5699489d69ef72423edc6c8f612bff4a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5699489d69ef72423edc6c8f612bff4a_JaffaCakes118
Size

291KB
MD5

5699489d69ef72423edc6c8f612bff4a
SHA1

4741a4c6617c3ca74dc0825e1de802e228a2dfb0
SHA256

29a6344ca3eeccaf7e8266234927252f984bbb0452134aaa888330c51c9166fc
SHA512

d29663a029f0e0b5a3451d2f449d3d6bc4b39e7c5f97c2a8b7fb0f6d7fc0e36209cd0c8ea19b8c26a58f70169dcf63f160a695ca19e36720ba5bc6871ad8b31e
SSDEEP

6144:oRNllFNG3QSRHKIcoWJ6yIvl6jWNP6ILQ4IFcrgtS+yoz8LZgnAH8QWE:oxStRqIpyIwjWJLic4s88LCAvWE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5699489d69ef72423edc6c8f612bff4a_JaffaCakes118

Files

5699489d69ef72423edc6c8f612bff4a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d4abebd2e671ed91f2b9eceedb5e15de

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowTextW
GetWindowThreadProcessId
EnumWindows
PostMessageW
GetClassNameW
SendMessageTimeoutW
IsWindowVisible
EnumChildWindows

advapi32

SetSecurityDescriptorDacl
RegOpenKeyExW
LookupPrivilegeValueW
DeleteService
CloseServiceHandle
GetLengthSid
RegDeleteKeyW
RegCloseKey
AdjustTokenPrivileges
RegCreateKeyExW
ControlService
RegEnumKeyExW
InitializeAcl
InitializeSecurityDescriptor
QueryServiceConfigW
RegUnLoadKeyW
AllocateAndInitializeSid
RegSetKeySecurity
AddAccessAllowedAce
OpenSCManagerW
OpenServiceW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
StartServiceW
QueryServiceStatus
FreeSid
SetSecurityDescriptorOwner
RegDeleteValueW
RegLoadKeyW
CreateServiceW
RegEnumValueW
OpenProcessToken
EnumServicesStatusW

kernel32

CreateMutexA
WriteProcessMemory
SetThreadAffinityMask
FreeLibrary
GetPrivateProfileStructW
GetOEMCP
GetModuleHandleW
IsDebuggerPresent
OpenFileMappingA
WritePrivateProfileStringW
GetConsoleCP
LCMapStringW
ReleaseSemaphore
CreateSemaphoreA
ReleaseMutex
IsValidCodePage
GetPrivateProfileStringW
UnhandledExceptionFilter
OpenSemaphoreA
WriteConsoleW
LCMapStringA
GetModuleHandleA
HeapFree
WideCharToMultiByte
GetUserDefaultLCID
GetSystemTimeAsFileTime
GetTempPathW
GetACP
LeaveCriticalSection
IsValidLocale
FreeEnvironmentStringsA
FindFirstFileW
RemoveDirectoryW
SetFilePointer
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
TerminateThread
SetStdHandle
GetSystemDefaultLangID
HeapDestroy
VirtualAlloc
MapViewOfFileEx
GetThreadContext
FindClose
GetLogicalDrives
TlsFree
MoveFileW
GetSystemDirectoryW
CreateFileA
TlsGetValue
SetConsoleCtrlHandler
ReadProcessMemory
GetCurrentThreadId
GetStdHandle
EnumSystemLocalesA
GetDriveTypeW
WriteFile
ResumeThread
GetSystemInfo
HeapSize
SetHandleCount
FatalAppExitA
HeapReAlloc
VirtualQueryEx
ExpandEnvironmentStringsW
SetEnvironmentVariableA
DeviceIoControl
CompareStringA
GetFullPathNameW
GetDateFormatA
CreateProcessW
GetFileType
GetTimeZoneInformation
HeapAlloc
RtlUnwind
CloseHandle
GetConsoleMode
CreateRemoteThread
TlsSetValue
SetUnhandledExceptionFilter
SetProcessWorkingSetSize
VirtualProtectEx
FlushFileBuffers
TlsAlloc
RaiseException
GetShortPathNameW
FreeEnvironmentStringsW
QueryDosDeviceW
ReadFile
OpenProcess
GetTimeFormatA
CopyFileW
WriteConsoleA
SetLastError
GetWindowsDirectoryW
CreateFileMappingA
SuspendThread
CreateFileW
OpenMutexA
FindNextFileW
UnmapViewOfFile
GetConsoleOutputCP
WaitForSingleObject
GetCommandLineA
DeleteCriticalSection
VirtualFree
CompareStringW
WritePrivateProfileStructW
GetFullPathNameA
VirtualAllocEx

ole32

OleInitialize
OleUninitialize

atmlib

ATMFinish
ATMGetNtmFields
ATMMakePSSW
ATMGetBuildStrW
ATMXYShowTextA
ATMGetFontBBox
ATMBeginFontChange

mydocs

DllCanUnloadNow

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 266KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4abebd2e671ed91f2b9eceedb5e15de

Headers

File Characteristics

Imports

user32

advapi32

kernel32

ole32

atmlib

mydocs

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 266KB - Virtual size: 1.6MB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 266KB - Virtual size: 1.6MB

.rsrc
Size: 3KB - Virtual size: 2KB