3089d988d393148a253f1d03fa5c4c69_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3089d988d393148a253f1d03fa5c4c69_JaffaCakes118
Size

29KB
MD5

3089d988d393148a253f1d03fa5c4c69
SHA1

692145b6a0bd10fd82137b5599942a25abe9fa5d
SHA256

e787812aaed74e5ddba03ad30bd431b49a98a49b8b72a1a128eab428bf2372af
SHA512

41f0a50e29247a4e93608b6fb4b8ed5cc8ac7dd7d54a7e629e97cbe3361f2b46dcce1b4031e5cfcb00c656fa6d4663e54ee6d010b23e156b9ebc2f6fb6365828
SSDEEP

768:HJfItVNFXCtccnGGGhY0CY95RtwMYQsEEcYQYQs/AYFmQWWtehNnn:H5EFXCtIGGhY0CYLYRjen

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3089d988d393148a253f1d03fa5c4c69_JaffaCakes118

Files

3089d988d393148a253f1d03fa5c4c69_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f5f438da2118b0a692bb8f9b5230ed43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoTaskMemFree
OleUninitialize
OleInitialize

advapi32

RegFlushKey
RegUnLoadKeyW
AllocateAndInitializeSid
ConvertSidToStringSidA
RegOpenKeyExA
LookupPrivilegeValueW
RegDeleteValueW
RegCloseKey
ControlTraceA
FreeSid
RegEnumValueW
CredRenameW
BuildTrusteeWithNameA
RegDeleteKeyW
AdjustTokenPrivileges
RegLoadKeyW
CreateServiceW
RegQueryValueExA
RegCreateKeyExW
RegSetValueW
RegSetValueExW
EqualSid
OpenProcessToken
CancelOverlappedAccess

setupapi

SetupCloseInfFile
SetupInstallFromInfSectionW
SetupFindNextLine
SetupCloseFileQueue
SetupGetStringFieldW
SetupGetLineTextW
SetupOpenAppendInfFileW
SetupFindFirstLineW
SetupQueueCopyW
SetupOpenFileQueue
SetupCommitFileQueueW
SetupOpenInfFileW
SetupTermDefaultQueueCallback
SetupDefaultQueueCallbackW
SetupInitDefaultQueueCallbackEx
SetupSetDirectoryIdW

rpcrt4

RpcStringFreeW

gdi32

DeleteObject
GetStockObject
GetDeviceCaps
GetObjectW
CreateFontIndirectW

kernel32

CloseHandle
MulDiv
LocalFree
SearchPathW
GetLastError
RtlUnwind
UnmapViewOfFile
FormatMessageW
lstrlenW
GetDriveTypeW
GetSystemDirectoryW
LoadResource
GetTempFileNameW
FindResourceExW
MapViewOfFileEx
SetLastError
lstrcmpiA
GetTickCount
WritePrivateProfileStringW
FindClose
lstrlenA
GetWindowsDirectoryW
GetModuleFileNameW
MultiByteToWideChar
GetPrivateProfileIntW
GetStartupInfoA
GetSystemInfo
GetProfileStringW
GetVolumeInformationW
InterlockedExchange
SetUnhandledExceptionFilter
CreateFileW
SetFileAttributesW
FindNextFileW
lstrcmpW
WritePrivateProfileSectionW
GetDiskFreeSpaceW
UnhandledExceptionFilter
GetFileAttributesW
CreateFileMappingW
LocalReAlloc
FindFirstFileW
LockResource
Sleep
CreateDirectoryW
GetCurrentProcessId
GetProcAddress
LoadLibraryExW
CopyFileW
DisableThreadLibraryCalls
ExpandEnvironmentStringsW
QueryPerformanceCounter
LoadLibraryW
LocalAlloc
GetVersionExW
GetSystemDefaultUILanguage
WriteFile
FreeLibrary
SetFileTime
GetEnvironmentVariableW
GetTempPathW
MoveFileW
MoveFileExW
EnumResourceLanguagesW
CompareStringW
GetSystemTimeAsFileTime
GetUserDefaultUILanguage
GetCurrentThreadId
GetFullPathNameW
RemoveDirectoryW
SetFilePointer
GetLocalTime
FindResourceW
GetFileTime
GetPrivateProfileSectionW
DeleteFileW
CreateProcessW
SizeofResource
GetCurrentProcess
ReadFile
WideCharToMultiByte
GetPrivateProfileStringW
lstrcmpiW
InterlockedCompareExchange
GetFileSize
MapViewOfFile
TerminateProcess

ntdll

RtlAdjustPrivilege
NtAllocateVirtualMemory

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

user32

ShowWindow
GetDesktopWindow
MsgWaitForMultipleObjects
GetDlgItem
OemToCharA
MessageBeep
DispatchMessageW
CreateDialogParamW
SetDlgItemTextW
PeekMessageW
ReleaseDC
DialogBoxParamW
CharPrevW
SetWindowPos
CharNextW
EnableWindow
CharUpperW
LoadStringW
ExitWindowsEx
CharNextA
EndDialog
SendMessageW
SendDlgItemMessageW
GetWindowRect
GetDC
GetSystemMetrics
IsWindow
MessageBoxW
DestroyWindow
UpdateWindow
SetWindowTextW
GetDlgItemTextW

msvcrt

_vsnwprintf
_wcsnicmp
memset
malloc
_initterm
_amsg_exit
longjmp
_setjmp3
memcpy
_XcptFilter
_wtoi
_wcsicmp
memmove
free
_adjust_fdiv
_vsnprintf
bsearch
_ultow
_wtol

shlwapi

PathAppendW
PathFileExistsW
PathBuildRootW
PathAddBackslashW
StrChrW
StrRChrW
StrStrIW
PathCombineW
PathRemoveFileSpecW

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f5f438da2118b0a692bb8f9b5230ed43

Headers

DLL Characteristics

File Characteristics

Imports

ole32

advapi32

setupapi

rpcrt4

gdi32

kernel32

ntdll

version

user32

msvcrt

shlwapi

Sections

.text Size: 7KB - Virtual size: 6KB

.rsrc Size: 11KB - Virtual size: 11KB

.data Size: 5KB - Virtual size: 40KB

.rdata Size: 5KB - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 11KB - Virtual size: 11KB

.data
Size: 5KB - Virtual size: 40KB

.rdata
Size: 5KB - Virtual size: 4KB