36eb8851034c9a6d390774158a9edc6e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

36eb8851034c9a6d390774158a9edc6e_JaffaCakes118
Size

320KB
MD5

36eb8851034c9a6d390774158a9edc6e
SHA1

03398683f0c823f18150bb42b37f117d46391384
SHA256

9873796fe73d153a4cae7d212eb3ae523651d755e93bec53c12ac972e3e43ad1
SHA512

33345eea76598df827716260caf6d3f9c34e6d874fe4c3b3fd5d76bd33c62daf3aba12c1012bb72480f8ea10bd3fef8b3915cf5338429acdc27c1c3b08783b97
SSDEEP

6144:M7qs5Y2RxfikjPoYjQzLZZk/5Yc53xVmPXJx4+JBT7PO4VBiTg3:zwxqkjPoYspZS73Apn9MTK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36eb8851034c9a6d390774158a9edc6e_JaffaCakes118

Files

36eb8851034c9a6d390774158a9edc6e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

97f9d55561f8fc51c07438abc88bc565

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyW
DecryptFileW
OpenSCManagerW
GetSidIdentifierAuthority
GetAclInformation
RegReplaceKeyW
SetSecurityDescriptorGroup
GetSecurityDescriptorDacl
LogonUserA
RegCloseKey
EnumDependentServicesW
ReadEventLogA
LsaOpenPolicy
MapGenericMask
DuplicateTokenEx
LockServiceDatabase
RegQueryMultipleValuesW
QueryServiceStatus
GetUserNameW
SetSecurityDescriptorDacl
QueryServiceLockStatusA
LsaAddAccountRights
RegEnumValueW
LogonUserW
OpenServiceW
InitializeSecurityDescriptor
SetNamedSecurityInfoA
OpenEventLogA
GetAuditedPermissionsFromAclW
GetServiceKeyNameA
BackupEventLogW
UnlockServiceDatabase
NotifyChangeEventLog
RegQueryValueW
AbortSystemShutdownW
GetPrivateObjectSecurity
SetKernelObjectSecurity
CloseEventLog
GetSecurityDescriptorOwner
AccessCheckAndAuditAlarmA
RegRestoreKeyA
GetTrusteeFormA

winmm

DefDriverProc
midiOutMessage
waveOutGetDevCapsA
mmioRead
mixerGetControlDetailsW
SendDriverMessage
midiInPrepareHeader
GetDriverModuleHandle
joySetCapture
mciSendStringW
waveOutSetVolume
waveInOpen
sndPlaySoundA
waveOutGetPosition
waveInStop
midiInUnprepareHeader
midiInOpen
mmioClose
midiOutUnprepareHeader
OpenDriver
midiInStart
midiStreamOut
midiOutShortMsg
waveInMessage
mixerGetLineControlsA
mmioGetInfo
mmioStringToFOURCCA
waveInGetErrorTextW
midiInGetNumDevs
mmioFlush
midiOutReset
mmioRenameW
midiOutCachePatches
mixerGetLineInfoW
midiInGetErrorTextA
waveOutGetNumDevs
midiStreamStop
mixerGetControlDetailsA
waveOutClose
waveInAddBuffer
waveInReset
waveOutGetErrorTextW
waveOutBreakLoop
waveInGetDevCapsW
waveOutUnprepareHeader
mmioInstallIOProcA
midiInClose
waveOutPause
mmioCreateChunk
DrvGetModuleHandle
midiConnect
waveOutWrite
mixerSetControlDetails
waveOutPrepareHeader
midiInGetDevCapsA
joyGetNumDevs
midiStreamPause
mixerGetDevCapsW
midiOutPrepareHeader
midiStreamOpen
mmioSetInfo
auxGetVolume
waveOutGetDevCapsW
joyGetThreshold
auxGetNumDevs
mmioInstallIOProcW
mmioDescend
waveInPrepareHeader
mixerGetID
joyGetPosEx
mmioAscend

mpr

WNetCloseEnum
WNetAddConnection3W
WNetAddConnection2A

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_except_handler3
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_controlfp
_initterm

user32

GetNextDlgGroupItem
MessageBoxExA
InvalidateRgn
MapWindowPoints
CallMsgFilterA
CloseWindowStation
SendMessageCallbackW
GetClipboardFormatNameW
GetClassInfoExA
FindWindowA
DefDlgProcA
GetKeyState
ReuseDDElParam
MenuItemFromPoint
DestroyIcon
ImpersonateDdeClientWindow
PostMessageA
IsCharLowerA
DrawTextExW
DispatchMessageW
GetClassLongA
GetMenuContextHelpId
BringWindowToTop
DestroyCursor
LoadKeyboardLayoutA
DestroyCaret
DdeAccessData
SetWindowLongA
HideCaret
EnumPropsExW
SendMessageTimeoutA
GetWindow
CreateDialogParamA
IsWindowUnicode
LoadBitmapW
VkKeyScanA
InsertMenuW
GetWindowModuleFileNameW
IsWindowEnabled
GetIconInfo
WindowFromPoint
CreateIconFromResourceEx
GetScrollPos
SetDlgItemTextW
GetNextDlgTabItem
EnableWindow
DlgDirSelectComboBoxExA
EndDialog
UnregisterClassW
ChildWindowFromPointEx
CharPrevA
CreateWindowExW
SetClassLongA
DestroyWindow
DialogBoxIndirectParamW
CharPrevW
DefMDIChildProcW
SetTimer
GetKeyboardLayoutNameW
DrawIcon
GetUserObjectSecurity
BlockInput
UnregisterClassA
CallNextHookEx
SetWindowTextA
SetPropA
DrawStateA
GetClassNameW
ChangeDisplaySettingsExW
GetPriorityClipboardFormat
DrawFocusRect
SetDoubleClickTime
DrawMenuBar
CloseDesktop
MoveWindow
GetCaretPos
LoadMenuW
DefDlgProcW

kernel32

GetStartupInfoA
GetModuleHandleA
GlobalGetAtomNameW
GetConsoleMode
EnumResourceLanguagesA
DeleteFileA

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97f9d55561f8fc51c07438abc88bc565

Headers

File Characteristics

Imports

advapi32

winmm

mpr

msvcrt

user32

kernel32

Sections

.text Size: 96KB - Virtual size: 92KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 3.8MB

.rsrc Size: 32KB - Virtual size: 29KB

.text
Size: 96KB - Virtual size: 92KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 3.8MB

.rsrc
Size: 32KB - Virtual size: 29KB