cef89bc95aabf37409ac06679d08e0f9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

cef89bc95aabf37409ac06679d08e0f9_JaffaCakes118
Size

244KB
MD5

cef89bc95aabf37409ac06679d08e0f9
SHA1

5ca37d847f2369e17b6dc21749c229a46822e5c7
SHA256

4006acbb7db3a3b9b4c4a3a25fe436d0e5db0c494462d4e190f2590e45e5aead
SHA512

f276e1b7841017a3ab6d98da07384cd08d4a30a986818195ba27af049842459112d1398fdd004f48bb1b4211e14442239ba4aab00b705eea612e7dc626dda940
SSDEEP

6144:4FbKr2b0xskGiLIJ6FpfzSkaQpHFyEoG8i1ni9SBXTH62:4Ur2bpk5IJ6PzSFQpHFLs9MHj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cef89bc95aabf37409ac06679d08e0f9_JaffaCakes118

Files

cef89bc95aabf37409ac06679d08e0f9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f701a400f09b45e2d8f347775d0298f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dnsapi

DnsQuery_W
DnsFree

userenv

UnloadUserProfile

kernel32

HeapFree
GetThreadPriority
IsDebuggerPresent
QueryPerformanceFrequency
DosDateTimeToFileTime
CreateEventW
FileTimeToSystemTime
CopyFileW
GetTempPathW
GetFileType
GetSystemDirectoryW
RemoveDirectoryW
GetSystemTimeAsFileTime
CreateDirectoryW
GetCurrentThreadId
SetCurrentDirectoryW
OpenMutexW
GetVolumeInformationW
GetCurrentDirectoryW
DeleteCriticalSection
SetEndOfFile
GetProcessHeap
GetDiskFreeSpaceExW
FindFirstFileA
lstrcpyW
OutputDebugStringW
ReleaseMutex
SetFileAttributesA
HeapReAlloc
LeaveCriticalSection
GlobalFree
DeleteFileW
EnterCriticalSection
GetSystemDefaultLangID
SetLastError
CreateFileW
lstrlenW
GetTimeZoneInformation
GetWindowsDirectoryW
GetStdHandle
GetFileTime
CreateDirectoryA
IsDBCSLeadByte
DisableThreadLibraryCalls
ReadFile
LocalFileTimeToFileTime
GetTempFileNameW
WriteFile
SizeofResource
FindResourceW
SetFileAttributesW
GetLocalTime
FindClose
MoveFileExW
GetSystemTime
CreateMutexW
FindResourceExW
GetSystemWindowsDirectoryW
SystemTimeToFileTime
CompareFileTime
LockResource
CreateFileA
SetThreadPriority
UnhandledExceptionFilter
FreeLibrary
CreateProcessW
GetFileSize
WideCharToMultiByte
DeviceIoControl
SetFileTime
FindNextFileW
GetShortPathNameW
CloseHandle
HeapDestroy
GetFileAttributesExW
MoveFileW
SetUnhandledExceptionFilter
LocalAlloc
LoadResource
WaitForSingleObject
LoadLibraryExW
FindFirstFileW
HeapAlloc
HeapSize
FindNextFileA
lstrlenA
RaiseException
SetFilePointer
GetStartupInfoA
VirtualAllocEx

ole32

CLSIDFromString
CoCreateGuid
StringFromGUID2

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

crypt32

CryptMsgClose
CertOpenStore
CertCloseStore
CertGetIntendedKeyUsage
CryptMsgOpenToDecode
CertNameToStrW
CryptDecodeObjectEx
CertCompareIntegerBlob
CryptMsgControl
CryptMemRealloc
CertCreateCertificateContext
CertVerifyValidityNesting
CryptMsgGetParam
CertFreeCertificateChain
CertCompareCertificate
CertDuplicateCertificateContext
CryptMemFree
CryptMsgUpdate
CertGetIssuerCertificateFromStore
CertAddCertificateContextToStore
CryptMemAlloc
CertFindExtension
CertFreeCertificateContext

ws2_32

inet_addr
inet_ntoa
WSAStringToAddressW
WSACleanup
WSAStartup

user32

CharLowerA
PeekMessageW
CharToOemA
OemToCharBuffA
CharUpperA
MsgWaitForMultipleObjects
CharUpperW
OemToCharA
wsprintfW
CharToOemBuffW
TranslateMessage
DispatchMessageW

advapi32

InitializeSid
CryptDestroyHash
CopySid
GetSidLengthRequired
InitializeSecurityDescriptor
RegQueryValueExW
AdjustTokenPrivileges
OpenProcessToken
SetSecurityDescriptorDacl
LookupPrivilegeValueW
SetFileSecurityA
CryptReleaseContext
CryptAcquireContextW
RegCloseKey
IsValidSid
CryptGetHashParam
GetFileSecurityW
RegEnumKeyExW
GetLengthSid
GetTokenInformation
FreeSid
CheckTokenMembership
SetFileSecurityW
AllocateAndInitializeSid
RegDeleteValueW
GetSidSubAuthority
CryptHashData
CryptCreateHash
RegOpenKeyExW

shlwapi

PathRemoveFileSpecW
PathAppendW
PathIsUNCServerW
PathFileExistsW
StrToIntExW
PathAddBackslashW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

mscms

CreateColorTransformW
IsColorProfileTagPresent
GetColorDirectoryW
TranslateColors
InternalGetPS2ColorSpaceArray
InternalGetPS2PreviewCRD
GetColorDirectoryA

wdigest

CredentialUpdateFree
SpInitialize
SpLsaModeInitialize
SpInstanceInit
SpUserModeInitialize

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.cOZ
Size: 2KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Ublhh
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Ui
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Vd
Size: 2KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 212KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f701a400f09b45e2d8f347775d0298f7

Headers

DLL Characteristics

File Characteristics

Imports

dnsapi

userenv

kernel32

ole32

version

crypt32

ws2_32

user32

advapi32

shlwapi

shell32

mscms

wdigest

Sections

.text Size: 17KB - Virtual size: 17KB

.cOZ Size: 2KB - Virtual size: 21KB

.rdata Size: 6KB - Virtual size: 5KB

.Ublhh Size: 1024B - Virtual size: 3KB

.Ui Size: 512B - Virtual size: 6KB

.Vd Size: 2KB - Virtual size: 15KB

.data Size: 212KB - Virtual size: 222KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 17KB - Virtual size: 17KB

.cOZ
Size: 2KB - Virtual size: 21KB

.rdata
Size: 6KB - Virtual size: 5KB

.Ublhh
Size: 1024B - Virtual size: 3KB

.Ui
Size: 512B - Virtual size: 6KB

.Vd
Size: 2KB - Virtual size: 15KB

.data
Size: 212KB - Virtual size: 222KB

.rsrc
Size: 2KB - Virtual size: 2KB