40d1d1bc856e3dda2bdec1c0814d2d20_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

40d1d1bc856e3dda2bdec1c0814d2d20_JaffaCakes118
Size

844KB
MD5

40d1d1bc856e3dda2bdec1c0814d2d20
SHA1

17e89cefb197a0325ab2ace6a26b0e112d73179b
SHA256

1f791c2969f54c9aac64a5d3589916edc8d5e182e21edcf38a60c16aeac05397
SHA512

3955c74abdccbb74c77f1549a1a8f091d32bcd74dff2a77d952a5a4882edda9ab906eda27b9d6fe984414e62cefb08efa475b1e292529a795cff747255a40e30
SSDEEP

12288:xNLESnQn6m3DY4Ab/zf5tqfmYz2FCzMEj49lkyPzXXgsidyIAgXpmAEb:HQStjh6flSFCzM/fky7gs3umAE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40d1d1bc856e3dda2bdec1c0814d2d20_JaffaCakes118

Files

40d1d1bc856e3dda2bdec1c0814d2d20_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e6a46161f2227864520e41bb4ed66fa1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

__RTtypeid
free
_fullpath
_mbsrchr
_callnewh
_mbstrlen
fwprintf
_CIexp
strtok
wcsrchr
_filelength
_heapmin
_isnan
strftime

comctl32

DestroyPropertySheetPage
ImageList_GetBkColor
CreateStatusWindowA
PropertySheetA
ImageList_SetIconSize
CreateToolbarEx
PropertySheetW
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Remove
ImageList_GetIconSize
ImageList_AddMasked
ImageList_EndDrag
CreatePropertySheetPageW

advapi32

CloseTrace
RegQueryValueA
FreeSid
AddAccessDeniedAce
BuildTrusteeWithNameW
RevertToSelf
GetServiceDisplayNameA
UnlockServiceDatabase
LsaRetrievePrivateData
RegQueryValueExA
CommandLineFromMsiDescriptor
IsValidSecurityDescriptor
StartTraceW
EqualPrefixSid
LsaQueryDomainInformationPolicy
GetKernelObjectSecurity
GetSidSubAuthority
CryptDeriveKey
SystemFunction036
MakeSelfRelativeSD
LookupPrivilegeValueW
AbortSystemShutdownW
GetSidIdentifierAuthority
SetKernelObjectSecurity
RegisterEventSourceW
GetSidSubAuthorityCount
RegEnumKeyW
AllocateAndInitializeSid
RegQueryMultipleValuesA
LsaStorePrivateData
CryptAcquireContextA
LsaDelete
ChangeServiceConfig2W

rpcrt4

CStdStubBuffer_Invoke
NdrOleFree
NdrGetUserMarshalInfo
UuidEqual
RpcBindingSetOption
RpcStringBindingComposeA
RpcAsyncGetCallStatus
CStdStubBuffer_CountRefs
RpcImpersonateClient
I_RpcGetBuffer
RpcServerRegisterAuthInfoW
RpcServerListen
UuidCreate
I_RpcSessionStrictContextHandle
RpcBindingInqAuthClientA

kernel32

RegisterWaitForInputIdle
FindNextChangeNotification
SetFilePointerEx
MultiByteToWideChar
HeapSetInformation
AddAtomA
SleepEx
GetTickCount
WideCharToMultiByte
FindFirstFileW
LCMapStringA
WriteProcessMemory
GetFullPathNameW
CreateDirectoryExA
QueryDosDeviceA
SetProcessAffinityMask
InterlockedDecrement
VerLanguageNameA
FreeEnvironmentStringsA
PulseEvent
GetNamedPipeInfo
DisconnectNamedPipe
TryEnterCriticalSection
FreeLibrary
SetFileTime
GetProcAddress
TzSpecificLocalTimeToSystemTime
BuildCommDCBA
ReadFile
lstrlenW
UpdateResourceA
GetProfileSectionW
IsProcessorFeaturePresent
WaitForSingleObject
GetFileTime
WritePrivateProfileStructA
InterlockedCompareExchange
VirtualAlloc

odbc32

LockHandle
CursorLibLockDbc
CursorLibLockDesc
ValidateErrorQueue
PostODBCError
SQLNativeSqlA
VFreeErrors
PostODBCComponentError
CursorLibTransact
CursorLibLockStmt
SearchStatusCode
VRetrieveDriverErrorsRowCol

cfgmgr32

CM_Get_DevNode_Registry_Property_ExW
CM_Set_HW_Prof_Flags_ExW
CM_Get_Device_Interface_List_ExW
CM_Get_Sibling
CM_Disconnect_Machine
CM_Get_Class_Name_ExW
CM_Locate_DevNodeW
CM_Get_Device_ID_Size
CM_Connect_MachineW
CM_Get_First_Log_Conf_Ex
CM_Get_DevNode_Registry_PropertyW
CM_Get_Device_IDW

Sections

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 25KB - Virtual size: 313KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 286KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 233KB - Virtual size: 338KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CRT
Size: 247KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6a46161f2227864520e41bb4ed66fa1

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

comctl32

advapi32

rpcrt4

kernel32

odbc32

cfgmgr32

Sections

.data Size: 1KB - Virtual size: 1KB

.data Size: 6KB - Virtual size: 5KB

.text Size: 25KB - Virtual size: 313KB

.idata Size: 286KB - Virtual size: 375KB

.idata Size: 233KB - Virtual size: 338KB

CRT Size: 247KB - Virtual size: 339KB

.rsrc Size: 43KB - Virtual size: 43KB

.reloc Size: 512B - Virtual size: 156B

.data
Size: 1KB - Virtual size: 1KB

.data
Size: 6KB - Virtual size: 5KB

.text
Size: 25KB - Virtual size: 313KB

.idata
Size: 286KB - Virtual size: 375KB

.idata
Size: 233KB - Virtual size: 338KB

CRT
Size: 247KB - Virtual size: 339KB

.rsrc
Size: 43KB - Virtual size: 43KB

.reloc
Size: 512B - Virtual size: 156B