4198f70a2d64e2fe1e4d8dff7756c274_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4198f70a2d64e2fe1e4d8dff7756c274_JaffaCakes118
Size

25KB
MD5

4198f70a2d64e2fe1e4d8dff7756c274
SHA1

e8f3e1e19f0298efa5918e81cb07933f8ac3b7f0
SHA256

e8904e64e802efc91b2cdbd928b0a0f01210afc088eeb5faaf9b2f9db3617bd0
SHA512

2e1565277eb4e19966bcd71a7cc8cb2c14e7c48c0f9f90dd2f8dc08ff1e08d0cec37c743dfeb1d539a226141d87e16e1ce4c234f1e9eb1c9fbf6e3cd297cf2ac
SSDEEP

384:5oQygnwrL2Ov+jVzzNNltmOMCMCdKtpl0sKeU:5oyw26+jVHVwHQ0b4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4198f70a2d64e2fe1e4d8dff7756c274_JaffaCakes118

Files

4198f70a2d64e2fe1e4d8dff7756c274_JaffaCakes118
.exe windows:2 windows x86 arch:x86

dd8ce9337109802ce9bd0b10257ddafc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegFlushKey
InitializeAcl
WriteEncryptedFileRaw
GetSecurityDescriptorDacl
ReadEncryptedFileRaw
AddAccessAllowedAce
GetAce
RegCloseKey
AdjustTokenPrivileges
EqualSid
RegQueryValueExA
RegOpenKeyExA
GetTokenInformation
CloseServiceHandle
OpenThreadToken
ControlService
DeleteAce

comctl32

InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_GetIcon

shell32

SHGetMalloc
SHGetSpecialFolderLocation

netapi32

NetApiBufferSize
NetShareEnum
NetApiBufferFree
NetShareGetInfo

ntdll

NtSetQuotaInformationFile
wcstoul
wcscspn
NtQueryQuotaInformationFile
_aulldvrm
iswctype

syssetup

AsrFreeContext

mpr

WNetCloseEnum

kernel32

QueryPerformanceCounter
GetProcAddress
WideCharToMultiByte
LoadLibraryA
LockFile
OpenMutexA
TerminateProcess
GetCurrentThread
InitializeCriticalSection
GetExitCodeThread
GetLastError
Sleep
GetSystemTime
EnterCriticalSection
FindClose
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
FindVolumeMountPointClose
GetTapeStatus
SetTapeParameters
ExitThread
LoadResource
WriteTapemark
GetProcessHeaps
ReleaseMutex
GetTapeParameters
WaitForSingleObject
GetUserDefaultLCID
BackupRead
HeapCreate
PrepareTape
WriteFile
SystemTimeToFileTime
GetCurrentThreadId
GetLocalTime
LeaveCriticalSection
DeviceIoControl
ReadFile
CloseHandle
CreateThread
SetEvent
VirtualAlloc
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
GetCurrentDirectoryA
FreeLibrary
CreateMutexA
MultiByteToWideChar
GetFileInformationByHandle
GetTapePosition
FileTimeToSystemTime
FlushFileBuffers
ReleaseSemaphore
SetTapePosition
BackupWrite
EraseTape

gdi32

Polygon
PatBlt
CombineRgn
BitBlt
CreateBitmap
DeleteObject
CreateCompatibleDC
GetMapMode
CreateRectRgn

user32

EnableWindow
GetCursorPos
GetDlgItem
SendMessageA
RemoveMenu
GetClientRect
CallNextHookEx
DrawFocusRect
IsIconic
UnhookWindowsHookEx
UpdateWindow
ShowWindow
DispatchMessageA
GetAsyncKeyState
DestroyIcon
CreateWindowExA
CreateIconFromResource
SetCursor
RegisterClassExA
GetKeyState
GetNextDlgGroupItem
TranslateMessage
SetTimer
EnableMenuItem
ReleaseDC
GetParent
SetActiveWindow
IsWindow
LockSetForegroundWindow
BringWindowToTop
FlashWindow
CreateIconIndirect
GetSystemMetrics
GetMenu
WindowFromPoint
MonitorFromWindow
ScreenToClient
GetMenuItemCount
CopyRect
GetDC
GetSysColor
SetWindowPos
GetActiveWindow
InvalidateRgn
GetMessageA
DefWindowProcA
ExitWindowsEx
GetFocus
GetMenuItemID
ChildWindowFromPoint
MapDialogRect
GetWindow
GetDesktopWindow
DestroyWindow

setupapi

SetupGetIntField

ole32

CoCreateGuid
CLSIDFromString
CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoInitializeSecurity

msvcrt

isspace
__p__commode
_mbslen
swprintf
__dllonexit
_wcsdup
isalpha
fseek
__setusermatherr
_wcsicmp
_purecall
_wcslwr
clearerr
_cexit
wcscmp
__CxxFrameHandler
_wcsrev
_except_handler3
_wfopen
_wcsnicmp
wprintf
malloc
swscanf
_getpid
_putenv
wcspbrk
localtime
fflush
wcschr
_controlfp
_open_osfhandle
exit
calloc
wcscat
_wcmdln
__p__fmode
__set_app_type
_fdopen
_filelength
ftell
_vsnwprintf
wcsncat
mktime
_errno
wcsncmp
_tzset
_snwprintf
_exit

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd8ce9337109802ce9bd0b10257ddafc

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

shell32

netapi32

ntdll

syssetup

mpr

kernel32

gdi32

user32

setupapi

ole32

msvcrt

Sections

.text Size: 16KB - Virtual size: 16KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 5KB - Virtual size: 28KB

.text
Size: 16KB - Virtual size: 16KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 5KB - Virtual size: 28KB