JaffaCakes118_7a6a720d444b76cb26cfc5423b6ef310

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_7a6a720d444b76cb26cfc5423b6ef310
Size

255KB
MD5

7a6a720d444b76cb26cfc5423b6ef310
SHA1

820ebc413b073807f7a4b861b08fe86c0f988f09
SHA256

d9b9082c55b5d4867110cf6e5e882de1edecfd059c17b2f834f1bf8c34a5cfb6
SHA512

ee41db522e328f9d81ffd3f651eb698383b80cbf7b2d5e59b5f98157996ec04169b9cdb2ebbd936570d22b6f92169b8811d130897f19a21a72635d17838e74f0
SSDEEP

6144:TnuK3T6NfDQflOj/JePXpUUaEKEBaVPL034GeHe+Ibfj:7uCT6CtO9kXphKma5LQvSEbfj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_7a6a720d444b76cb26cfc5423b6ef310

Files

JaffaCakes118_7a6a720d444b76cb26cfc5423b6ef310
.exe windows:4 windows x86 arch:x86

c72c0d83619208e10ed532b188af55aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msi

ord113

kernel32

SetFilePointer
LocalFree
LocalAlloc
HeapAlloc
GetProcessHeap
HeapFree
CreateMutexW
CreateFileMappingW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
ExpandEnvironmentStringsW
ReadFile
GlobalMemoryStatus
GetCommandLineW
WriteFile
EnterCriticalSection
MapViewOfFile
UnmapViewOfFile
OpenFileMappingW
VirtualQuery
ReleaseMutex
GetShortPathNameW
GetSystemTime
GetCurrentThreadId
GetSystemDirectoryW
ReadProcessMemory
Module32FirstW
Module32NextW
HeapReAlloc
HeapDestroy
GetLocalTime
CreateProcessW
LeaveCriticalSection
TryEnterCriticalSection
CreateThread
DeleteCriticalSection
OpenMutexW
FindResourceExW
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SizeofResource
FindNextFileW
FindClose
CreateDirectoryW
FindFirstFileW
FreeLibrary
GetSystemTimeAsFileTime
CreateFileW
OpenEventW
ResetEvent
MoveFileExW
WaitForMultipleObjects
CopyFileW
OpenProcess
Process32NextW
ProcessIdToSessionId
Process32FirstW
CreateToolhelp32Snapshot
GetModuleHandleW
DeleteFileW
SetLastError
WaitForSingleObject
CloseHandle
CreateEventW
SetUnhandledExceptionFilter
HeapSize
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
RaiseException
IsDebuggerPresent
SetErrorMode
VirtualAlloc

advapi32

ChangeServiceConfig2W
CreateServiceW
ControlService
CloseServiceHandle
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
CryptGenRandom
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteValueW
RegSetValueExW
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegCreateKeyExW
SetNamedSecurityInfoW
AddAce
AddAccessAllowedAce
InitializeAcl
GetLengthSid
GetAclInformation
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
GetAce
GetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
FreeSid
GetUserNameW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CreateProcessAsUserW
AdjustTokenPrivileges
SetTokenInformation
LookupPrivilegeValueW
DuplicateTokenEx
OpenProcessToken
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
RegEnumKeyW

shell32

SHGetFolderPathW
SHCreateDirectoryExW

shlwapi

PathRemoveBlanksW
PathFileExistsW
PathUnquoteSpacesW
PathAppendW
PathFindFileNameW
PathIsUNCServerShareW
SHDeleteKeyW
PathFileExistsA
PathRemoveExtensionW
PathRemoveFileSpecW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExW

query

FsCiShutdown
LoadIFilter
SetCatalogState
?CoTaskAllocator@@3VCCoTaskAllocator@@A
LoadBinaryFilter
EndCacheTransaction
CiSvcMain

stclient

DllCanUnloadNow

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.SI
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.g
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MC
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.yutLcD
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Vi
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 213KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.YOES
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c72c0d83619208e10ed532b188af55aa

Headers

DLL Characteristics

File Characteristics

Imports

msi

kernel32

advapi32

shell32

shlwapi

userenv

version

psapi

query

stclient

Sections

.text Size: 16KB - Virtual size: 16KB

.SI Size: 2KB - Virtual size: 1KB

.g Size: 1KB - Virtual size: 1KB

.MC Size: 2KB - Virtual size: 2KB

.rdata Size: 5KB - Virtual size: 4KB

.yutLcD Size: 1KB - Virtual size: 2KB

.Vi Size: 1KB - Virtual size: 2KB

.data Size: 213KB - Virtual size: 256KB

.YOES Size: 2KB - Virtual size: 3KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 16KB - Virtual size: 16KB

.SI
Size: 2KB - Virtual size: 1KB

.g
Size: 1KB - Virtual size: 1KB

.MC
Size: 2KB - Virtual size: 2KB

.rdata
Size: 5KB - Virtual size: 4KB

.yutLcD
Size: 1KB - Virtual size: 2KB

.Vi
Size: 1KB - Virtual size: 2KB

.data
Size: 213KB - Virtual size: 256KB

.YOES
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 9KB - Virtual size: 9KB