435bd45d28c5fe425dd21febfbe1a2d7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

435bd45d28c5fe425dd21febfbe1a2d7_JaffaCakes118
Size

422KB
MD5

435bd45d28c5fe425dd21febfbe1a2d7
SHA1

491762ce2213f16878b55108d2758753041a0fe1
SHA256

3424973fb80ae95fc5374bcc3fce55254e8338dc58c2a8bd97a63f3936d21f2c
SHA512

86eb8d747250d0cc6ffdbed4f5af56c909c148b12f9062c69cffa9954f258ece1826e13a2cec68ba40ed2f311d7f0a9fcd8b258cf5feaf9092a4ce27248d7b35
SSDEEP

12288:prr0mEfxPp2xhEdHORpR28h0z7/WhMr2VyvM+d:JS4Wdu528h6/WhMiYvM0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
435bd45d28c5fe425dd21febfbe1a2d7_JaffaCakes118

Files

435bd45d28c5fe425dd21febfbe1a2d7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c3e7c36145dcecb97ec2b3ccde8b619c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\buildsystem\node\virusscan_li1310_6335805967357.build\build\win32\release\McOds.pdb

Imports

wintrust

WinVerifyTrust

psapi

EnumProcessModules
GetModuleBaseNameW
EnumProcesses

rpcrt4

UuidToStringW
RpcStringFreeW

kernel32

GetFileAttributesW
ReadFile
GetModuleFileNameW
CreateFileW
GetACP
MultiByteToWideChar
GetLastError
GetCurrentDirectoryW
GetThreadLocale
GetProcAddress
EnterCriticalSection
GlobalFree
FindClose
GetPrivateProfileStringA
ResetEvent
GetLocalTime
CreateEventW
RemoveDirectoryW
GetPrivateProfileStructA
WaitForMultipleObjects
FindNextFileW
DeleteCriticalSection
GetShortPathNameW
GetCurrentThreadId
ReleaseMutex
CloseHandle
DeleteFileW
GetCurrentProcessId
LeaveCriticalSection
SetFileAttributesW
PulseEvent
GetCurrentThread
lstrlenA
lstrcatA
GetShortPathNameA
GetModuleFileNameA
lstrcpyA
IsBadStringPtrW
lstrlenW
ExitProcess
SetUnhandledExceptionFilter
GetModuleHandleW
OpenThread
OpenProcess
GetExitCodeThread
SetErrorMode
SystemTimeToFileTime
GetVersionExA
LoadLibraryA
GetSystemDirectoryA
Module32Next
Module32First
CreateToolhelp32Snapshot
FindFirstFileA
IsBadWritePtr
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
GetVersionExW
Sleep
LoadLibraryW
WideCharToMultiByte
GetSystemDirectoryW
GlobalAlloc
InitializeCriticalSection
WriteFile
GetWindowsDirectoryA
IsBadReadPtr
OutputDebugStringW
SetEvent
InterlockedCompareExchange
WaitForSingleObject
CreateDirectoryW
GetCurrentProcess
InterlockedDecrement
MoveFileExW
InterlockedIncrement
FreeLibrary
VirtualQuery
GetLocaleInfoA
WritePrivateProfileStructA
SetFilePointer
FindFirstFileW
CreateMutexW
GetFileSize
CreateFileA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
VirtualFree
HeapCreate
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
CreateThread
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemInfo
GetModuleHandleA
VirtualAlloc
VirtualProtect
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
InterlockedExchange
HeapDestroy
HeapAlloc

user32

GetSystemMetrics
wsprintfW

advapi32

RegCloseKey
AdjustTokenPrivileges
RegNotifyChangeKeyValue
RegOpenKeyExW
LookupPrivilegeValueW
RegQueryValueExW
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
RegDeleteKeyA
SetThreadToken
OpenThreadToken
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetLengthSid
GetSecurityDescriptorSacl
AddAce
InitializeSid
GetSidLengthRequired
FreeSid
IsValidSid
GetSecurityDescriptorOwner
AllocateAndInitializeSid
InitializeAcl
MakeAbsoluteSD
RegOpenKeyExA
RegCreateKeyExA
SetSecurityDescriptorDacl
RegEnumKeyExA
InitializeSecurityDescriptor
RegQueryValueExA
EqualSid
GetSecurityDescriptorControl
RegSetValueExA
CopySid
GetAclInformation
GetTokenInformation
GetSidSubAuthority
OpenProcessToken

shell32

SHGetFolderPathW

ole32

CoAddRefServerProcess
CoReleaseServerProcess
CoUninitialize
CoInitializeEx
CoRevokeClassObject
CoRegisterClassObject
CoResumeClassObjects
CoCreateFreeThreadedMarshaler
CoRevertToSelf
CoImpersonateClient
CoGetClassObject
CoCreateInstance

oleaut32

VariantCopy
LoadRegTypeLi
DispInvoke
DispGetIDsOfNames
SysStringByteLen
VarBstrCmp
SysAllocStringByteLen
SafeArrayGetElement
SysAllocStringLen
SysStringLen
VarBstrFromCy
SafeArrayCopy
SafeArrayGetUBound
VarBstrFromDate
SafeArrayGetVartype
SafeArrayLock
SafeArrayRedim
VariantChangeType
VarBstrFromDec
SystemTimeToVariantTime
VariantInit
SafeArrayCreate
SafeArrayUnlock
SafeArrayDestroy
VariantCopyInd
VariantClear
SafeArrayGetLBound
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysFreeString
SysAllocString

Sections

.text
Size: 281KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c3e7c36145dcecb97ec2b3ccde8b619c

Headers

File Characteristics

PDB Paths

Imports

wintrust

psapi

rpcrt4

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 281KB - Virtual size: 280KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 74KB - Virtual size: 76KB

.text
Size: 281KB - Virtual size: 280KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 74KB - Virtual size: 76KB