3f6d560ec4c9e144d8d0b0248e7137a2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3f6d560ec4c9e144d8d0b0248e7137a2_JaffaCakes118
Size

695KB
MD5

3f6d560ec4c9e144d8d0b0248e7137a2
SHA1

fa753edadc74412c48fec17cba54922fbf484269
SHA256

bc04b2144c5f6526085ad33d22701f6ed60023985b581ae2798959e9fde91905
SHA512

ab499e57432a77aae4cf08ff2ae2dcf174d58f3e854376932a51301f3cf8d3871167fc8b53e0eb7f810153871bd36e3bec7863cb13fa08173c871f4bc2d8a00c
SSDEEP

12288:QsG5OkBcTxs91nLITQI1xfvuYZyFMUwk3LK22yD5CvI40Vp9:EcFWQQI1xuYZyFMUwk+22yD5CvI40

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f6d560ec4c9e144d8d0b0248e7137a2_JaffaCakes118

Files

3f6d560ec4c9e144d8d0b0248e7137a2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

06c201495c77ad9866c7c92f0169f9d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

remove
_open
_read
_write
_close
_lseek
_tempnam
__doserrno
swscanf
_wcsicmp
memmove
wcscmp
swprintf
_CxxThrowException
_vsnwprintf
_beginthreadex
_ftol
iswspace
memchr
_wcsdup
_stricmp
_wtoi
iswcntrl
_strnicoll
__CxxFrameHandler
_purecall
wcslen
realloc
free
malloc
_errno
_except_handler3
_controlfp
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
wcschr
wcscpy
wcscat
_wcsnicmp
wcsncpy
wcsrchr

advapi32

CryptReleaseContext
AddAccessAllowedAce
AllocateAndInitializeSid
RevertToSelf
CloseServiceHandle
OpenServiceW
OpenSCManagerW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
DeleteService
ControlService
ChangeServiceConfig2W
CreateServiceW
DuplicateTokenEx
CreateProcessAsUserW
LogonUserW
CryptImportKey
CryptVerifySignatureW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptEncrypt
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
FreeSid
RegEnumKeyW
RegQueryValueExW
RegConnectRegistryW
ReportEventW
DeregisterEventSource
RegisterEventSourceW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
RegGetKeySecurity
GetFileSecurityW
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
IsValidAcl
AddAce
GetAce
GetAclInformation
EqualSid
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetSecurityDescriptorControl
SetSecurityDescriptorControl
SetSecurityDescriptorDacl
SetThreadToken
AccessCheck
MapGenericMask
IsValidSecurityDescriptor
CopySid
GetLengthSid
GetTokenInformation
OpenThreadToken
LookupAccountNameW
ConvertStringSidToSidW
LookupAccountSidW
InitializeAcl
AddAccessAllowedAceEx
AddAccessDeniedAceEx
AddAuditAccessAceEx
AddAccessAllowedObjectAce
AddAccessDeniedObjectAce
AddAuditAccessObjectAce
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetFileSecurityW
RegSetKeySecurity
LsaClose
LsaNtStatusToWinError
LsaAddAccountRights
LsaOpenPolicy

kernel32

GetSystemDirectoryW
GetProcAddress
CreateThread
GetCurrentThreadId
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
IsDBCSLeadByte
CompareStringA
SetThreadPriority
FormatMessageW
GetCurrentProcessId
ResetEvent
MoveFileW
ReleaseMutex
FlushViewOfFile
UnmapViewOfFile
OpenMutexW
CreateMutexW
MapViewOfFile
OpenFileMappingW
SetLastError
lstrcmpiA
MultiByteToWideChar
lstrlenW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiW
lstrcpynW
HeapDestroy
InterlockedIncrement
InterlockedDecrement
FreeLibrary
lstrlenA
SizeofResource
LoadResource
FindResourceW
GetLastError
LoadLibraryExW
GetShortPathNameW
GetModuleFileNameW
GetVersionExW
GetPrivateProfileStringW
InterlockedExchange
Sleep
LoadLibraryW
WaitForMultipleObjects
GetTickCount
SetEvent
CloseHandle
CreateEventW
WaitForSingleObject
GetCurrentThread
SetEnvironmentVariableW
GetTempPathW
GetEnvironmentVariableW
CopyFileW
SetFileAttributesW
DeleteFileW
MoveFileExW
GetFileAttributesExW
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
RemoveDirectoryW
CreateFileW
GetSystemTime
GetLocalTime
GlobalMemoryStatusEx
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
GetCommandLineW
FileTimeToSystemTime
GetUserDefaultLCID
GetFullPathNameW
ExpandEnvironmentStringsW
GetDiskFreeSpaceW
GetTempFileNameW
GetCurrentProcess
LocalFree
DuplicateHandle
WideCharToMultiByte
WriteFile
SetFilePointer
ReadFile
GetFileInformationByHandle
GlobalFree
GetModuleHandleA
GetStartupInfoW
lstrcatW
lstrcpyW
CreateFileMappingW
OpenProcess
GetFileAttributesA
FileTimeToDosDateTime
FileTimeToLocalFileTime
CreateFileA
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
LocalAlloc
LoadLibraryA
RaiseException
GetACP
GetLocaleInfoA
GetSystemDefaultLangID
IsDBCSLeadByteEx
GetThreadPriority
GetTimeZoneInformation

user32

DispatchMessageW
MsgWaitForMultipleObjects
GetSystemMetrics
CharNextA
CharUpperW
CharUpperBuffW
GetMessageW
LoadStringW
TranslateMessage
PeekMessageW
PostThreadMessageW
CharNextW

ole32

CLSIDFromString
CoSuspendClassObjects
CoRegisterClassObject
CoRevokeClassObject
CoSetProxyBlanket
GetHGlobalFromStream
StgOpenStorageEx
StgCreateStorageEx
CoGetCallContext
CreateStreamOnHGlobal
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstanceEx
StringFromGUID2
CoCreateGuid
CoTaskMemFree
StringFromCLSID

oleaut32

VariantInit
GetErrorInfo
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysAllocString
VarUI4FromStr
LoadRegTypeLi
SysStringLen
VariantClear
VariantCopy
VariantChangeType
SystemTimeToVariantTime
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocStringLen
SafeArrayCreateVector
VariantChangeTypeEx
VariantTimeToSystemTime
CreateErrorInfo
LoadTypeLi
RegisterTypeLi
SetErrorInfo

ntdll

strrchr
_snwprintf
wcsstr
_ltow
towlower
strtoul
NtQueryInformationProcess
_itow
_wtol
strchr
tolower
strncpy
sprintf
wcsncmp

rpcrt4

I_RpcBindingInqLocalClientPID

Sections

.text
Size: 589KB - Virtual size: 588KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06c201495c77ad9866c7c92f0169f9d1

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

ole32

oleaut32

ntdll

rpcrt4

Sections

.text Size: 589KB - Virtual size: 588KB

.data Size: 22KB - Virtual size: 22KB

.rsrc Size: 65KB - Virtual size: 65KB

.text
Size: 589KB - Virtual size: 588KB

.data
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 65KB - Virtual size: 65KB