JaffaCakes118_c5b67871b12b397585cad3482b8b1d14

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_c5b67871b12b397585cad3482b8b1d14
Size

1.2MB
MD5

c5b67871b12b397585cad3482b8b1d14
SHA1

8e1ef341018d9f1581a592514427a051f850fc30
SHA256

7736e2923f0969b84166b05537aed354ad3f8a3e571af505daa9003838354d7b
SHA512

5f286133e974954ea1014ad6365424847a61f5da2f83771ce713daac6b72ea669cf1b3aa3ab9775928694d07a3e4561d916fa2be5edb439160a607c268902d18
SSDEEP

24576:cNQ+9+MzVdi/JZgQzYM65mpXNgbUDGTgl1Y9IrQig38jNayXJUtt:I9HhQBuM65mp9DG0l1Y9IrQBMjXJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_c5b67871b12b397585cad3482b8b1d14

Files

JaffaCakes118_c5b67871b12b397585cad3482b8b1d14
.exe windows:10 windows x86 arch:x86

2868def1205754a12e9a986964540afc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

SearchIndexer.pdb

Imports

msvcrt

__crtCompareStringW
abort
memcmp
__pctype_func
___lc_codepage_func
___lc_handle_func
___mb_cur_max_func
___lc_collate_cp_func
setlocale
wcstok
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
strchr
vswprintf_s
_vscwprintf
_wcslwr_s
wcspbrk
qsort
_get_errno
_set_errno
bsearch
strncmp
swscanf
towupper
_wtol
_get_current_locale
iswxdigit
iswspace
_vsnwprintf
memmove
_free_locale
memcpy_s
_wcsdup
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_vsnprintf_s
memmove_s
wcstol
__crtLCMapStringW
_wcsicmp
_controlfp
realloc
wcsstr
_errno
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
wcschr
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
calloc
memset
wcsncpy_s
malloc
wcscat_s
wcscpy_s
wcsncmp
_wcsnicmp
free
__CxxFrameHandler3

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
FindResourceExW
LoadResource
GetModuleHandleExW
SizeofResource
LoadLibraryExW
GetModuleFileNameA
GetProcAddress
FindStringOrdinal
FreeLibraryAndExitThread
LockResource
LoadStringW
GetModuleHandleW
FreeLibrary

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileAttributesExW
FindNextFileW
SetFileAttributesW
DeleteFileW
RemoveDirectoryW
FindFirstFileW
SetFileTime
GetFileAttributesW
FindClose
CompareFileTime
CreateDirectoryW
GetLogicalDrives
GetVolumeInformationW
GetDriveTypeW
FindFirstFileExW
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
GetFileTime

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceExecuteOnce
InitOnceComplete
InitOnceInitialize
InitOnceBeginInitialize

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW
GetCurrentProcess
SetPriorityClass
TlsFree
GetCurrentProcessId
TlsSetValue
OpenThreadToken
GetCurrentThreadId
TlsAlloc
CreateThread
OpenProcessToken
GetCurrentThread

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
ReleaseSemaphore
ReleaseSRWLockExclusive
EnterCriticalSection
CreateEventExW
OpenSemaphoreW
CreateMutexW
SetEvent
ReleaseSRWLockShared
LeaveCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
CreateMutexExW
WaitForSingleObject
CreateEventW
AcquireSRWLockShared
OpenEventW
InitializeSRWLock
DeleteCriticalSection
CreateSemaphoreExW
WaitForSingleObjectEx
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap
HeapSetInformation
HeapDestroy
HeapSize
HeapReAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetErrorMode
GetLastError
SetLastError
RaiseException

api-ms-win-core-com-l1-1-0

CLSIDFromString
IIDFromString
CoRegisterClassObject
CoGetMalloc
PropVariantClear
CoCreateFreeThreadedMarshaler
CoImpersonateClient
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoMarshalInterface
CoUninitialize
CoInitializeSecurity
CoGetApartmentType
CoTaskMemAlloc
CoRevertToSelf
StringFromGUID2
CoRevokeClassObject
CoWaitForMultipleHandles
CoInitializeEx

api-ms-win-shcore-thread-l1-1-0

SHCreateThreadRef
SHGetThreadRef
SHSetThreadRef

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
CreateThreadpoolCleanupGroup
TrySubmitThreadpoolCallback
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
FreeLibraryWhenCallbackReturns
CloseThreadpoolTimer
CreateThreadpoolWork
CallbackMayRunLong
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolTimer
CreateThreadpool
CloseThreadpool
CloseThreadpoolWork
CloseThreadpoolCleanupGroup

ntdll

RtlInitUnicodeString
RtlNtStatusToDosError
NtOpenFile
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlIsStateSeparationEnabled
RtlGetPersistedStateLocation
RtlQueryPackageClaims

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegQueryValueExW
RegDeleteTreeW
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegDeleteKeyExW
RegGetKeySecurity
RegCloseKey
RegGetValueW
RegEnumKeyExW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetVersionExA
GetSystemTimeAsFileTime
GetTickCount64
GetVersionExW
GetSystemDirectoryW

api-ms-win-core-localization-l1-2-0

ResolveLocaleName
LCMapStringW
GetSystemDefaultLCID
FormatMessageW
GetLocaleInfoW
GetSystemPreferredUILanguages
GetNLSVersionEx
LocaleNameToLCID

oleaut32

SysFreeString
LoadRegTypeLi
SysAllocString
SysAllocStringLen
SafeArrayGetUBound
VarUI4FromStr
SafeArrayDestroy
VariantClear
SysStringLen
LoadTypeLi
VarBstrCat
SysAllocStringByteLen
SafeArrayGetElement
SysStringByteLen
VariantInit

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsRootW
PathStripToRootW
PathAddBackslashW
PathAppendW
PathIsUNCServerShareW
PathIsUNCW
PathSkipRootW
PathCanonicalizeW
PathFileExistsW
PathIsUNCServerW
PathRemoveBackslashW
PathFindNextComponentW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-string-l1-1-0

CompareStringW
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentVariableW
ExpandEnvironmentStringsW
SearchPathW
GetEnvironmentVariableW
GetCommandLineW

api-ms-win-shell-shdirectory-l1-1-0

ord290

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWrite
EventSetInformation
EventActivityIdControl
EventEnabled
EventWriteTransfer

api-ms-win-shcore-registry-l1-1-0

SHDeleteKeyW
SHCopyKeyW
SHGetValueW
SHSetValueW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage
GetUserDefaultUILanguage

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

tquery

ciDelete
ciNewNoThrow
ciNew

shcore

SHStrDupW
ord1

mssrch

?GetFileChangeClientManagerInstance@@YA?AV?$shared_ptr@UIFileChangeClientManager@ChangeTracking@Windows@@@std@@XZ
??1CSearchServiceObj@@QAE@XZ
?Cleanup@CSearchServiceObj@@SGXXZ
??0CSearchServiceObj@@QAE@XZ

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNICW
StrStrIW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-path-l1-1-0

PathCchSkipRoot

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW

api-ms-win-service-core-l1-1-1

EnumDependentServicesW

api-ms-win-service-winsvc-l1-1-0

ControlService
QueryServiceStatus

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-appmodel-runtime-l1-1-1

GetApplicationUserModelIdFromToken

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

Sections

.text
Size: 591KB - Virtual size: 590KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 436KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2868def1205754a12e9a986964540afc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-threadpool-l1-2-0

ntdll

api-ms-win-core-registry-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-localization-l1-2-0

oleaut32

api-ms-win-core-debug-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-synch-l1-2-1

api-ms-win-core-file-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-shell-shdirectory-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-shcore-registry-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-apiquery-l1-1-0

tquery

shcore

mssrch

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-service-core-l1-1-1

api-ms-win-service-winsvc-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-service-core-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-appmodel-runtime-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-util-l1-1-0

Sections

.text Size: 591KB - Virtual size: 590KB

.data Size: 3KB - Virtual size: 10KB

.idata Size: 13KB - Virtual size: 13KB

.didat Size: 512B - Virtual size: 384B

.rsrc Size: 191KB - Virtual size: 191KB

.reloc Size: 436KB - Virtual size: 1.0MB

.text
Size: 591KB - Virtual size: 590KB

.data
Size: 3KB - Virtual size: 10KB

.idata
Size: 13KB - Virtual size: 13KB

.didat
Size: 512B - Virtual size: 384B

.rsrc
Size: 191KB - Virtual size: 191KB

.reloc
Size: 436KB - Virtual size: 1.0MB