307a3240344491657643a796a9e0acbb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

307a3240344491657643a796a9e0acbb_JaffaCakes118
Size

363KB
MD5

307a3240344491657643a796a9e0acbb
SHA1

f8d8c02348230a94f9103d09d7c4dc6f8abf6dc0
SHA256

e47b9ee68a9f74aebba1bf17bebbcaf3e9eafe61e71575124bb3b9ac9c5d6069
SHA512

1dbd38b6c1151d606fe72d03fa2540cd95b48a777c54ac035ed22e22105acd22d6a58a1195179e73e186f01a69df0893ba19ccbd1646f4e8c33c2e1de5d6ae7e
SSDEEP

6144:LubEiQJVF4ZNupK8MR/odJRsPmGOVQxZD26FGjKTHGRMMG2x1z/w5qB:LdiaLsoKsJRsvXD26FVTHexu5W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
307a3240344491657643a796a9e0acbb_JaffaCakes118

Files

307a3240344491657643a796a9e0acbb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0cd612a688cc00b923c6ae207366a740

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

ntdll

RtlpNtSetValueKey
ZwSaveKeyEx
ZwQuerySymbolicLinkObject
RtlZeroMemory
NtReadFile
NtResetWriteWatch
RtlFillMemory
_stricmp
KiUserCallbackDispatcher
NtPlugPlayControl
memcpy
RtlNtPathNameToDosPathName
NtSetSystemTime
RtlRemoveVectoredExceptionHandler
NtDebugContinue
RtlRegisterSecureMemoryCacheCallback
ZwSetDefaultUILanguage
ZwSetVolumeInformationFile
NtAccessCheckByType
ZwAreMappedFilesTheSame
RtlTraceDatabaseCreate
RtlSetSaclSecurityDescriptor
ZwSuspendThread
RtlAppendPathElement
RtlDeleteElementGenericTableAvl
NtSetTimerResolution
RtlCreateQueryDebugBuffer

ssdpapi

FreeSsdpMessage
DeregisterService
FindServices
RegisterNotification
DeregisterNotification
GetNextService
RegisterService
FindServicesCallback
SsdpCleanup
SsdpStartup
GetFirstService
CleanupCache
DHSetICSOff
FindServicesCancel
FindServicesClose
DHSetICSInterfaces

msls31

LsQueryLineDup
LsQueryTextCellDetails
LsSetModWidthPairs
LssbFIsSublineEmpty
LsdnDistribute
LssbGetObjDimSubline
LsDestroySubline
LsQueryPointPcpSubline
LsQueryLinePointPcp
LsLwMultDivR
LssbGetVisibleDcpInSubline
LsdnSkipCurTab
LsdnSetRigidDup
LsPointXYFromPointUV
LsQueryCpPpointSubline
LsdnFinishRegularAddAdvancePen
LsGetReverseLsimethods
LsdnQueryObjDimRange
LsSetDoc
LsCreateLine
LsdnResetObjDim
LssbGetDurTrailInSubline
LsEnumLine
LsDisplaySubline
LsGetLineDur
LssbFDonePresSubline
LsQueryFLineEmpty
LsGetMinDurBreaks
LsdnFinishByOneChar
LssbFDoneDisplay
LsSqueezeSubline
LsdnSetAbsBaseLine
LssbGetDupSubline
LsTruncateSubline
LsFetchAppendToCurrentSublineResume
LsdnResetPenNode
LsdnFinishByPen

kernel32

OutputDebugStringA
GetLocaleInfoA
GetProcessHeaps
GetCurrentThread
GlobalWire
SetConsoleMenuClose
SetLocaleInfoA
CreateProcessInternalA
GlobalFlags
CreateJobObjectW
VirtualAlloc
SetWaitableTimer
TerminateJobObject
GetConsoleCP
CopyLZFile
GetDefaultCommConfigA
GetCurrentProcess
QueryDosDeviceW
GetNamedPipeHandleStateW
GetTempPathW
ReadConsoleA
EnumSystemGeoID
OpenFileMappingW
FreeEnvironmentStringsW
LockFileEx
ResetWriteWatch
_lwrite
EnumResourceTypesA
DeleteFileA
lstrcpyW
SetTapeParameters
GetCPInfoExW
GetProcessIoCounters
SetConsoleCtrlHandler
WTSGetActiveConsoleSessionId
LocalAlloc
OpenFileMappingA
GetCommModemStatus
GetBinaryType
BaseCleanupAppcompatCacheSupport
GlobalGetAtomNameW
TlsGetValue
InterlockedFlushSList
LCMapStringW
FoldStringA
UpdateResourceA
SetConsoleCursorPosition
FillConsoleOutputCharacterA
GetCurrentDirectoryA
SetMessageWaitingIndicator
Thread32First
GetConsoleProcessList
ChangeTimerQueueTimer
QueryPerformanceCounter
CreateWaitableTimerW
OpenMutexA
FindNextVolumeMountPointA
GetVersionExA
OpenMutexW
WriteConsoleA
LockFile
WriteConsoleOutputCharacterW
GetStringTypeExA
FindActCtxSectionStringA
WriteProfileSectionA
SetPriorityClass
WriteConsoleOutputW
GlobalMemoryStatus
TlsAlloc
RegisterConsoleVDM
BaseUpdateAppcompatCache
RemoveLocalAlternateComputerNameW
GetConsoleCommandHistoryLengthA
CreateConsoleScreenBuffer
GetUserGeoID
CreateIoCompletionPort
FindFirstFileA
LoadLibraryA
EraseTape
HeapSummary
GetEnvironmentStringsW
GetPrivateProfileIntA
RegisterConsoleIME
SetFirmwareEnvironmentVariableA
MapUserPhysicalPages
RestoreLastError
FindFirstVolumeMountPointA

msvcrt40

_strncoll
ctime
rewind
??_Gostream@@UAEPAXI@Z
_wcsnset
??_Gistream@@UAEPAXI@Z
??6ostream@@QAEAAV0@G@Z
_safe_fdivr
?xsputn@streambuf@@UAEHPBDH@Z
?ws@@YAAAVistream@@AAV1@@Z
is_wctype
_cputs
??_Estrstream@@UAEPAXI@Z
_ismbclegal
fflush
_wpopen
_locking
??0istrstream@@QAE@PAD@Z
_wputenv
??1istrstream@@UAE@XZ
?rdbuf@ios@@QBEPAVstreambuf@@XZ
?tie@ios@@QAEPAVostream@@PAV2@@Z
_fmode
_dup
?x_curindex@ios@@0HA
?terminate@@YAXXZ
?out_waiting@streambuf@@QBEHXZ
?str@ostrstream@@QAEPADXZ
_ismbcl1
_loaddll
??1istream_withassign@@UAE@XZ

osuninst

GetUninstallImageSize
ProvideUiAlerts
RemoveUninstallImage
ExecuteUninstall
IsUninstallImageValid

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 491KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0cd612a688cc00b923c6ae207366a740

Headers

File Characteristics

Imports

ntdll

ssdpapi

msls31

kernel32

msvcrt40

osuninst

Sections

.text Size: 78KB - Virtual size: 78KB

.rdata Size: 119KB - Virtual size: 119KB

.data Size: 1024B - Virtual size: 491KB

.rsrc Size: 162KB - Virtual size: 162KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 78KB - Virtual size: 78KB

.rdata
Size: 119KB - Virtual size: 119KB

.data
Size: 1024B - Virtual size: 491KB

.rsrc
Size: 162KB - Virtual size: 162KB

.reloc
Size: 1KB - Virtual size: 1KB