JaffaCakes118_63391e3a9e06dcbd38bf0cd935a130e0

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_63391e3a9e06dcbd38bf0cd935a130e0
Size

624KB
MD5

63391e3a9e06dcbd38bf0cd935a130e0
SHA1

f3090a6a4c9f93ccc8c6541dea0c9c6f5759313c
SHA256

55b512bbbfb802895566db0cba139cdb575716732209781effbe1ce09ea21620
SHA512

ac110b7dada8ca1fedf3715cfca408961ac0c9ade7c2cc9f45d5a115cf74117b49be53fbad727d04b3e403826febf356e84676768e6d4ef18419bafdda35a88c
SSDEEP

12288:USHz+/p9VRPcIcpf73TvhQmFt1Ot6t4RBTh+QBOTrEAwSg:Utp9bPBcpfZBrmVQPHKR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_63391e3a9e06dcbd38bf0cd935a130e0

Files

JaffaCakes118_63391e3a9e06dcbd38bf0cd935a130e0
.exe windows:6 windows x86 arch:x86

7ac5587ed64714a66ae1c0d565256417

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

scrcons.pdb

Imports

advapi32

TraceMessage
FreeSid
EqualSid
AllocateAndInitializeSid
RegOpenKeyW
RegDeleteKeyW
RegCreateKeyW
RegCloseKey
RegSetValueExW
OpenServiceW
DeleteService
OpenSCManagerW
CreateServiceW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags

kernel32

LCMapStringW
InterlockedDecrement
GetCurrentThreadId
MultiByteToWideChar
ReadFile
GetFileSize
CreateFileW
ExitProcess
GetModuleFileNameW
lstrlenW
GetCommandLineW
HeapSetInformation
DebugBreak
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
InterlockedIncrement
FormatMessageW
LocalFree
CreateThread
DeleteCriticalSection
CreateWaitableTimerW
WaitForMultipleObjects
CancelWaitableTimer
GetSystemTimeAsFileTime
SetWaitableTimer
GetLastError
SetEvent
WaitForSingleObject
CloseHandle
LeaveCriticalSection
CreateEventW
CompareFileTime
InterlockedExchange
Sleep
InterlockedCompareExchange
GetCurrentProcess
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
TerminateProcess
EnterCriticalSection

user32

PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PostQuitMessage
SetTimer
KillTimer

msvcrt

_controlfp
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
__p__fmode
__p__commode
printf
__setusermatherr
_amsg_exit
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
memcpy
_CxxThrowException
memset
_vsnwprintf
_purecall
__CxxFrameHandler3
_initterm
wcsstr
_adjust_fdiv
?terminate@@YAXXZ

esscli

?IsUserAdministrator@@YGJPAX@Z

wbemcomn

?InternalQueryInterface@CUnkInternal@@QAEJABU_GUID@@PAPAX@Z
?InternalRelease@CUnkInternal@@QAEKXZ
??0WString@@QAE@PAGH@Z
??0WString@@QAE@XZ
?DeleteString@WString@@AAEXPAG@Z
??1WString@@QAE@XZ
??YWString@@QAEAAV0@PBG@Z
??4WString@@QAEAAV0@PBG@Z
??4WString@@QAEAAV0@ABV0@@Z
??1CUnk@@UAE@XZ
?Initialize@CUnk@@UAEHXZ
?OnInitialize@CUnk@@UAEHXZ
?Release@CUnk@@UAGKXZ
?AddRef@CUnk@@UAGKXZ
?QueryInterface@CUnk@@UAGJABU_GUID@@PAPAX@Z
??0CUnk@@QAE@PAVCLifeControl@@PAUIUnknown@@@Z
?AddRef@CUnkInternal@@UAGKXZ
?QueryInterface@CUnkInternal@@UAGJABU_GUID@@PAPAX@Z
??0CUnkInternal@@QAE@PAVCLifeControl@@@Z
??_7CUnkInternal@@6B@
?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z
?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z
?InsertAt@CFlexArray@@QAEHHPAX@Z
?GetMemLogObject@@YGPAVCMemoryLog@@XZ
?Write@CMemoryLog@@QAEXJ@Z
?Enter@CCritSec@@QAEXXZ
?Compress@CFlexArray@@QAEXXZ
?Empty@CFlexArray@@QAEXXZ
??ACFlexArray@@QAEAAPAXH@Z
??1CInCritSec@@QAE@XZ
??0CInCritSec@@QAE@PAU_RTL_CRITICAL_SECTION@@@Z
??0CFlexArray@@QAE@HH@Z
??0CCritSec@@QAE@XZ
??1CFlexArray@@QAE@XZ
??1CCritSec@@QAE@XZ
?Release@CUnkInternal@@UAGKXZ

ole32

CoRegisterClassObject
CoRevokeClassObject
StringFromGUID2
CoInitialize
CLSIDFromProgID
CoGetClassObject
CreateBindCtx
MkParseDisplayName
CoSuspendClassObjects
CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
VariantInit
SysFreeString
SysAllocString
SetErrorInfo

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 588KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7ac5587ed64714a66ae1c0d565256417

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

esscli

wbemcomn

ole32

oleaut32

Sections

.text Size: 32KB - Virtual size: 32KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 588KB - Virtual size: 1.8MB

.text
Size: 32KB - Virtual size: 32KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 588KB - Virtual size: 1.8MB