39599dd7209d55121b301c3ac40177f3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

39599dd7209d55121b301c3ac40177f3_JaffaCakes118
Size

66KB
MD5

39599dd7209d55121b301c3ac40177f3
SHA1

993f005cb78dc0610d1c21d2ffb9c91420b660e1
SHA256

e451eaaa47532be8d854bfb220f56cc412afd6dcb0ed8da04974b44576659ca0
SHA512

24c07a55faa9a4c9486edf320f151cc1f9f278b4324635889b1b993a970d3adfbcb92cc43fb24ed90ffc6cb505cdc0389328e8d0ce4668367c5ca03c2b6eb7c7
SSDEEP

1536:TkRGP0wsvJ3Q0SqUgeT6UlfI6CbjA5GN3WKlNak58zOw4R:9uvJbeg2ZI6CnPN3D6ROw4R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39599dd7209d55121b301c3ac40177f3_JaffaCakes118

Files

39599dd7209d55121b301c3ac40177f3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a8cb6dfce59266872da57c5abe01c89f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AllocateLocallyUniqueId
CryptSetKeyParam
DeleteService
LookupPrivilegeDisplayNameW
RegisterEventSourceA
AdjustTokenGroups
CryptSetProviderExA
GetCurrentHwProfileA
GetSidLengthRequired
StartServiceA
ObjectPrivilegeAuditAlarmW
LookupAccountSidA
QueryServiceLockStatusW
RegLoadKeyW
FreeSid
OpenSCManagerA
GetMultipleTrusteeW
ClearEventLogA
RegRestoreKeyW
ObjectOpenAuditAlarmW
LogonUserW
RegNotifyChangeKeyValue
GetSecurityDescriptorOwner
AddAuditAccessAce
RegLoadKeyA
SetSecurityDescriptorDacl
RegCreateKeyA
IsValidSecurityDescriptor
GetAce
RegSetValueW
LookupPrivilegeValueW
ReportEventW
ConvertSecurityDescriptorToAccessNamedW
OpenEventLogW
LookupPrivilegeNameA
CryptEnumProviderTypesW
CryptSetHashParam
BuildExplicitAccessWithNameA
CryptHashSessionKey
CryptDecrypt
RegOpenKeyExW
RegCloseKey
GetKernelObjectSecurity
ImpersonateLoggedOnUser
AbortSystemShutdownW

ole32

OleCreateStaticFromData
CoCreateFreeThreadedMarshaler
DllDebugObjectRPCHook
CoQueryProxyBlanket
OleDuplicateData
CoGetInstanceFromFile
CoFreeLibrary
CoFreeUnusedLibraries
MkParseDisplayName
StringFromCLSID
IIDFromString
CoUninitialize
OleUninitialize
OleCreateEx
ReadStringStream
GetRunningObjectTable
OleCreateLink
GetHGlobalFromILockBytes
OleDoAutoConvert
StgSetTimes
OleTranslateAccelerator
OleConvertOLESTREAMToIStorageEx
StgOpenStorageOnILockBytes
IsAccelerator
WriteOleStg
CoUnmarshalHresult
ReadOleStg
StgOpenStorageEx
CoMarshalInterThreadInterfaceInStream
OleCreateFromFile
CoFreeAllLibraries
CoIsOle1Class
CoTaskMemRealloc
CLSIDFromString
UpdateDCOMSettings
CreateGenericComposite
CoRegisterChannelHook
RevokeDragDrop

kernel32

GetThreadPriorityBoost
ResetWriteWatch
SetConsoleTitleW
WriteConsoleOutputCharacterA
IsValidLocale
EnumSystemCodePagesA
Heap32ListFirst
WaitForSingleObjectEx
lstrcat
Toolhelp32ReadProcessMemory
AddAtomW
CreateDirectoryA
GetProcessHeap
VirtualProtect
CopyFileA
GetCurrentDirectoryA
GetAtomNameW
SetThreadLocale
IsSystemResumeAutomatic
EnumResourceTypesA
SetLocalTime
UnmapViewOfFile
OpenMutexW
SetVolumeLabelW
MoveFileA
GetThreadContext
SetMessageWaitingIndicator
GetBinaryTypeA
Heap32Next
GetLogicalDrives
IsDBCSLeadByte
CallNamedPipeW
SetDefaultCommConfigA
SetUnhandledExceptionFilter
GetLogicalDriveStringsA
GetNamedPipeHandleStateW
PeekConsoleInputW
GetLongPathNameW
GetFileType
GetBinaryType
LoadResource
WriteProfileStringA
WritePrivateProfileStringA
FindAtomW
lstrcmp
IsBadWritePtr
EnumDateFormatsA
Process32First
OpenSemaphoreA
CreateEventW
VirtualAlloc
CreateFileA

shlwapi

StrRetToStrW
SHRegDeleteUSValueA
StrChrIA
StrStrIW
SHDeleteValueA
IntlStrEqWorkerA
PathIsLFNFileSpecW
StrToIntExA
StrToIntW
PathIsContentTypeA
PathCanonicalizeW
SHRegOpenUSKeyW
PathIsRelativeW
StrFormatByteSize64A
PathRemoveBackslashW
UrlApplySchemeW
ColorHLSToRGB
PathIsFileSpecA
StrCmpNIW
PathIsDirectoryEmptyA
StrRChrIA
SHRegGetUSValueA
StrCpyNW
PathGetDriveNumberA
PathIsDirectoryW
UrlCombineA
StrRetToBufW
UrlIsA
SHOpenRegStream2W
PathStripToRootW
SHRegWriteUSValueA
ColorAdjustLuma
PathFindNextComponentA
StrTrimW
PathCompactPathW
StrCpyW
PathFindOnPathA
UrlHashA
StrCmpNIA

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a8cb6dfce59266872da57c5abe01c89f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ole32

kernel32

shlwapi

Sections

.text Size: 59KB - Virtual size: 58KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 16KB

.text
Size: 59KB - Virtual size: 58KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 16KB