db6335cd97bfb7827eef58389406da34_JaffaCakes118

General

Target

db6335cd97bfb7827eef58389406da34_JaffaCakes118
Size

449KB
MD5

db6335cd97bfb7827eef58389406da34
SHA1

bf890f4796b84b0a43b52e14cb176cbfb6824b99
SHA256

e3a7576bcf3c4dbe622fee504f227b9277464a2052ec949f152da4217149f0ce
SHA512

e803210608f6093b373d1f2cf2519a8a327ca008c506dab10854963302c0a8ac381ce13992d6c5813aef84dd9b3c0fb508f5501bd535977d70618327d222e314
SSDEEP

12288:lxUI/vUesMeC+IuUZXkqG6zuNyYyPVTmCZFAbW:lxUovUeT+XUZXFuNyYyhHAy

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/conhost.txt
unpack001/csrss.txt
unpack001/dwm.txt

Files

db6335cd97bfb7827eef58389406da34_JaffaCakes118
.zip
conhost.txt
.exe windows:4 windows x86 arch:x86

ad739f96322f22cc161a653676508b9f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

rpcrt4

UuidCreate

user32

GetClassLongA
MessageBoxW

advapi32

RegCreateKeyExW
RegCloseKey
RegSetValueExW

kernel32

GetVersionExA
ExitProcess
MultiByteToWideChar
GetCPInfo
GetFullPathNameW
EnterCriticalSection
GetModuleHandleA
GetThreadPriority
InitializeCriticalSection
CloseHandle
SetStdHandle
WideCharToMultiByte
IsValidLocale
GlobalAlloc
Sleep
SetCommConfig
GetConsoleOutputCP
GetCurrentProcess
TerminateProcess
GetLocaleInfoW
HeapSize
EnumSystemLocalesA
LCMapStringA
GetProcAddress
WriteConsoleW
RaiseException
LCMapStringW
RtlUnwind
IsDebuggerPresent
SetEndOfFile
EnumResourceNamesA
WriteConsoleA
DeleteCriticalSection
HeapFree
ExitProcess
GetModuleFileNameW
IsValidCodePage
GetLastError
ReadFile
InterlockedIncrement
GetCurrentThreadId
WriteFile
SetUnhandledExceptionFilter
GetUserDefaultLCID
GetCurrentDirectoryW
GetCommandLineA
HeapAlloc
CreateFileA
HeapReAlloc
GetProcessHeap
InterlockedDecrement
UnhandledExceptionFilter
LeaveCriticalSection
GetFullPathNameA

shell32

SHFileOperationW
SHCreateDirectoryExW
SHGetFolderPathW

ole32

CoCreateGuid
CoCreateInstance
StringFromGUID2
CoInitialize
CoUninitialize
CoSetProxyBlanket

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
csrss.txt
.exe windows:4 windows x86 arch:x86

31198f172c79f6926b8525cb3ff1018d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

rpcrt4

UuidCreate

ole32

StringFromGUID2
CoCreateGuid
CoUninitialize
CoCreateInstance
CoInitialize
CoSetProxyBlanket

user32

GetClassLongA
MessageBoxW

shell32

SHCreateDirectoryExW
SHFileOperationW
SHGetFolderPathW

advapi32

RegCreateKeyExW
RegCloseKey
RegSetValueExW

kernel32

HeapReAlloc
MultiByteToWideChar
GetThreadPriority
GetCurrentThreadId
HeapAlloc
GetModuleHandleA
GetCurrentProcess
GetCommandLineA
InterlockedDecrement
IsDebuggerPresent
LCMapStringA
ReadFile
LCMapStringW
TerminateProcess
GetProcAddress
SetCommConfig
RaiseException
Sleep
GetFullPathNameW
GetProcessHeap
SetEndOfFile
WriteFile
EnterCriticalSection
GetCPInfo
SetUnhandledExceptionFilter
ExitProcess
GetLocaleInfoW
SetStdHandle
GlobalAlloc
CloseHandle
EnumResourceNamesA
WriteConsoleW
RtlUnwind
EnumSystemLocalesA
GetLastError
LeaveCriticalSection
WideCharToMultiByte
GetUserDefaultLCID
ExitProcess
GetModuleFileNameW
HeapFree
DeleteCriticalSection
GetConsoleOutputCP
InitializeCriticalSection
GetCurrentDirectoryW
WriteConsoleA
GetVersionExA
UnhandledExceptionFilter
InterlockedIncrement
IsValidCodePage
CreateFileA
IsValidLocale
HeapSize
GetFullPathNameA

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dwm.txt
.exe windows:4 windows x86 arch:x86

302c7f848ce5b8f0986de0192e626c00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ole32

StringFromGUID2
CoCreateGuid
CoInitialize
CoUninitialize
CoCreateInstance
CoSetProxyBlanket

user32

GetClassLongA
MessageBoxW

advapi32

RegCloseKey
RegCreateKeyExW
RegSetValueExW

kernel32

LCMapStringW
HeapAlloc
WriteConsoleA
GetCurrentProcess
Sleep
GetUserDefaultLCID
GetLastError
SetStdHandle
GetThreadPriority
IsDebuggerPresent
ReadFile
WideCharToMultiByte
GetLocaleInfoW
SetCommConfig
RtlUnwind
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
GetCurrentDirectoryW
UnhandledExceptionFilter
HeapReAlloc
InitializeCriticalSection
RaiseException
MultiByteToWideChar
GetModuleHandleA
EnumResourceNamesA
GetFullPathNameW
InterlockedDecrement
CreateFileA
GetVersionExA
GetCPInfo
DeleteCriticalSection
ExitProcess
GetCommandLineA
GetProcessHeap
LCMapStringA
GetModuleFileNameW
IsValidCodePage
CloseHandle
WriteConsoleW
SetUnhandledExceptionFilter
EnterCriticalSection
SetEndOfFile
GetProcAddress
IsValidLocale
LeaveCriticalSection
HeapFree
EnumSystemLocalesA
TerminateProcess
GetConsoleOutputCP
HeapSize
WriteFile
ExitProcess
GetFullPathNameA

rpcrt4

UuidCreate

shell32

SHFileOperationW
SHCreateDirectoryExW
SHGetFolderPathW

Sections

.text
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad739f96322f22cc161a653676508b9f

Headers

File Characteristics

Imports

rpcrt4

user32

advapi32

kernel32

shell32

ole32

Sections

.text Size: 148KB - Virtual size: 148KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 18KB - Virtual size: 17KB

.crt Size: 512B - Virtual size: 68KB

31198f172c79f6926b8525cb3ff1018d

Headers

File Characteristics

Imports

rpcrt4

ole32

user32

shell32

advapi32

kernel32

Sections

.text Size: 168KB - Virtual size: 167KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 20KB - Virtual size: 20KB

.crt Size: 512B - Virtual size: 84KB

302c7f848ce5b8f0986de0192e626c00

Headers

File Characteristics

Imports

ole32

user32

advapi32

kernel32

rpcrt4

shell32

Sections

.text Size: 142KB - Virtual size: 142KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 30KB - Virtual size: 29KB

.crt Size: 512B - Virtual size: 348KB

.text
Size: 148KB - Virtual size: 148KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 18KB - Virtual size: 17KB

.crt
Size: 512B - Virtual size: 68KB

.text
Size: 168KB - Virtual size: 167KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 20KB - Virtual size: 20KB

.crt
Size: 512B - Virtual size: 84KB

.text
Size: 142KB - Virtual size: 142KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 30KB - Virtual size: 29KB

.crt
Size: 512B - Virtual size: 348KB