1749147a29efb88c01bd366caf9193f8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1749147a29efb88c01bd366caf9193f8_JaffaCakes118
Size

96KB
MD5

1749147a29efb88c01bd366caf9193f8
SHA1

631fb852750f6a12748f811493e612695643413e
SHA256

7f66a6916f9e73ec321fe82909abff2fcfb4f088253f377eaf69e2e2f8a4d48f
SHA512

38f182d56516a7c20f3e7d636c11b4f00222e6256067631cbd5aaeda43612c9d9aa2d9de41b3ae3ae9c0b1b6cb04886770a3ffda12e59a9b18c89e22c1af1bac
SSDEEP

1536:v4UnCNijxdV4xvBmr5mM7sBWGpgN7g6YsOUUjZZaIqQSSr/d1A2BNef/166TPKTj:yNix4x5EmMIPgN77YsFyZaIwjMUdK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1749147a29efb88c01bd366caf9193f8_JaffaCakes118

Files

1749147a29efb88c01bd366caf9193f8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0d87809fc1b7384b77031e64ce4786b4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

shlwapi

StrStrIW

kernel32

lstrcpynW
lstrlenA
SetThreadPriority
ResumeThread
TerminateThread
GetModuleFileNameW
GetTickCount
lstrcatA
GetLocalTime
CreateProcessW
lstrcatW
CreateFileMappingW
OpenMutexW
MapViewOfFile
UnmapViewOfFile
lstrcpynA
InterlockedExchangeAdd
lstrcmpA
lstrcpyA
InterlockedIncrement
InterlockedDecrement
FreeLibrary
GetProcAddress
LoadLibraryW
Sleep
GetFileAttributesW
SetCurrentDirectoryW
FindFirstFileW
FindClose
WaitForMultipleObjectsEx
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetLastError
CloseHandle
WaitForSingleObject
LocalFree
LocalLock
LocalAlloc
lstrcpyW
lstrcmpiW
ReleaseMutex
ResetEvent
CreateMutexW
MultiByteToWideChar
WriteFile
CreateFileW
OpenEventW
WaitForMultipleObjects
LocalUnlock
GetMailslotInfo
SetEvent
ReadFile
CreateMailslotW
CreateEventW
lstrlenW

user32

wsprintfW
DispatchMessageW
TranslateMessage
PeekMessageW
wsprintfA

advapi32

OpenProcessToken
GetTokenInformation
LookupAccountSidW
DuplicateTokenEx
CreateProcessAsUserW
FreeSid
AllocateAndInitializeSid
QueryServiceStatus
ControlService
DeleteService
OpenSCManagerW
OpenServiceW
CreateServiceW
ChangeServiceConfig2W
StartServiceW
CloseServiceHandle
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
RegNotifyChangeKeyValue
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize
PropVariantClear

oleaut32

SysAllocString
SysFreeString

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSEnumerateSessionsW

msvcrt

__CxxFrameHandler
_XcptFilter
_exit
wcsrchr
printf
wcslen
malloc
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
wcscpy
_wcsupr
wcsstr
free
__setusermatherr
_initterm
__wgetmainargs
__p___winitenv
??2@YAPAXI@Z
memset
??3@YAXPAX@Z
_snwprintf
exit
memcpy
_purecall
wprintf
_beginthreadex
_vsnprintf
wcstol
_wcsnicmp
_wtol
wcschr
qsort
memcmp

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d87809fc1b7384b77031e64ce4786b4

Headers

File Characteristics

Imports

userenv

shlwapi

kernel32

user32

advapi32

ole32

oleaut32

wtsapi32

msvcrt

version

Sections

.text Size: 58KB - Virtual size: 57KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 25KB - Virtual size: 24KB

.text
Size: 58KB - Virtual size: 57KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 25KB - Virtual size: 24KB