282c90a85b2b1e685b11391cb40a4045_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

282c90a85b2b1e685b11391cb40a4045_JaffaCakes118
Size

60KB
MD5

282c90a85b2b1e685b11391cb40a4045
SHA1

1336f9b8b10ec505726cf5e351080cf7a5262df1
SHA256

fe470b3077bd9f04ec144664aae3c4e835e1d4254c3d7323b70d1e3bbfb786e3
SHA512

ccc1fbcaa3527d16357654fc9e4c254d9035846ce7e16d5c32c2e40b208acf71fc8a0de673b204765b66654d97c5f403d71a97ec40cf59f39fed79a12eb4e132
SSDEEP

1536:eUsXJ3Ueurm0gNA6FSVwlLn2RJjEkhoK:Fi3UeAgNAigwlmboK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
282c90a85b2b1e685b11391cb40a4045_JaffaCakes118

Files

282c90a85b2b1e685b11391cb40a4045_JaffaCakes118
.exe windows:5 windows x86 arch:x86

52a095dc581709450e42fb28e092b4a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

SystemFunction008
CreateProcessWithLogonW
EnableTrace
FreeEncryptedFileKeyInfo
GetSecurityDescriptorGroup
SaferIdentifyLevel
CryptGetProvParam
DeleteService
LsaLookupNames
GetAccessPermissionsForObjectW
EnumerateTraceGuids
SaferComputeTokenFromLevel
LsaSetQuotasForAccount
ComputeAccessTokenFromCodeAuthzLevel
WmiQuerySingleInstanceMultipleA
SystemFunction022
CredReadW
EnumServicesStatusExA
RegisterEventSourceA
ElfReportEventA
BuildTrusteeWithNameA
UnlockServiceDatabase
SetEntriesInAclW
RegQueryInfoKeyW

user32

GetWindowModuleFileName
ClientThreadSetup
RealGetWindowClass
DdeDisconnect
GetLastInputInfo
DdeInitializeA
PackDDElParam
DrawTextW
GetUpdateRect
GetTitleBarInfo
LockWindowStation
IsCharUpperW
TranslateAccelerator
IMPQueryIMEA
CharPrevW
DlgDirListA
EnumDesktopWindows
LoadKeyboardLayoutW
GetDC
DdeEnableCallback
CallMsgFilterA
CharToOemBuffW
GetFocus
GetDCEx
CreatePopupMenu

kernel32

OpenSemaphoreW
WriteFileEx
VirtualUnlock
WritePrivateProfileStringW
BuildCommDCBA
FindFirstVolumeA
DebugBreakProcess
LoadLibraryA
GetCommMask
VerifyConsoleIoHandle
CreateRemoteThread
RtlCaptureStackBackTrace
GetFileAttributesW
CreateFileMappingW
GetProcessPriorityBoost
GetConsoleTitleW
GetFileAttributesExW
HeapWalk
SetConsoleScreenBufferSize
VirtualAlloc
EnumResourceTypesW
GetSystemWow64DirectoryA
GetStartupInfoA
CreateProcessW
HeapCreate
GetSystemDefaultUILanguage
MapViewOfFileEx
GetProcessHeap

dbghelp

SymMatchFileName
SymEnumSourceFiles
SearchTreeForFile
SymEnumerateSymbols
SymEnumSymbols
WinDbgExtensionDllInit
FindFileInSearchPath
FindDebugInfoFile
SymGetSearchPath
SymLoadModuleEx
SymGetSymNext64
SymGetLineNext64
ImagehlpApiVersion
ImageRvaToSection
SymGetModuleInfoW
MiniDumpWriteDump
SymCleanup
SymUnloadModule64
SymGetSymPrev
SymGetSymFromAddr
SymFindFileInPath
FindExecutableImage
ImageDirectoryEntryToDataEx
StackWalk64
UnDecorateSymbolName
SymEnumerateModules
SymGetModuleInfo
dbghelp

gdi32

SetPixel
DdEntry10
GdiTransparentBlt
SelectClipRgn
GdiCreateLocalMetaFilePict
GdiDeleteSpoolFileHandle
DdEntry32
SetArcDirection
SetPixelFormat
GetPaletteEntries
GetLayout
GdiGradientFill
CreatePen
DdEntry28
ChoosePixelFormat
SetColorAdjustment
ArcTo
GdiConvertBrush
DdEntry25
ScaleWindowExtEx
EngStretchBlt
PatBlt
Escape
DdEntry17
EnumMetaFile
GdiEntry14
RemoveFontResourceExA
DdEntry4

cfgmgr32

CM_Merge_Range_List
CM_Get_DevNode_Registry_PropertyW
CM_Set_HW_Prof_Ex
CM_Get_Class_Registry_PropertyA
CM_Free_Res_Des
CM_Find_Range
CM_Free_Range_List
CM_Create_Range_List
CM_Delete_Class_Key
CM_Free_Log_Conf_Handle
CM_Get_Class_Name_ExA
CM_Enumerate_EnumeratorsW
CM_Get_Next_Res_Des
CM_Get_Device_Interface_Alias_ExA
CM_Register_Device_Driver
CM_Get_Device_Interface_List_SizeW
CM_Set_HW_Prof_FlagsA
CM_Get_Next_Log_Conf_Ex
CM_Is_Dock_Station_Present
CM_Run_Detection_Ex
CM_Open_DevNode_Key
CM_Get_Version
CM_Get_DevNode_Registry_PropertyA

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52a095dc581709450e42fb28e092b4a6

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

user32

kernel32

dbghelp

gdi32

cfgmgr32

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 14KB - Virtual size: 103KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 336B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 14KB - Virtual size: 103KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 336B