d27fb6dac19567bb4819d91d619a3093_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d27fb6dac19567bb4819d91d619a3093_JaffaCakes118
Size

81KB
MD5

d27fb6dac19567bb4819d91d619a3093
SHA1

165bf252c76c7cf0ad40a81ba1dc1c73fffc70ce
SHA256

ea67e325327cf7222c1334f89a39c9d47561107750c35c8a461d25628ac3776b
SHA512

6bd8e1da33ddeac41c6f2a51f410b701d99f50d64353331459bd5827bebd90651e5e5d6ff22e3802228d38e4039eec179b91b0bae6f9e1211961dafd54f35f0b
SSDEEP

1536:w1rF28bkKUItsLuworgRHn64wauMGmSApmKk80ZFfx:+5RwJVwauMGmsXZxx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d27fb6dac19567bb4819d91d619a3093_JaffaCakes118

Files

d27fb6dac19567bb4819d91d619a3093_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f622f683756e772e27fb8e4a337d0d57

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

secur32

GetUserNameExW

ole32

OleGetClipboard
OleSetClipboard
ReleaseStgMedium
CoTaskMemAlloc
CoCreateInstance
OleUninitialize
CoTaskMemFree
CoGetCallContext
OleInitialize

gdi32

DeleteDC
CreateCompatibleDC
DeleteObject
SelectObject
GetStockObject
CreateFontIndirectW
GetObjectW
RealizePalette
CreateDIBitmap
CreatePalette
GetDeviceCaps
SelectPalette
BitBlt

mpr

WNetGetNetworkInformationW
WNetGetResourceInformationW
WNetGetConnectionW

msvcrt

wcspbrk
mbstowcs
_vsnwprintf
wcsncmp
_adjust_fdiv
iswctype
wcscmp
_itow
wcsstr
setlocale
_purecall
wcschr
free
_except_handler3
wcsncpy
_wcsnicmp
wcsspn
wcstoul
_initterm
wcstombs
_wcsicmp
memmove
wcsrchr
wcslen
rand
malloc

comctl32

ImageList_AddMasked
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_Create
ImageList_SetOverlayImage
ImageList_GetIcon
CreatePropertySheetPageW
ImageList_Remove
PropertySheetW
ImageList_Destroy
DestroyPropertySheetPage

comdlg32

CommDlgExtendedError
GetOpenFileNameW

advapi32

RegEnumKeyExW
SetEntriesInAclW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteKeyW
FreeSid
AccessCheck
ControlService
GetFileSecurityW
LookupAccountSidW
OpenThreadToken
GetUserNameW
RegOpenKeyExW
RevertToSelf
StartServiceW
RegConnectRegistryW
RegSetValueExW
QueryServiceStatus
SetSecurityInfo
GetSecurityInfo
GetTokenInformation
LookupPrivilegeValueW
SetSecurityDescriptorOwner
AdjustTokenPrivileges
RegQueryValueExW
OpenSCManagerW
OpenProcessToken
CloseServiceHandle
OpenServiceW
ImpersonateSelf
RegCloseKey
CheckTokenMembership
AllocateAndInitializeSid

ntdsapi

DsMakeSpnW

shell32

SHGetPathFromIDListW
DragQueryFileW
SHChangeNotify
SHFileOperationW
SHGetFolderPathW
SHExtractIconsW
ShellExecuteW

rpcrt4

NdrClientCall2
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcEpResolveBinding
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFree
UuidCreate

kernel32

CreateDirectoryW
GetCurrentProcessId
UnmapViewOfFile
lstrcmpiW
InterlockedDecrement
InitializeCriticalSection
FindFirstFileW
LocalAlloc
GetFileAttributesW
GetCurrentProcess
QueryPerformanceCounter
GetFileSize
MulDiv
SetFileAttributesW
GlobalLock
FreeLibrary
SetCurrentDirectoryW
GetLocaleInfoW
LockResource
GetCurrentActCtx
InterlockedIncrement
GetFileType
GetUserDefaultLCID
IsBadWritePtr
IsBadStringPtrW
SetUnhandledExceptionFilter
SetEndOfFile
LoadResource
GetDateFormatW
GetFullPathNameW
DeleteCriticalSection
GetCurrentDirectoryW
GetDriveTypeW
SystemTimeToFileTime
DeleteFileW
LoadLibraryW
DuplicateHandle
GetUserDefaultUILanguage
EnterCriticalSection
SetErrorMode
GlobalReAlloc
CancelWaitableTimer
LocalReAlloc
CreateFileW
GetTimeFormatW
GlobalFree
GlobalAlloc
WideCharToMultiByte
SetFileTime
CloseHandle
GetProcAddress
FindResourceW
GetEnvironmentVariableW
VirtualAlloc
LocalFree
FileTimeToSystemTime
FindClose
CompareStringW
DeactivateActCtx
GetLocalTime
MapViewOfFile
OpenProcess
GetSystemTimeAsFileTime
SetFilePointer
UnhandledExceptionFilter
GetComputerNameW
SearchPathW
GetCurrentThread
FormatMessageW
TerminateProcess
GetCurrentThreadId
Sleep
FindNextFileW
lstrcmpW
ExpandEnvironmentStringsW
lstrcmpA
SetWaitableTimer
DisableThreadLibraryCalls
ExitThread
ReadFile
CreateWaitableTimerW
lstrlenW
CompareFileTime
CreateFileMappingW
GetLastError
CreateThread
ActivateActCtx
GetComputerNameExW
GetFileTime
GetVersionExW
GlobalUnlock
WriteFile
LeaveCriticalSection
lstrcpynW
ReleaseActCtx
GetTickCount
GetSystemTime

userenv

UnloadUserProfile

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathFindExtensionW

winmm

auxOutMessage

user32

RegisterClipboardFormatW
GetMenuItemInfoW
EnableWindow
MessageBeep
GetWindowTextLengthW
EndDialog
SystemParametersInfoW
GetDlgItem
CheckMenuItem
MessageBoxW
SetWindowLongW
CheckDlgButton
GetLastActivePopup
SwitchToThisWindow
PostMessageW
ValidateRect
GetClientRect
WinHelpW
ShowWindow
IsWindow
GetSubMenu
FindWindowW
GetWindowTextW
EnumWindows
DestroyMenu
CheckRadioButton
GetClassInfoW
GetWindowRect
GetWindow
InvalidateRect
SetCursor
SendMessageW
CreateWindowExW
GetDlgItemTextW
LoadMenuW
GetWindowLongW
TrackPopupMenu
KillTimer
LoadStringW
SetWindowPos
SetDlgItemTextW
RegisterClassW
SetForegroundWindow
SetWindowTextW
DestroyIcon
RegisterWindowMessageW
GetDlgItemInt
SetFocus
EnumChildWindows
DefWindowProcW
GetWindowThreadProcessId
GetClassNameW
GetForegroundWindow
SendDlgItemMessageW
GetDC
ReleaseDC
SetTimer
GetSystemMetrics
LoadImageW
LoadCursorW
SetMenuItemInfoW
SetMenuDefaultItem
EnableMenuItem
GetMenuItemID
GetKeyState
GetMenuItemCount
DestroyWindow
GetParent
RemoveMenu
DialogBoxParamW
IsDlgButtonChecked
MapWindowPoints

lz32

LZClose

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.textbss
Size: 43KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

exhtgjd
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f622f683756e772e27fb8e4a337d0d57

Headers

File Characteristics

Imports

secur32

ole32

gdi32

mpr

msvcrt

comctl32

comdlg32

advapi32

ntdsapi

shell32

rpcrt4

kernel32

userenv

shlwapi

winmm

user32

lz32

version

Sections

.textbss Size: 43KB - Virtual size: 1.3MB

.text Size: 512B - Virtual size: 424B

.idata Size: 8KB - Virtual size: 8KB

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 27KB - Virtual size: 28KB

exhtgjd Size: - Virtual size: 4KB

.textbss
Size: 43KB - Virtual size: 1.3MB

.text
Size: 512B - Virtual size: 424B

.idata
Size: 8KB - Virtual size: 8KB

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 27KB - Virtual size: 28KB

exhtgjd
Size: - Virtual size: 4KB