a0340430d4b1c1f6dd4048ab98f2e4b2_JaffaCakes118

Target

a0340430d4b1c1f6dd4048ab98f2e4b2_JaffaCakes118
Size

388KB
MD5

a0340430d4b1c1f6dd4048ab98f2e4b2
SHA1

a43ff275972b4ed9b7f3ece61d7d49375db635e9
SHA256

9b1622602d4ae8196316deeb91fbdd1346a4b31453f3762be119e24c84827217
SHA512

54ca85bee0ded2a742c767565159c0e3121d8cd1d97cebc751d067b1ea45d9fca86b6d5acad5b472eddef23d20afcc8ae3497cdd411fd9f393d80e0c90f2cd8d
SSDEEP

12288:XhTjRwlkwFrnAEryLFcG3yBrZTRDgZ8zOhG6:p4DRw7325gPh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
a0340430d4b1c1f6dd4048ab98f2e4b2_JaffaCakes118

Files

a0340430d4b1c1f6dd4048ab98f2e4b2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

000b1ef8b031f36e3a89c9aefebefee5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasEnumConnectionsA
RasGetConnectStatusA

advapi32

ControlService
GetServiceKeyNameA
OpenSCManagerA
QueryServiceLockStatusW
RegUnLoadKeyW
RegOpenKeyExW
OpenServiceA
ChangeServiceConfigW
ChangeServiceConfig2A
EncryptFileW
QueryServiceConfigW
DeleteService
RegNotifyChangeKeyValue
CreateServiceW
RegDeleteKeyA
RegCreateKeyExW
GetUserNameW
LsaOpenPolicy
SetServiceObjectSecurity
RegQueryInfoKeyW
SetServiceStatus
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerA
RegCreateKeyExA
LsaFreeMemory
RegSetValueW
LockServiceDatabase
RegSetValueA
RegSetValueExW
RegCloseKey
EnumDependentServicesA
EnumServicesStatusA
OpenEventLogW
LogonUserA
ReportEventA
LsaRetrievePrivateData
QueryServiceStatus
RegRestoreKeyW
DecryptFileW
RegOpenKeyExA
RegConnectRegistryA
RegQueryValueW
CreateProcessAsUserW
RegCreateKeyW
LsaAddAccountRights
RegisterEventSourceA
OpenSCManagerW
InitiateSystemShutdownA
ReadEventLogW
GetUserNameA
GetServiceDisplayNameW
RegSetValueExA
LsaQueryInformationPolicy
RegQueryInfoKeyA
RegQueryValueA

msvcrt

ldexp
_onexit
modf
__dllonexit
strcmp
_initterm
_setmbcp
_except_handler3
__getmainargs
atexit
_controlfp
__setusermatherr
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_acmdln

mpr

WNetCancelConnectionA
WNetUseConnectionA
WNetDisconnectDialog
WNetConnectionDialog1A
WNetGetConnectionA
MultinetGetConnectionPerformanceA

user32

PeekMessageW
CharLowerA
GetDlgItem
UnhookWinEvent
MoveWindow
GetDlgItemInt
EmptyClipboard
GetDlgCtrlID
KillTimer

gdi32

GetTextMetricsW
GetDIBColorTable
StartDocA
GetSystemPaletteEntries
SetMetaFileBitsEx
EnumMetaFile
EndDoc
GetROP2
SetDeviceGammaRamp
RealizePalette
CreateFontA
SetROP2
ExtEscape
GetEnhMetaFileHeader
Ellipse
CombineRgn
EnumFontFamiliesA
DeleteObject
EndPage
RestoreDC
CreateMetaFileA
EqualRgn
ResizePalette
GetFontData
SetArcDirection
GetBkColor
CreateFontIndirectW
ExtCreateRegion
SelectPalette
PatBlt
SetStretchBltMode
WidenPath
GetGlyphOutlineA
GetClipBox
BitBlt
GetTextExtentPointA
GetDIBits
CreateRectRgn
GetCharWidthA
CopyEnhMetaFileW
GetGlyphOutlineW
GetNearestPaletteIndex
OffsetViewportOrgEx
GetStockObject
RectVisible
GdiFlush
CreateICW
GetWindowOrgEx
AbortDoc
SelectClipRgn
PolyBezierTo
CloseEnhMetaFile
PlayEnhMetaFile
GetObjectA
Chord
StretchBlt
StartDocW
StrokePath
PolyPolyline
LPtoDP
GetTextAlign
EndPath
GetCharABCWidthsW
SetRectRgn
StartPage
CreateDCW
GetTextColor
ExtCreatePen
GetKerningPairsA
BeginPath
CreateBitmap
CreateFontIndirectA
CreatePen
CreateDCA
SetAbortProc
GetBitmapBits
CreatePolygonRgn

kernel32

ClearCommBreak
GetBinaryTypeA
GetProcessAffinityMask
GetCommTimeouts
GetStringTypeA
GetConsoleAliasW
SetEndOfFile

mfc42

ord1168
ord5731
ord3922
ord1089
ord2396
ord3346
ord1003
ord5302
ord2725
ord1017
ord4698
ord5307
ord1062
ord5714
ord1063
ord2982
ord1032
ord3259
ord4465
ord1068
ord3262
ord2985
ord3081
ord2976
ord3401
ord3830
ord3831
ord3825
ord3079
ord4080
ord1043
ord4424
ord3738
ord561
ord1576
ord1044
ord815
ord6375
ord4486
ord2554
ord1049

Sections

.text
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

000b1ef8b031f36e3a89c9aefebefee5

Headers

File Characteristics

Imports

rasapi32

advapi32

msvcrt

mpr

user32

gdi32

kernel32

mfc42

Sections

.text Size: 256KB - Virtual size: 253KB

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 48KB - Virtual size: 1.9MB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 256KB - Virtual size: 253KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 48KB - Virtual size: 1.9MB

.rsrc
Size: 12KB - Virtual size: 11KB