41105f55c226fd0731e8dc0ab712eb56_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

41105f55c226fd0731e8dc0ab712eb56_JaffaCakes118
Size

264KB
MD5

41105f55c226fd0731e8dc0ab712eb56
SHA1

4caa41d2703d63626bb903998cf94d05be42e2b2
SHA256

0a0198c0ddf3abbb0c577ab337f56dde48b44fbf84d4510e8440d7e33fa5b19d
SHA512

3dd04f1d5c655dae9fe00d7a6bc0cf98842dabe10c5d30e7fd5463c910e27782639311d61acae1d259de042472c11bdfb6806fd0669a78161fefe7a1e9fdaff8
SSDEEP

6144:zMjuF0Zz7A77iPWEnalblSFKJK+0k4Uayq0h84CmGwfDi0N7c9YLZG:zXB+Wl4FKJK+0k4fyq0xII7sYI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41105f55c226fd0731e8dc0ab712eb56_JaffaCakes118

Files

41105f55c226fd0731e8dc0ab712eb56_JaffaCakes118
.exe windows:5 windows x86 arch:x86

06577990e04012241c945c16f4d6da1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

NDRCContextBinding
NdrAllocate
MesIncrementalHandleReset
NdrClientInitialize
NdrByteCountPointerFree
NDRCContextMarshall
MesEncodeFixedBufferHandleCreate
CreateStubFromTypeInfo
NDRSContextMarshallEx
DceErrorInqTextW
NdrAsyncServerCall
NdrByteCountPointerUnmarshall
NdrByteCountPointerBufferSize
CStdStubBuffer_CountRefs
NDRcopy
DllGetClassObject
NdrConformantStructBufferSize
MesBufferHandleReset
MesDecodeIncrementalHandleCreate
MesHandleFree
NdrAsyncClientCall
MesInqProcEncodingId
DllRegisterServer
NDRSContextMarshall

advapi32

AllocateAndInitializeSid
RegOpenKeyExA
RegDeleteKeyA
RegQueryValueExA
RegEnumValueW
OpenProcessToken
RegQueryInfoKeyW
RegCloseKey
FreeSid
RegSetValueExW
RegDeleteValueW
GetTokenInformation
RegEnumKeyExW
CloseServiceHandle
RegQueryValueExW
RegEnumKeyExA
RegCreateKeyExA
InitializeSecurityDescriptor
RegSetValueExA
RegCreateKeyExW
OpenThreadToken
RegDeleteKeyW
RegDeleteValueA
RegOpenKeyExW

version

VerQueryValueW
VerFindFileW
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA
VerLanguageNameA

kernel32

RaiseException
CloseHandle
CreateMutexW
FileTimeToLocalFileTime
ExitProcess
FindNextFileA
CreateFileMappingW
CopyFileW
GetExitCodeProcess
FindResourceA
LoadResource
GetCurrentProcess
CreateProcessW
MulDiv
GetCommandLineW
AddAtomW
GetFullPathNameW
RemoveDirectoryW
ExpandEnvironmentStringsA
IsBadCodePtr
GetCurrentDirectoryW
LoadLibraryExA
VirtualAlloc
ResumeThread
DeviceIoControl
GetWindowsDirectoryW
lstrcatW
CreateMutexA
LockResource
WriteConsoleW
ReleaseSemaphore
SetFileAttributesA
IsValidCodePage
OpenProcess
SizeofResource
GetTempPathA
SetThreadPriority
CreateDirectoryA
VirtualFree
CreateFileMappingA

ole32

CoInitialize

oleaut32

GetErrorInfo
CreateErrorInfo
VariantChangeTypeEx
SysFreeString
SafeArrayUnaccessData
SysStringByteLen
OleLoadPicture
SysStringLen
VariantClear
SysReAllocStringLen
RegisterTypeLib
SafeArrayCreate
SafeArrayAccessData
SysAllocStringByteLen
VariantCopy
LoadTypeLibEx
LoadTypeLib
VariantInit
SafeArrayPutElement
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayGetLBound
VariantChangeType
VariantCopyInd
SetErrorInfo
GetActiveObject

shell32

SHGetSetSettings
DragFinish
DllRegisterServer
SHDefExtractIconW
IsNetDrive
DAD_DragMove
DriveType
DAD_DragLeave
DllUnregisterServer
SHILCreateFromPath
DragAcceptFiles
SHChangeNotifyDeregister
SHChangeNotifyRegister
GetFileNameFromBrowse
RestartDialog
PickIconDlg
Shell_GetCachedImageIndex
DAD_DragEnterEx
DllCanUnloadNow
DllGetVersion
DllInstall
Shell_MergeMenus
PathQualify
PifMgr_OpenProperties
PathResolve
Shell_GetImageLists
SHCoCreateInstance
SHStartNetConnectionDialogW

gdi32

LineTo
SelectClipRgn
ExtTextOutA
GetTextExtentPointA
DeleteDC
GetDeviceCaps
CreateCompatibleDC
CreateSolidBrush
CreateFontIndirectA
SetBkColor
MoveToEx
GetTextMetricsA
BitBlt
GetStockObject
SelectPalette
DeleteObject
GetSystemPaletteEntries
RealizePalette
UnrealizeObject
CreateDIBitmap
CreatePalette
SaveDC
CreatePen
CreateRectRgn
SetTextColor
RestoreDC
GetObjectA

user32

EnableWindow
GetDesktopWindow
LoadStringA
GetWindowLongW
IsWindow
GetSystemMetrics
GetWindowLongA
BeginPaint
MessageBoxA
CharNextA
SendMessageA
UpdateWindow
wsprintfA
GetClientRect
DispatchMessageA
TranslateMessage
GetDlgItem
GetParent
ReleaseDC
wsprintfW
EndPaint
SetTimer
DestroyWindow
EndDialog
PostQuitMessage
GetSysColor
SetWindowPos
SetCursor
CharNextW
ShowWindow

Sections

.textbss
Size: - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 458B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.debug
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

06577990e04012241c945c16f4d6da1f

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

advapi32

version

kernel32

ole32

oleaut32

shell32

gdi32

user32

Sections

.textbss Size: - Virtual size: 400KB

.rdata Size: 25KB - Virtual size: 25KB

.idata Size: 186KB - Virtual size: 186KB

.rsrc Size: 5KB - Virtual size: 4KB

.data Size: 25KB - Virtual size: 25KB

.text Size: 512B - Virtual size: 458B

.debug Size: 20KB - Virtual size: 20KB

.textbss
Size: - Virtual size: 400KB

.rdata
Size: 25KB - Virtual size: 25KB

.idata
Size: 186KB - Virtual size: 186KB

.rsrc
Size: 5KB - Virtual size: 4KB

.data
Size: 25KB - Virtual size: 25KB

.text
Size: 512B - Virtual size: 458B

.debug
Size: 20KB - Virtual size: 20KB