3e48c4ac71a4e76bf10b62330ae97d41_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3e48c4ac71a4e76bf10b62330ae97d41_JaffaCakes118
Size

247KB
MD5

3e48c4ac71a4e76bf10b62330ae97d41
SHA1

0a8890b31854aa37f5f3d193b3bf6e9703138091
SHA256

b8adc084439711fa68a767c7459676499f38b723ca8f8ea63a580b2ba625a80e
SHA512

aac1e93f64477739d5317af50d9e467914943f8c5a5c56afd419252f112e7ad2eb24b2700badba8d5e221d1d0d53427f632c77ef150a635a9fcf72dc9d3b0193
SSDEEP

6144:LpkZBvOXE/IHRnb2DU2lgWLPL9CmugcV8Th4R0:KZcRnb2I2ljL9C6tSR0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e48c4ac71a4e76bf10b62330ae97d41_JaffaCakes118

Files

3e48c4ac71a4e76bf10b62330ae97d41_JaffaCakes118
.exe windows:6 windows x86 arch:x86

8e77ec48b163d6540e6302ab19cfd5f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Mats_Run_Elevated.pdb

Imports

advapi32

FreeSid
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
CheckTokenMembership
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetSidSubAuthority
GetSidSubAuthorityCount
IsValidSid
CreateProcessAsUserW
DuplicateTokenEx
SetTokenInformation
ConvertStringSidToSidW
CreateRestrictedToken
ConvertSidToStringSidW
EqualSid
GetSidIdentifierAuthority
EqualPrefixSid
LookupAccountSidW
OpenThreadToken
RegOpenCurrentUser
SetThreadToken
RegQueryValueExW
RevertToSelf
LookupAccountNameW

kernel32

lstrcmpiW
SetEvent
ReleaseSemaphore
SetFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
LockResource
LoadResource
FindResourceExW
SetLastError
LocalAlloc
WideCharToMultiByte
GetLocaleInfoW
GetUserDefaultUILanguage
Sleep
MultiByteToWideChar
MulDiv
FindResourceW
LoadLibraryExW
lstrlenW
FormatMessageW
CreateFileW
GetCommandLineW
CreateProcessW
GetExitCodeThread
WaitForMultipleObjects
LeaveCriticalSection
ExpandEnvironmentStringsW
GetEnvironmentVariableW
RemoveDirectoryW
FindNextFileW
SetFileAttributesW
FindFirstFileW
lstrcmpA
GetSystemDirectoryW
FileTimeToSystemTime
GetFileAttributesExW
CreateFileMappingW
SetEnvironmentVariableW
GetLocalTime
SetFilePointer
GetTickCount
HeapSetInformation
CompareStringW
CreateDirectoryW
InitializeCriticalSection
MapViewOfFile
WaitForSingleObject
GetCurrentThreadId
GetVersionExA
DeleteFileW
WriteFile
UnmapViewOfFile
GetVersionExW
LoadLibraryW
GetExitCodeProcess
InterlockedIncrement
GetModuleHandleW
GetProcAddress
GetCurrentProcess
FlushInstructionCache
GetModuleFileNameW
HeapAlloc
GetProcessHeap
HeapFree
EnumResourceNamesW
EnumResourceLanguagesW
GetFileSizeEx
MapViewOfFileEx
EnumUILanguagesW
GetComputerNameW
GetCurrentThread
SystemTimeToFileTime
DebugBreak
SearchPathW
GetSystemDefaultUILanguage
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
GetStartupInfoW
InterlockedCompareExchange
VirtualAlloc
VirtualFree
LoadLibraryA
GetVersion
EnterCriticalSection
RaiseException
InterlockedExchange
LocalFree
GetNativeSystemInfo
FindClose
GetFileAttributesW
FreeLibrary
InterlockedDecrement
DeleteCriticalSection
CreateEventW
GetLastError
CreateSemaphoreW
InitializeCriticalSectionAndSpinCount
GlobalFree
CloseHandle
CreateThread

gdi32

SelectObject
CreateFontIndirectW
CreateSolidBrush
SetBkColor
ExtTextOutW
GetTextMetricsW
DeleteDC
GetDeviceCaps
GetObjectW
IntersectClipRect
RestoreDC
SaveDC
BitBlt
SetTextColor
SetBkMode
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject

user32

MsgWaitForMultipleObjects
SetForegroundWindow
DefWindowProcW
CharNextW
DestroyWindow
DialogBoxParamW
GetWindowLongW
GetWindowRect
GetClientRect
InvalidateRect
GetParent
MapWindowPoints
FillRect
DrawTextW
EndPaint
GetFocus
DrawIconEx
GetIconInfo
DrawFocusRect
DrawFrameControl
DispatchMessageW
CallWindowProcW
PtInRect
IsWindowEnabled
GetDC
GetSysColor
SetRect
GetDlgItem
GetSystemMetrics
PostMessageW
SetWindowTextW
GetSystemMenu
MoveWindow
UpdateWindow
ShowWindow
GetDlgCtrlID
SetWindowPos
SystemParametersInfoW
GetWindow
PostQuitMessage
UnregisterClassA
ReleaseDC
EnableMenuItem
DestroyMenu
LoadIconW
EnumChildWindows
CreateDialogParamW
EndDialog
CreateWindowExW
EnableWindow
SetFocus
GetSysColorBrush
PeekMessageW
SendMessageW
SetWindowLongW
InflateRect
MessageBoxW
GetWindowTextLengthW
GetWindowTextW
GetMessageW
BeginPaint
TranslateMessage

msvcrt

realloc
malloc
wcstoul
_wtol
bsearch
memcpy
free
__set_app_type
_wcsnicmp
wcsncmp
_vsnwprintf
ungetc
_fileno
_read
__pioinfo
__badioinfo
wcstombs
iswctype
wctomb
localeconv
isxdigit
isleadbyte
__mb_cur_max
mbtowc
isdigit
_controlfp
??1type_info@@UAE@XZ
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_purecall
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
calloc
_errno
__CxxFrameHandler
iswspace
wcsstr
wcsrchr
memmove
wcschr
_wcsicmp
_CxxThrowException
memset

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
StringFromGUID2
CoCreateGuid
CoTaskMemFree
CoInitializeEx

oleaut32

VariantInit
SysStringByteLen
VariantChangeType
SysFreeString
VariantClear
SysAllocString
SysStringLen
VarUI4FromStr

crypt32

CryptMsgGetParam
CryptDecodeObject
CryptQueryObject
CryptMsgClose

wintrust

WinVerifyTrust

shell32

ShellExecuteExW
SHGetFolderPathW
CommandLineToArgvW
ShellExecuteW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ntdll

RtlUnwind

wininet

InternetGetCookieW
InternetSetCookieW

rpcrt4

UuidFromStringW
UuidToStringW
UuidCreate
RpcStringFreeW

winhttp

WinHttpOpen
WinHttpReadData
WinHttpSetTimeouts
WinHttpDetectAutoProxyConfigUrl
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpConnect
WinHttpOpenRequest
WinHttpSetOption
WinHttpQueryHeaders
WinHttpCrackUrl
WinHttpCloseHandle

comctl32

_TrackMouseEvent
ImageList_GetImageCount
ImageList_GetIcon

uxtheme

OpenThemeData
ord47

userenv

ExpandEnvironmentStringsForUserW

netapi32

NetUserGetLocalGroups
NetLocalGroupGetMembers
NetApiBufferFree

Sections

.text
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e77ec48b163d6540e6302ab19cfd5f8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ole32

oleaut32

crypt32

wintrust

shell32

version

ntdll

wininet

rpcrt4

winhttp

comctl32

uxtheme

userenv

netapi32

Sections

.text Size: 215KB - Virtual size: 214KB

.data Size: 3KB - Virtual size: 13KB

.rsrc Size: 102KB - Virtual size: 101KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 215KB - Virtual size: 214KB

.data
Size: 3KB - Virtual size: 13KB

.rsrc
Size: 102KB - Virtual size: 101KB

.reloc
Size: 11KB - Virtual size: 11KB