17c6f2461acc114e6ae391f1821090c8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

17c6f2461acc114e6ae391f1821090c8_JaffaCakes118
Size

271KB
MD5

17c6f2461acc114e6ae391f1821090c8
SHA1

2a9f6b9d242373f66c76271eb8701634b36add75
SHA256

98d289d16ee2358403720d037fdb3593271dd916c2c6c3efaa6c8fd0c7274bd4
SHA512

827aefca26935793f2b6abb048f8e3c612d83daae3ebf21efc85ec8bb2d3b1fac017bf7129dfc18083e6ca7df7fb16673c43caa58322b2c64438a4b58e3b46c0
SSDEEP

6144:tlc75YJihzhVqOnPGVwSi4zwNty33ShXg6VW+ba0EVP:MAih6Oe6GzmtlVAz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17c6f2461acc114e6ae391f1821090c8_JaffaCakes118

Files

17c6f2461acc114e6ae391f1821090c8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4fe21ba2b99c79bd6f9e14c723ff1bd1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoInitializeSecurity
StringFromIID
CoTaskMemRealloc
CoCreateGuid
CLSIDFromString
CoImpersonateClient
CoRevertToSelf
CoInitializeEx
StringFromGUID2
CoQueryProxyBlanket
StringFromCLSID
CoSetProxyBlanket
CoRegisterClassObject
CoGetClassObject
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoDisconnectObject
CoGetCallContext
CoRevokeClassObject

advapi32

StartServiceCtrlDispatcherA
OpenServiceA
OpenThreadToken
RegQueryValueExA
RegisterEventSourceA
RegEnumKeyExA
OpenProcessToken
RegEnumKeyA
RegQueryValueExW
DeleteService
RegSetValueExA
LookupPrivilegeValueA
CreateServiceA
GetTokenInformation
CloseServiceHandle
RegCloseKey
ChangeServiceConfigA
RegOpenKeyExA
OpenSCManagerA
RegDeleteKeyA
RegDeleteValueA
ReportEventA
RegisterServiceCtrlHandlerA
DeregisterEventSource
AdjustTokenPrivileges
SetThreadToken
RegEnumValueA
SetServiceStatus
RegQueryInfoKeyA
ControlService
RegCreateKeyExA
RegCreateKeyA

oleacc

LresultFromObject
AccessibleObjectFromWindow

shlwapi

PathFindExtensionA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

rpcrt4

RpcBindingSetAuthInfoA
RpcStringBindingComposeA
NdrClientCall
RpcBindingFromStringBindingA
RpcStringFreeA

user32

KillTimer
CharUpperA
SetTimer
MessageBoxA
CharNextA
LoadStringA
GetMessageA
DispatchMessageA
PostThreadMessageA
EnumWindows
wsprintfW
GetWindowTextA
IsWindowVisible
PeekMessageA
GetWindowThreadProcessId
wsprintfA

kernel32

InterlockedCompareExchange
SetFilePointer
InterlockedExchange
FormatMessageA
WriteProfileStringA
FreeLibrary
WaitForSingleObject
GetTickCount
IsBadReadPtr
VirtualQuery
ReleaseMutex
GetFileType
HeapFree
OpenProcess
GetThreadLocale
LoadLibraryExA
LocalAlloc
QueryPerformanceCounter
lstrcmpiA
ReadProcessMemory
FreeEnvironmentStringsW
GetProfileStringA
GetEnvironmentStrings
HeapSize
FindResourceExA
GetPrivateProfileStringA
InterlockedDecrement
GetCPInfo
HeapCreate
GetComputerNameA
lstrcpyA
GetProcessTimes
DuplicateHandle
GetSystemTimeAsFileTime
SetEvent
TerminateThread
CreateDirectoryA
FindClose
CompareStringA
lstrcatA
GetModuleFileNameA
SetEnvironmentVariableA
VirtualFree
GetCurrentProcess
LoadResource
FlushFileBuffers
IsDBCSLeadByte
GetSystemInfo
SetLastError
GetPrivateProfileSectionA
TlsAlloc
GetModuleHandleW
ExitProcess
UnmapViewOfFile
TlsFree
Sleep
GetProcAddress
RaiseException
GetStringTypeW
FreeEnvironmentStringsA
EnumSystemLanguageGroupsW
GetStdHandle
TerminateProcess
LCMapStringA
InitializeCriticalSection
CreateMutexA
LoadLibraryA
HeapReAlloc
WritePrivateProfileStringA
LeaveCriticalSection
GetExitCodeProcess
GetModuleHandleA
CreateThread
MapViewOfFile
lstrlenA
HeapAlloc
WriteFile
ReadFile
UnhandledExceptionFilter
lstrlenW
WideCharToMultiByte
GetFileAttributesA
CreateProcessW
ResetWriteWatch
SizeofResource
SetUnhandledExceptionFilter
CloseHandle
GetStartupInfoA
GetACP
VirtualProtect
SetErrorMode
GetModuleFileNameW
CompareStringW
SetStdHandle
GetProcessHeap
CreateEventA
LoadLibraryW
GetCommandLineA
VirtualAlloc
IsBadCodePtr
GetSystemDirectoryA
GetPrivateProfileSectionNamesA
TlsGetValue
SetEndOfFile
InterlockedIncrement
lstrcpynA
GetLastError
CreateFileA
RtlUnwind
LCMapStringW
FindFirstFileA
GetVersion
CreateProcessA
GetCurrentThread
GetPrivateProfileIntA
SetHandleCount
MultiByteToWideChar
GetCurrentThreadId
FindResourceA
DeleteCriticalSection
LockResource
GetOEMCP
GetStringTypeA
GetLocaleInfoA
IsBadWritePtr
CreateFileMappingA
GetEnvironmentStringsW
TlsSetValue
HeapDestroy
EnterCriticalSection
LocalSize
LocalFree
GetVersionExA
GetCurrentProcessId
HeapFree

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4fe21ba2b99c79bd6f9e14c723ff1bd1

Headers

File Characteristics

Imports

ole32

advapi32

oleacc

shlwapi

version

rpcrt4

user32

kernel32

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 6KB - Virtual size: 145KB

.data Size: 199KB - Virtual size: 198KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 6KB - Virtual size: 145KB

.data
Size: 199KB - Virtual size: 198KB

.rsrc
Size: 512B - Virtual size: 4KB