567dd899384c0eecf7a92f29203543f8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

567dd899384c0eecf7a92f29203543f8_JaffaCakes118
Size

307KB
MD5

567dd899384c0eecf7a92f29203543f8
SHA1

4f33da9b8ebb49a1ff0b2fe20645c38a2cbb4f8b
SHA256

de52037803caca45ce122e007b9d85a2127ddad30ad173ccf2284d8675559177
SHA512

1cae65541631ac33d44bc338186d5dba9d98edaba9d540f361405be0e7797a7dffa11b1637139d9ce3e2fd5e00bab4bd3c2fa6d492709ed56e3ee2d0538a1e6e
SSDEEP

6144:jwCuNnH7X7BixLLE3e0M0nIcBtSpE9Y28aE5HA:sNnHBOLI3el0nIcBpj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
567dd899384c0eecf7a92f29203543f8_JaffaCakes118

Files

567dd899384c0eecf7a92f29203543f8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4d10877133fdccfe1ca3ba112b9b07d5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetProcessShutdownParameters
SetConsoleCtrlHandler
GetCurrentThreadId
GetModuleHandleA
GetCurrentProcessId
WaitForSingleObject
ReleaseSemaphore
FindFirstFileA
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
FindNextFileA
FindClose
GetSystemDirectoryA
GetVersionExA
CreateFileA
LoadLibraryA
GetProcAddress
FreeLibrary
GetWindowsDirectoryA
CopyFileA
DeleteFileA
GetModuleFileNameA
Sleep
CreateProcessA
OpenEventA
SetEvent
OpenSemaphoreA
CreateSemaphoreA
GetLastError
GetCommandLineA
HeapSize
GetCPInfo
GetACP
GetSystemTime
ReleaseMutex
CreateMutexA
IsBadWritePtr
CreateEventA
IsBadReadPtr
WriteFile
SetFilePointer
LocalFree
FormatMessageA
SetCommTimeouts
GetCommTimeouts
ClearCommError
GetTickCount
ReadProcessMemory
OpenProcess
GetCurrentThread
MoveFileExA
SetLastError
CreateThread
TerminateThread
SuspendThread
ResetEvent
MoveFileA
GetExitCodeThread
DuplicateHandle
GetCurrentProcess
DeviceIoControl
DefineDosDeviceA
QueryDosDeviceA
ReadFile
GetComputerNameA
CreateNamedPipeA
SetNamedPipeHandleState
RtlUnwind
InterlockedDecrement
InterlockedIncrement
HeapFree
HeapAlloc
ResumeThread
TlsSetValue
ExitThread
CloseHandle
GetVersion
ExitProcess
RaiseException
GetTimeZoneInformation
GetEnvironmentStringsW
GetLocalTime
HeapReAlloc
TlsAlloc
TlsGetValue
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetLocaleInfoA
CompareStringW
GetOEMCP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetUnhandledExceptionFilter
IsBadCodePtr
CompareStringA
SetEnvironmentVariableA
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
SetEndOfFile
GetLocaleInfoW

user32

MessageBoxA
PostMessageA
LoadCursorA
wsprintfA
DestroyWindow
RegisterWindowMessageA
PostQuitMessage
DispatchMessageA
DefWindowProcA
UnregisterClassA
IsWindow
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassA

advapi32

SetThreadToken
RegQueryInfoKeyA
ControlService
StartServiceA
QueryServiceStatus
QueryServiceConfigA
LockServiceDatabase
ChangeServiceConfigA
UnlockServiceDatabase
DeleteService
CreateServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
AllocateAndInitializeSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorOwner
RegSetKeySecurity
FreeSid
RegEnumValueA
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ImpersonateNamedPipeClient
RevertToSelf
RegCreateKeyA
OpenThreadToken
DuplicateToken
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
SetServiceStatus

winspool.drv

GetPrinterDataA
EnumPortsA
AddPortA
DeleteMonitorA
EnumPrintersA
OpenPrinterA
GetPrinterDriverA
ClosePrinter

mpr

WNetGetConnectionA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

rpcrt4

NdrSimpleStructBufferSize
NdrSimpleStructMarshall
NdrConformantArrayMarshall
NdrPointerFree
NdrFullPointerXlatInit
NdrPointerUnmarshall
NdrFullPointerXlatFree
NdrConformantStringBufferSize
NdrConformantStringMarshall
NdrConformantArrayUnmarshall
NdrAllocate
NdrSimpleStructUnmarshall
RpcServerRegisterIf
RpcServerUseProtseqA
NdrComplexStructMarshall
NdrClientInitializeNew
NdrComplexStructBufferSize
NdrGetBuffer
NdrSendReceive
I_RpcGetCurrentCallHandle
NdrServerInitializeNew
NdrConvert
NdrFreeBuffer
I_RpcGetBuffer
NdrConformantStringUnmarshall
NdrComplexStructUnmarshall
RpcRaiseException
NdrConformantArrayBufferSize
RpcBindingVectorFree
RpcEpRegisterA
RpcServerInqBindings
RpcImpersonateClient
RpcServerListen
RpcServerUnregisterIf
RpcEpUnregister
RpcMgmtWaitServerListen
RpcMgmtStopServerListening
RpcRevertToSelf

Sections

.text
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d10877133fdccfe1ca3ba112b9b07d5

Headers

File Characteristics

Imports

kernel32

user32

advapi32

winspool.drv

mpr

version

rpcrt4

Sections

.text Size: 240KB - Virtual size: 240KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 43KB - Virtual size: 52KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 240KB - Virtual size: 240KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 43KB - Virtual size: 52KB

.rsrc
Size: 4KB - Virtual size: 3KB