29a9be76e8ae7906dfd7cb7934741293_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

29a9be76e8ae7906dfd7cb7934741293_JaffaCakes118
Size

153KB
MD5

29a9be76e8ae7906dfd7cb7934741293
SHA1

850d6de198f687864c08c84ca03c1ef1dad78437
SHA256

77ffe4f6d775e4d35923c88455d377e333746d7cb847719ee42d6b4794200a69
SHA512

6e078a21f7ba839cca9c6bf584713751f933b9f95e582e0cd52c87e246b0e17f42244e1135c4cde0f179b87893ed2013014ead9397a967c8d4acc5f568f3ac89
SSDEEP

3072:thB9/ol6WXNbX6dljfpahhsXiEOYUZrH/MvyP3JkmFLaNeYxs/4LWTsIvynfu:thB9/XWXRKdl7A8XUrRfZKoZ10

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29a9be76e8ae7906dfd7cb7934741293_JaffaCakes118

Files

29a9be76e8ae7906dfd7cb7934741293_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f9b3db5cdef08c1a56cf03b38726fe80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
LoadLibraryA
LoadResource
LocalSize
GetWindowsDirectoryW
InterlockedExchange
WaitForSingleObject
InterlockedDecrement
EnterCriticalSection
CompareStringW
GetTickCount
LocalFree
TerminateProcess
lstrcpyW
QueryPerformanceCounter
GetCurrentProcessId
LeaveCriticalSection
GetCurrentThread
FreeLibrary
GlobalLock
FindResourceW
RaiseException
GetModuleFileNameW
FormatMessageW
lstrcmpiW
DeleteCriticalSection
GetCurrentThreadId
lstrcatW
GetModuleHandleW
CreateThread
GetSystemTimeAsFileTime
LockResource
InterlockedIncrement
LoadLibraryW
GlobalUnlock
FreeLibraryAndExitThread
SetLastError
InitializeCriticalSection
DisableThreadLibraryCalls
CloseHandle
lstrlenW
lstrcpynW
GetProcAddress

ole32

CoCreateInstance
CoInitialize
CoUninitialize
ReleaseStgMedium

gdi32

SetBkMode
DeleteObject
GetObjectW
SetBkColor
SetTextColor
GetTextExtentPoint32W
CreateFontIndirectW

ntdll

NtAllocateVirtualMemory
NtQueryVirtualMemory
RtlLengthSid
RtlFreeUnicodeString
_itow
wcslen
NtFilterToken
_chkstk

dhcpcsvc

DhcpRegisterOptions

shlwapi

StrChrW
PathAppendW
StrRChrW

advapi32

RegCloseKey
LookupAccountSidW
RegOpenKeyExA
SetThreadToken
LsaQueryInformationPolicy
LsaLookupSids
DuplicateTokenEx
GetSidSubAuthority
GetWindowsAccountDomainSid
ConvertSidToStringSidW
GetSidSubAuthorityCount
CopySid
RegQueryValueExA
OpenThreadToken
EqualSid
InitializeAcl
LookupAccountNameW
LsaOpenPolicy
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetLengthSid
LsaClose
SetSecurityDescriptorOwner
GetSecurityDescriptorDacl
LsaFreeMemory
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
OpenProcessToken
EqualPrefixSid
IsValidSid
SetSecurityDescriptorSacl
AdjustTokenPrivileges
GetTokenInformation
GetSecurityDescriptorControl

user32

RegisterClassW
FrameRect
MapWindowPoints
GetSysColorBrush
ShowWindow
IsDlgButtonChecked
EndDialog
DefWindowProcW
DialogBoxParamW
EnableWindow
OffsetRect
ReleaseDC
LoadBitmapW
GetDC
SetWindowTextW
CreateWindowExW
GetDlgItem
InflateRect
DrawFocusRect
SendMessageW
CheckDlgButton
DestroyWindow
RegisterWindowMessageW
GetWindow
GetFocus
GetSysColor
LoadCursorW
SetCursor
SetWindowLongW
SetDlgItemTextW
ShowScrollBar
PostMessageW
SetWindowPos
IsWindowEnabled
GetWindowLongW
SetScrollPos
GetScrollInfo
SystemParametersInfoW
SendDlgItemMessageW
ScreenToClient
WinHelpW
RegisterClipboardFormatW
MessageBoxW
GetParent
GetWindowRect
GetClientRect
ScrollWindow
MoveWindow
LoadIconW
ChildWindowFromPoint
LoadStringW
GetDlgCtrlID
GetSystemMetrics
GetWindowTextW
SetFocus
GetDlgItemTextW
MapDialogRect
SetScrollInfo

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9b3db5cdef08c1a56cf03b38726fe80

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

gdi32

ntdll

dhcpcsvc

shlwapi

advapi32

user32

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 352KB

.rsrc Size: 133KB - Virtual size: 133KB

.reloc Size: 512B - Virtual size: 20B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 352KB

.rsrc
Size: 133KB - Virtual size: 133KB

.reloc
Size: 512B - Virtual size: 20B