2f720f1547bb25d3d89ef70eb32495cb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2f720f1547bb25d3d89ef70eb32495cb_JaffaCakes118
Size

493KB
MD5

2f720f1547bb25d3d89ef70eb32495cb
SHA1

8c9c6328e3063e7909c8a71e7a702129c47f1db1
SHA256

562e8edce64e7e52f70e8c9b4e739482f29e930cf8f8004676f3c218bb2d8b1a
SHA512

80a02f3b9034ffa41b08f616a7afd694e2f9b0d6746a5ed9b41019d468ac868bf9a681f476982b9690561d6b8c267263886faa99f9da03b6cdf91af754a7099f
SSDEEP

6144:8PVBtQt0FeG9jXzvT8X8jiv5b9yIgYVnAKBfwiG9Glj9UvXMbFofndmLhSKgQBUa:8PilG9jLT4pyIPVntFl9jyfndmLh13

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f720f1547bb25d3d89ef70eb32495cb_JaffaCakes118

Files

2f720f1547bb25d3d89ef70eb32495cb_JaffaCakes118
.exe windows:6 windows x86 arch:x86

7882bc5d4416b5742ea36b1767b4412e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

lpksetup.pdb

Imports

advapi32

EventWrite
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
InitiateShutdownW
EventRegister
EventUnregister
RegQueryInfoKeyW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegGetValueW
RegEnumValueW
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetEntriesInAclW
CreateWellKnownSid
InitializeSecurityDescriptor
RegDeleteKeyW
RegDeleteTreeW
AdjustTokenPrivileges
PrivilegeCheck
LookupPrivilegeValueW
OpenProcessToken

kernel32

OpenProcess
HeapFree
GetProcessHeap
K32EnumProcesses
GetWindowsDirectoryW
GetLastError
TerminateThread
GetModuleHandleW
CreateEventW
CreateMutexW
CreateThread
WaitForMultipleObjectsEx
WaitForSingleObjectEx
SetEvent
ReleaseMutex
GetVersionExW
GetLocaleInfoEx
WriteFile
CreateFileW
GetLocalTime
HeapSetInformation
FormatMessageW
WaitForSingleObject
lstrlenW
RaiseException
LoadLibraryW
GetProcAddress
FreeLibrary
ExpandEnvironmentStringsW
GetModuleFileNameW
ExitProcess
GetCurrentThreadId
GetCommandLineW
QueryFullProcessImageNameW
LeaveCriticalSection
GetFileAttributesW
GetProductInfo
GetSystemTimeAsFileTime
GetTickCount64
GetLocaleInfoW
GetSystemDefaultUILanguage
GetNativeSystemInfo
GetFileMUIPath
GetSystemDirectoryW
SearchPathW
GetCurrentDirectoryW
InterlockedCompareExchange
HeapAlloc
GetThreadPreferredUILanguages
InterlockedExchange
FindClose
GetUserPreferredUILanguages
GetDiskFreeSpaceExW
GetSystemPreferredUILanguages
GetCurrentProcess
NotifyUILanguageChange
SetProcessPreferredUILanguages
GetTempPathW
FindNextFileW
DeleteFileW
RemoveDirectoryW
FindFirstFileW
CreateProcessW
GetExitCodeThread
LocaleNameToLCID
CreateDirectoryW
EnumUILanguagesW
GetUILanguageInfo
GetExitCodeProcess
LocalFree
LocalAlloc
GetCurrentProcessId
CloseHandle
EnterCriticalSection
Sleep
SetLastError
MulDiv
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
VirtualQuery
GetSystemInfo
VirtualFree
VirtualAlloc
VirtualProtect
UnhandledExceptionFilter
TerminateProcess
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
GetStartupInfoW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
InitializeCriticalSection
GetFileAttributesExW

gdi32

SetTextColor
SelectObject
CreateRectRgn
SetBkMode

user32

EndPaint
SetWindowLongW
GetWindowLongW
SetDlgItemTextW
DefWindowProcW
SetActiveWindow
SetForegroundWindow
GetAncestor
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
CharNextW
CharUpperW
MessageBoxW
GetDlgItemTextW
SetCursor
LoadCursorW
GetDlgItem
SendDlgItemMessageW
ExitWindowsEx
DestroyWindow
ShowWindow
EnableWindow
GetDlgCtrlID
GetFocus
UnregisterClassW
AllowSetForegroundWindow
RegisterClassExW
LoadIconW
SystemParametersInfoW
SetTimer
KillTimer
FindWindowW
SendNotifyMessageW
LoadStringW
GetSysColor
SendMessageW
GetParent
SetWindowRgn
GetClientRect
SetWindowPos
RegisterWindowMessageW
CreateWindowExW
GetSystemMetrics
LoadImageW
DestroyIcon
BeginPaint
DrawTextW
MapWindowPoints
InvalidateRect
GetWindowRect
UnregisterClassA

msvcrt

_wfopen
fgetws
_wcsnicmp
iswctype
_isctype
towupper
toupper
iswspace
wcscat_s
_wgetcwd
_wsetlocale
malloc
_ltow_s
wcsncmp
memmove
_wgetenv
wcscpy_s
tolower
sprintf_s
memchr
localeconv
free
_wcsicoll
wcstoul
wcstol
_ftol2
ceil
fclose
_vsnwprintf
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
towlower
wcsncpy_s
wcsstr
??0exception@@QAE@XZ
_wcsicmp
wcschr
_CxxThrowException
iswalpha
memset
memcpy_s
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
memmove_s
__CxxFrameHandler3
_purecall
_controlfp
_onexit
_lock
__dllonexit
_unlock
__uncaught_exception
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
abort
__mb_cur_max
__crtLCMapStringW
__crtGetStringTypeW
setlocale
___mb_cur_max_func
_errno
___lc_handle_func
___lc_codepage_func
__pctype_func
_callnewh
strcspn

ntdll

RtlNtStatusToDosError
RtlGetUILanguageInfo
WinSqmIsOptedIn
RtlGetNtProductType
NtGetMUIRegistryInfo
RtlpSetPreferredUILanguages
NtIsUILanguageComitted
WinSqmAddToStream

shell32

SHGetIDListFromObject
SHCreateItemInKnownFolder
ord28
SHBrowseForFolderW
ord51
SHGetDataFromIDListW
SHBindToFolderIDListParent
SHGetPathFromIDListW
ShellExecuteExW

comctl32

ord17
CreatePropertySheetPageW
PropertySheetW
ord345
ImageList_Destroy
ImageList_Create
ImageList_ReplaceIcon
ord344

ole32

CoGetObject
CoInitialize
CoRegisterClassObject
CoRevokeClassObject
StringFromGUID2
CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize
CoResumeClassObjects
CoSetProxyBlanket
CoInitializeSecurity
CoGetCallContext
CoWaitForMultipleHandles
CoSuspendClassObjects

oleaut32

SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VariantInit
VariantClear
SysFreeString
SysStringLen

slc

SLGetWindowsInformationDWORD
SLGetWindowsInformation

dpx

DpxNewJob

shlwapi

PathFindExtensionW
StrStrIW
StrStrNW
StrCmpIW
StrRetToStrW
ord158
PathFileExistsW
PathRemoveFileSpecW
ord219
PathMatchSpecExW
PathRemoveBackslashW
PathIsDirectoryW

Sections

.text
Size: 331KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ubwhbln
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7882bc5d4416b5742ea36b1767b4412e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ntdll

shell32

comctl32

ole32

oleaut32

slc

dpx

shlwapi

Sections

.text Size: 331KB - Virtual size: 331KB

.data Size: 1024B - Virtual size: 19KB

.rsrc Size: 111KB - Virtual size: 111KB

.reloc Size: 48KB - Virtual size: 49KB

ubwhbln Size: - Virtual size: 4KB

.text
Size: 331KB - Virtual size: 331KB

.data
Size: 1024B - Virtual size: 19KB

.rsrc
Size: 111KB - Virtual size: 111KB

.reloc
Size: 48KB - Virtual size: 49KB

ubwhbln
Size: - Virtual size: 4KB