_wasctime
_isnan
getchar
_mbclen
_localtime64
cos
vfprintf
_wcsnset
_wgetcwd

advapi32

InitializeAcl
AddAccessAllowedAceEx
LsaRemoveAccountRights
RegOverridePredefKey
QueryServiceLockStatusW
RegEnumKeyExW
CloseServiceHandle
LsaNtStatusToWinError
SystemFunction027
RegOpenCurrentUser
AccessCheck
GetTraceLoggerHandle
RegisterEventSourceA
RegisterServiceCtrlHandlerExW
ConvertSecurityDescriptorToStringSecurityDescriptorW
CryptExportKey
CryptVerifySignatureA
CryptSignHashW
OpenEncryptedFileRawW
RegSetValueExW
ImpersonateLoggedOnUser

netapi32

NetFileEnum
NetApiBufferFree
NetServerEnum
DsGetDcNameWithAccountW
NetShareEnum
Netbios
NetRenameMachineInDomain
NetGroupAddUser
NetLocalGroupSetInfo
NetRemoteTOD
NetServerGetInfo
NetUserAdd
NetServiceInstall
NetUserGetLocalGroups
NetLocalGroupGetMembers
NetValidateName
NetShareDel
NetpIsRemote
NetServiceControl
DsGetDcNameW
NetLocalGroupEnum
NetUserEnum
NetMessageBufferSend
NetShareSetInfo
I_NetServerReqChallenge
NetGroupEnum
I_NetServerAuthenticate
NetLocalGroupAdd

imagehlp

ImageRvaToSection
ImageLoad
SymInitialize
SymSetOptions
ImageGetCertificateData
ImageUnload
CheckSumMappedFile
ImageDirectoryEntryToData
ImageEnumerateCertificates
ImageNtHeader
EnumerateLoadedModules64
ImageRvaToVa

uxtheme

DrawThemeParentBackground
DrawThemeText
GetThemeMetric
SetWindowTheme
GetThemeBackgroundRegion
GetThemeSysColor
DrawThemeIcon
IsThemePartDefined
GetThemeSysFont
GetWindowTheme
OpenThemeData
GetThemeColor
GetThemeRect
EnableThemeDialogTexture
GetThemeBackgroundExtent
IsThemeBackgroundPartiallyTransparent
GetCurrentThemeName

rpcrt4

RpcCancelThread
UuidEqual
RpcBindingReset
I_RpcGetBufferWithObject
UuidFromStringA
UuidToStringW
NdrOleAllocate
CStdStubBuffer_Disconnect
UuidIsNil
IUnknown_AddRef_Proxy
I_RpcGetExtendedError
MesEncodeFixedBufferHandleCreate
RpcServerRegisterAuthInfoA
I_RpcMapWin32Status
RpcMgmtSetComTimeout
I_RpcSendReceive
RpcServerRegisterAuthInfoW
MesBufferHandleReset
RpcAsyncCancelCall
RpcServerUseProtseqEpW
RpcEpRegisterW
RpcBindingFree
RpcBindingToStringBindingA
RpcRaiseException
CStdStubBuffer_Connect
RpcBindingSetAuthInfoExW

crypt32

PFXImportCertStore

Sections

.data
Size: 1024B - Virtual size: 526B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 855B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 61KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 592KB - Virtual size: 1010KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 874B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df58fa60062388843a0dec13d8e30580

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

netapi32

imagehlp

uxtheme

rpcrt4

crypt32

Sections

.data Size: 1024B - Virtual size: 526B

.rdata Size: 1024B - Virtual size: 855B

.text Size: 61KB - Virtual size: 480KB

.idata Size: 592KB - Virtual size: 1010KB

.rsrc Size: 160KB - Virtual size: 159KB

.reloc Size: 1024B - Virtual size: 874B

.data
Size: 1024B - Virtual size: 526B

.rdata
Size: 1024B - Virtual size: 855B

.text
Size: 61KB - Virtual size: 480KB

.idata
Size: 592KB - Virtual size: 1010KB

.rsrc
Size: 160KB - Virtual size: 159KB

.reloc
Size: 1024B - Virtual size: 874B