JaffaCakes118_013adad2d639fb3845e0409196d4a373

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_013adad2d639fb3845e0409196d4a373
Size

168KB
MD5

013adad2d639fb3845e0409196d4a373
SHA1

37e5ca3cd3507fdcfdcce1eff289b28f079eabf6
SHA256

c32b419d78a2d93e837db74d4c12b8e95896f0b1fc1dd431580963c618c20d29
SHA512

4b5cefcab43c1b9bbb0ab624aa7f6518309270071dabcbc8dd6602397d6e8bd5bef7c6e7cae083170d6d976fd9f16457afe33d56e4fee3ada18c9f8466554c62
SSDEEP

3072:fJLPiUc6ouhSB2x0mwbXw5xiuixOwOYF/9lVNxw0U1K2rKlmi/m5qHIR:f1KUcSyZuixaYF/Lxw0U82rweQIR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_013adad2d639fb3845e0409196d4a373

Files

JaffaCakes118_013adad2d639fb3845e0409196d4a373
.exe windows:4 windows x86 arch:x86

ad4a4ce3be4582e289c00ff4d6fadd15

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoRevertToSelf
CoQueryProxyBlanket
CoImpersonateClient
CoCreateInstance
CoGetClassObject
CoTaskMemFree
StringFromCLSID
StringFromIID
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoInitializeSecurity
CoSetProxyBlanket
CLSIDFromString
CoTaskMemRealloc
StringFromGUID2
CoCreateGuid
CoGetCallContext
CoDisconnectObject
CoRegisterClassObject
CoRevokeClassObject

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

shlwapi

PathFindExtensionA

oleacc

LresultFromObject
AccessibleObjectFromPoint

kernel32

FreeEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
TlsFree
CreateFileMappingA
ReadProcessMemory
LocalFree
LoadLibraryW
SetUnhandledExceptionFilter
GetEnvironmentStringsW
HeapFree
GetModuleHandleW
WritePrivateProfileStringA
GetTickCount
SetEvent
IsDBCSLeadByte
GetStringTypeA
HeapAlloc
HeapSize
InterlockedDecrement
lstrlenW
FreeLibrary
GetCurrentThread
lstrcpyA
ExitProcess
GetCPInfo
SetLastError
LockResource
LoadLibraryExA
LocalSize
SetHandleCount
VirtualProtect
GetProcessTimes
LCMapStringA
GetACP
WideCharToMultiByte
RaiseException
SetErrorMode
FindResourceA
GetThreadLocale
LeaveCriticalSection
GetPrivateProfileSectionNamesA
GetCommandLineA
DuplicateHandle
GetFileType
GetStringTypeW
UnhandledExceptionFilter
SetEnvironmentVariableA
WriteProfileStringA
GetPrivateProfileStringA
TerminateThread
IsBadWritePtr
GetSystemInfo
IsBadReadPtr
LoadLibraryA
InterlockedExchange
EnumSystemLanguageGroupsW
GetProcessHeap
CreateMutexA
GetExitCodeProcess
lstrcmpiA
lstrcatA
CreateEventA
FindResourceExA
GetStartupInfoA
MapViewOfFile
HeapReAlloc
TlsSetValue
UnmapViewOfFile
MultiByteToWideChar
CreateProcessW
GetLastError
ReleaseMutex
Sleep
GetCurrentThreadId
GetEnvironmentStrings
OpenProcess
FreeEnvironmentStringsA
CreateThread
FormatMessageA
VirtualFree
CompareStringA
GetStdHandle
ReadFile
VirtualAlloc
CreateDirectoryA
RtlUnwind
WaitForSingleObject
TerminateProcess
FlushFileBuffers
InterlockedCompareExchange
ResetWriteWatch
SetStdHandle
GetSystemDirectoryA
TlsGetValue
GetFileAttributesA
LocalAlloc
GetModuleFileNameW
FindClose
QueryPerformanceCounter
SetEndOfFile
GetLocaleInfoA
SetFilePointer
CloseHandle
CreateFileA
LoadResource
GetVersion
IsBadCodePtr
lstrcpynA
InterlockedIncrement
TlsAlloc
InitializeCriticalSection
CreateProcessA
GetVersionExA
LCMapStringW
GetProfileStringA
GetModuleFileNameA
GetComputerNameA
EnterCriticalSection
VirtualQuery
HeapCreate
GetPrivateProfileSectionA
GetOEMCP
DeleteCriticalSection
WriteFile
HeapDestroy
GetCurrentProcess
SizeofResource
GetModuleHandleA
GetProcAddress
GetPrivateProfileIntA
lstrlenA
CompareStringW
FindFirstFileA
HeapFree

advapi32

GetSecurityDescriptorDacl
SetSecurityDescriptorSacl
RegEnumValueA
GetSecurityDescriptorControl
OpenThreadToken
RegCloseKey
PrivilegeCheck
GetSecurityDescriptorGroup
AddAccessDeniedAce
ControlService
RegQueryValueExA
ReportEventA
RegQueryInfoKeyA
RegDeleteKeyA
FreeSid
LookupAccountSidA
OpenServiceA
RegOpenKeyExA
GetAclInformation
GetSidSubAuthority
GetUserNameA
GetSecurityDescriptorSacl
RegCreateKeyExA
CreateServiceA
LookupPrivilegeValueA
GetSecurityDescriptorLength
RegSetValueExA
OpenProcessToken
AddAce
RegConnectRegistryA
LookupAccountNameA
RegEnumKeyExA
AllocateAndInitializeSid
RegSetKeySecurity
DuplicateTokenEx
RegEnumKeyA
SetSecurityDescriptorGroup
QueryServiceStatus
AddAccessAllowedAce
RegDeleteValueA
GetAce
InitializeSid
DuplicateToken
ChangeServiceConfigA
DeregisterEventSource
RegCreateKeyA
AdjustTokenPrivileges
GetSecurityDescriptorOwner
GetSidLengthRequired
RegisterEventSourceA
LookupAccountSidW
InitializeAcl
CloseServiceHandle
SetServiceStatus
DeleteService
MakeAbsoluteSD
StartServiceCtrlDispatcherA
InitializeSecurityDescriptor
AccessCheck
OpenSCManagerA
GetLengthSid
RegisterServiceCtrlHandlerA
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
GetTokenInformation
IsValidSid
CopySid
SetSecurityDescriptorDacl
SetThreadToken
EqualSid
MakeSelfRelativeSD
RegQueryValueExW
RegOpenKeyExW

rpcrt4

NdrClientCall
RpcBindingFromStringBindingA
RpcBindingSetAuthInfoA
RpcStringBindingComposeA
RpcStringFreeA

user32

PeekMessageA
SetTimer
CharNextA
GetMessageA
CharUpperA
GetWindowThreadProcessId
wsprintfW
GetWindowTextA
IsWindowVisible
DispatchMessageA
KillTimer
EnumWindows
PostThreadMessageA
LoadStringA
MessageBoxA
wsprintfA

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad4a4ce3be4582e289c00ff4d6fadd15

Headers

File Characteristics

Imports

ole32

version

shlwapi

oleacc

kernel32

advapi32

rpcrt4

user32

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 7KB - Virtual size: 407KB

.data Size: 99KB - Virtual size: 99KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 7KB - Virtual size: 407KB

.data
Size: 99KB - Virtual size: 99KB

.rsrc
Size: 512B - Virtual size: 4KB