JaffaCakes118_d1b2589806423f4f2d9156a95f15d4dc

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_d1b2589806423f4f2d9156a95f15d4dc
Size

815KB
MD5

d1b2589806423f4f2d9156a95f15d4dc
SHA1

2978e197a35a7e6647aed51fc4a706baf8012002
SHA256

87d44ff5c5288094440d7fcc2c365c03a744cc0905fc7827212ecd3e9ff16410
SHA512

dbb8f2eebc9cfb50582b4586ef99ebf6a45f615c5a70b7eea173a6c57e839f54a012b984a89928456231bea6474925ae608affaed7c4d730a5dee4b6c17a5a19
SSDEEP

12288:ZFfiAAEJh8KrH/VvGdQDegicC17D5A+RHeSiqLSarxtyZl:riAxUKrH/pGOegoR5iqGHZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_d1b2589806423f4f2d9156a95f15d4dc

Files

JaffaCakes118_d1b2589806423f4f2d9156a95f15d4dc
.exe windows:6 windows x86 arch:x86

bcce0d2b7ed723cd121dc97cc8a48b0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

SearchIndexer.pdb

Imports

advapi32

RegCloseKey
RegSetValueExW
RegCreateKeyExW
EventWrite
RegOpenKeyExW
RegSetKeyValueW
RegGetValueW
RegEnumKeyExW
RegDeleteValueW
OpenProcessToken
RegQueryValueExW
EventRegister
EventUnregister
EventEnabled
RegQueryInfoKeyW
InitializeAcl
InitializeSecurityDescriptor
CopySid
GetLengthSid
IsValidSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetTokenInformation
AddAce
GetAce
GetAclInformation
AddAccessAllowedAce
StartServiceCtrlDispatcherW
SetSecurityDescriptorDacl
OpenThreadToken
LookupAccountNameW
SetServiceStatus
RegisterServiceCtrlHandlerExW
SetFileSecurityW
ImpersonateLoggedOnUser
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSidSubAuthority
RevertToSelf
MakeAbsoluteSD
InitializeSid
GetSidLengthRequired
AddAccessDeniedAce
LookupAccountSidW
CreateWellKnownSid
SetTokenInformation
IsValidAcl
DeregisterEventSource
RegisterEventSourceW
ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegDeleteKeyTransactedW
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
RegCreateKeyTransactedW
RegOpenKeyTransactedW
CheckTokenMembership

kernel32

InterlockedCompareExchange
DelayLoadFailureHook
HeapSetInformation
GetCurrentProcessId
SetPriorityClass
SetEnvironmentVariableW
CreateMutexW
Sleep
MultiByteToWideChar
LoadLibraryW
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapFree
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetCurrentProcess
GetNLSVersion
OutputDebugStringW
GetModuleFileNameW
LoadLibraryExW
InterlockedDecrement
InterlockedIncrement
GetSystemDirectoryW
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
WideCharToMultiByte
GetSystemDefaultLCID
CompareStringW
lstrcmpiW
FreeLibrary
lstrlenW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetDriveTypeW
GetVolumeInformationW
SetLastError
GetVolumePathNamesForVolumeNameW
SetErrorMode
GetLastError
CloseHandle
LoadLibraryExA
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetSystemPreferredUILanguages
ResolveLocaleName
LocaleNameToLCID
CreateFileMappingW
ReleaseMutex
MapViewOfFile
CopyFileA
DeleteFileA
FlushViewOfFile
GetLocalTime
CreateFileA
FormatMessageW
UnmapViewOfFile
LCMapStringW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeFormatW
LocalFree
CreateFileW
lstrcmpW
CompareFileTime
RemoveDirectoryW
FindFirstFileW
GetCommandLineW
DeleteFileW
SearchPathW
MoveFileW
CopyFileW
GetFileAttributesW
SetFileAttributesW
GetVersionExA
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
InterlockedExchange
lstrlenA
GetEnvironmentVariableW
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
OutputDebugStringA
VerifyVersionInfoW
VerSetConditionMask
GetVersionExW
ExpandEnvironmentStringsW
CreateThread
WaitForSingleObject
FindClose
FindNextFileW
FindFirstFileExW
CreateDirectoryW
OpenEventW
GetCurrentThread
SetEvent
GetTickCount64
RegNotifyChangeKeyValue
DuplicateHandle
CreateEventW
RegEnumValueW
RegDeleteKeyExW

user32

MsgWaitForMultipleObjects
PeekMessageW
UnregisterClassA
UnregisterDeviceNotification
RegisterDeviceNotificationW
LoadStringW
CharNextW
DispatchMessageW

msvcrt

_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
realloc
_exit
_cexit
__getmainargs
calloc
wcsncpy_s
malloc
memmove_s
memcpy
wcsrchr
swscanf_s
_wcsicmp
free
_wcsnicmp
wcsncmp
memcpy_s
_vsnwprintf
memset
__CxxFrameHandler3
_CxxThrowException
_errno
_controlfp
fprintf
wcsstr
wcspbrk
_vscwprintf
vswprintf_s
qsort
towupper
bsearch
_XcptFilter
wcschr
iswspace
_wtol
swscanf
_vsnprintf
strncmp
_iob

ntdll

NtOpenFile
RtlInitUnicodeString
RtlNtStatusToDosError
WinSqmAddToStream
WinSqmIncrementDWORD
WinSqmSetDWORD
WinSqmIsOptedIn

ole32

CoUninitialize
CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoRevertToSelf
CoTaskMemAlloc
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoInitializeSecurity
CoImpersonateClient

oleaut32

SysFreeString
SysAllocString
SysStringLen
VarBstrCat
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
VariantInit
VariantClear
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi

tquery

?ciDelete@@YGXPAX@Z
?ciNewNoThrow@@YGPAXI@Z
?ciNew@@YGPAXI@Z

shlwapi

PathIsUNCServerShareW
SHGetValueW
SHSetValueW
PathAddBackslashW
SHCopyKeyW
PathRemoveBackslashW
SHDeleteKeyW
ord154
PathIsDirectoryW
PathStripToRootW
PathCanonicalizeW
PathFindNextComponentW
PathSkipRootW
PathFileExistsW
SHRegGetValueW
SHStrDupW
PathAppendW
PathIsUNCW
PathIsUNCServerW
PathIsRootW

mssrch

??0CSearchServiceObj@@QAE@XZ
?Cleanup@CSearchServiceObj@@SGHXZ
??1CSearchServiceObj@@QAE@XZ

imm32

ImmDisableIME

Sections

.text
Size: 291KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 416KB - Virtual size: 1008KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bcce0d2b7ed723cd121dc97cc8a48b0c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

ntdll

ole32

oleaut32

tquery

shlwapi

mssrch

imm32

Sections

.text Size: 291KB - Virtual size: 291KB

.data Size: 7KB - Virtual size: 7KB

.rsrc Size: 100KB - Virtual size: 99KB

.reloc Size: 416KB - Virtual size: 1008KB

.text
Size: 291KB - Virtual size: 291KB

.data
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 100KB - Virtual size: 99KB

.reloc
Size: 416KB - Virtual size: 1008KB