27e887aa14f3890a72f06ec5d0759f20_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

27e887aa14f3890a72f06ec5d0759f20_JaffaCakes118
Size

388KB
MD5

27e887aa14f3890a72f06ec5d0759f20
SHA1

8bacf22533725fd98c254c8eb6852edbe225a0ef
SHA256

91a23ebd232c1d96458e3b0870ec5507e547e6763bf99c5c7ca69a89e2a51267
SHA512

56f420069c68e971069ef6d25a5944d50901d8c9de84f57a1bdb49371cfca117855afd4a6aecf1c6df96369ca3d19fe655c5a939a8b66d6fff6341de97259089
SSDEEP

12288:LhTjRwlkwFrnAEryLFcG3yBrZTRDgZ8zOhG6:F4DRw7325gPh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
27e887aa14f3890a72f06ec5d0759f20_JaffaCakes118

Files

27e887aa14f3890a72f06ec5d0759f20_JaffaCakes118
.exe windows:4 windows x86 arch:x86

000b1ef8b031f36e3a89c9aefebefee5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasEnumConnectionsA
RasGetConnectStatusA

advapi32

ControlService
GetServiceKeyNameA
OpenSCManagerA
QueryServiceLockStatusW
RegUnLoadKeyW
RegOpenKeyExW
OpenServiceA
ChangeServiceConfigW
ChangeServiceConfig2A
EncryptFileW
QueryServiceConfigW
DeleteService
RegNotifyChangeKeyValue
CreateServiceW
RegDeleteKeyA
RegCreateKeyExW
GetUserNameW
LsaOpenPolicy
SetServiceObjectSecurity
RegQueryInfoKeyW
SetServiceStatus
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerA
RegCreateKeyExA
LsaFreeMemory
RegSetValueW
LockServiceDatabase
RegSetValueA
RegSetValueExW
RegCloseKey
EnumDependentServicesA
EnumServicesStatusA
OpenEventLogW
LogonUserA
ReportEventA
LsaRetrievePrivateData
QueryServiceStatus
RegRestoreKeyW
DecryptFileW
RegOpenKeyExA
RegConnectRegistryA
RegQueryValueW
CreateProcessAsUserW
RegCreateKeyW
LsaAddAccountRights
RegisterEventSourceA
OpenSCManagerW
InitiateSystemShutdownA
ReadEventLogW
GetUserNameA
GetServiceDisplayNameW
RegSetValueExA
LsaQueryInformationPolicy
RegQueryInfoKeyA
RegQueryValueA

msvcrt

ldexp
_onexit
modf
__dllonexit
strcmp
_initterm
_setmbcp
_except_handler3
__getmainargs
atexit
_controlfp
__setusermatherr
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_acmdln

mpr

WNetCancelConnectionA
WNetUseConnectionA
WNetDisconnectDialog
WNetConnectionDialog1A
WNetGetConnectionA
MultinetGetConnectionPerformanceA

user32

PeekMessageW
CharLowerA
GetDlgItem
UnhookWinEvent
MoveWindow
GetDlgItemInt
EmptyClipboard
GetDlgCtrlID
KillTimer

gdi32

GetTextMetricsW
GetDIBColorTable
StartDocA
GetSystemPaletteEntries
SetMetaFileBitsEx
EnumMetaFile
EndDoc
GetROP2
SetDeviceGammaRamp
RealizePalette
CreateFontA
SetROP2
ExtEscape
GetEnhMetaFileHeader
Ellipse
CombineRgn
EnumFontFamiliesA
DeleteObject
EndPage
RestoreDC
CreateMetaFileA
EqualRgn
ResizePalette
GetFontData
SetArcDirection
GetBkColor
CreateFontIndirectW
ExtCreateRegion
SelectPalette
PatBlt
SetStretchBltMode
WidenPath
GetGlyphOutlineA
GetClipBox
BitBlt
GetTextExtentPointA
GetDIBits
CreateRectRgn
GetCharWidthA
CopyEnhMetaFileW
GetGlyphOutlineW
GetNearestPaletteIndex
OffsetViewportOrgEx
GetStockObject
RectVisible
GdiFlush
CreateICW
GetWindowOrgEx
AbortDoc
SelectClipRgn
PolyBezierTo
CloseEnhMetaFile
PlayEnhMetaFile
GetObjectA
Chord
StretchBlt
StartDocW
StrokePath
PolyPolyline
LPtoDP
GetTextAlign
EndPath
GetCharABCWidthsW
SetRectRgn
StartPage
CreateDCW
GetTextColor
ExtCreatePen
GetKerningPairsA
BeginPath
CreateBitmap
CreateFontIndirectA
CreatePen
CreateDCA
SetAbortProc
GetBitmapBits
CreatePolygonRgn

kernel32

ClearCommBreak
GetBinaryTypeA
GetProcessAffinityMask
GetCommTimeouts
GetStringTypeA
GetConsoleAliasW
SetEndOfFile

mfc42

ord1168
ord5731
ord3922
ord1089
ord2396
ord3346
ord1003
ord5302
ord2725
ord1017
ord4698
ord5307
ord1062
ord5714
ord1063
ord2982
ord1032
ord3259
ord4465
ord1068
ord3262
ord2985
ord3081
ord2976
ord3401
ord3830
ord3831
ord3825
ord3079
ord4080
ord1043
ord4424
ord3738
ord561
ord1576
ord1044
ord815
ord6375
ord4486
ord2554
ord1049

Sections

.text
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

000b1ef8b031f36e3a89c9aefebefee5

Headers

File Characteristics

Imports

rasapi32

advapi32

msvcrt

mpr

user32

gdi32

kernel32

mfc42

Sections

.text Size: 256KB - Virtual size: 253KB

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 48KB - Virtual size: 1.9MB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 256KB - Virtual size: 253KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 48KB - Virtual size: 1.9MB

.rsrc
Size: 12KB - Virtual size: 11KB