183bac63c9aff0be0ce9b76c8edca433_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

183bac63c9aff0be0ce9b76c8edca433_JaffaCakes118
Size

218KB
MD5

183bac63c9aff0be0ce9b76c8edca433
SHA1

16afc8ff8858cf82673b5cb1a3543d693d1d0350
SHA256

8b58fba5ddbf1d73136410b0d8c69644f80a0854bd413bdde1ca045b124491f4
SHA512

af04508885b772c896da212f49a0b8772eafb798a6f9f31a63bdbea72e240a357d14bf6b0849a2e86c147e091ef9316d609e4e4bd5b078f86ddf51a4f25e1624
SSDEEP

3072:WmPuIDBayr1iE7YGrsrpVhizsexQh3e0uFyO32FJHvex6o5:WMuIVayhiEMGrsjwA3e7FN32FBd+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
183bac63c9aff0be0ce9b76c8edca433_JaffaCakes118

Files

183bac63c9aff0be0ce9b76c8edca433_JaffaCakes118
.dll windows:5 windows x86 arch:x86

11e0ce1be130e74800309c765a9f5be6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnhandledExceptionFilter
TerminateProcess
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetStartupInfoA
GetModuleHandleA
GetModuleFileNameW
GetLastError
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
CreateFileW
GetSystemTime
LoadLibraryA
GetProcAddress

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

EnumServiceGroupW
WriteEncryptedFileRaw
UnlockServiceDatabase
TrusteeAccessToObjectW
SystemFunction020
SystemFunction013
SystemFunction011
SystemFunction002
SetUserFileEncryptionKey
SetSecurityInfoExA
SetSecurityDescriptorGroup
SetNamedSecurityInfoA
SetFileSecurityA
RegisterTraceGuidsW
RegisterEventSourceW
RegSetValueW
RegQueryValueA
RegNotifyChangeKeyValue
RegEnumKeyA
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyW
AbortSystemShutdownA
AddUsersToEncryptedFile
AreAnyAccessesGranted
BackupEventLogA
BackupEventLogW
BuildImpersonateTrusteeA
BuildSecurityDescriptorW
BuildTrusteeWithObjectsAndNameW
BuildTrusteeWithSidA
BuildTrusteeWithSidW
ChangeServiceConfig2A
ControlTraceW
ConvertSecurityDescriptorToAccessA
ConvertSecurityDescriptorToAccessNamedA
ConvertSecurityDescriptorToAccessNamedW
ConvertSidToStringSidW
CopySid
CreatePrivateObjectSecurityEx
CryptDuplicateKey
CryptGetHashParam
CryptSetProviderA
CryptSetProviderExW
CryptSignHashA
CryptSignHashW
CryptVerifySignatureA
CryptVerifySignatureW
DeleteAce
DestroyPrivateObjectSecurity
DuplicateTokenEx
ElfOpenBackupEventLogW
ElfOpenEventLogA
ElfRegisterEventSourceW
EncryptionDisable
RegCloseKey
FileEncryptionStatusW
GetAccessPermissionsForObjectW
GetCurrentHwProfileA
GetEffectiveRightsFromAclW
GetFileSecurityW
GetLengthSid
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetServiceDisplayNameA
GetSidSubAuthorityCount
GetTraceEnableFlags
GetTrusteeTypeW
InitiateSystemShutdownExA
LookupPrivilegeNameW
LsaAddAccountRights
LsaAddPrivilegesToAccount
LsaClose
LsaCreateTrustedDomain
LsaEnumerateAccountsWithUserRight
LsaGetQuotasForAccount
LsaGetRemoteUserName
LsaLookupPrivilegeName
LsaOpenAccount
LsaOpenSecret
LsaRemoveAccountRights
LsaSetSecret
ObjectCloseAuditAlarmW
ObjectDeleteAuditAlarmW
OpenEncryptedFileRawW
QueryRecoveryAgentsOnEncryptedFile

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11e0ce1be130e74800309c765a9f5be6

Headers

File Characteristics

Imports

kernel32

comdlg32

advapi32

ole32

Sections

.text Size: 3KB - Virtual size: 3KB

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 167KB - Virtual size: 167KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 196B

.rsrc Size: 1024B - Virtual size: 632B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 3KB - Virtual size: 3KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 167KB - Virtual size: 167KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 196B

.rsrc
Size: 1024B - Virtual size: 632B

.reloc
Size: 1KB - Virtual size: 1KB