JaffaCakes118_12cc90cc35833b32222fa74f7698c3f9

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_12cc90cc35833b32222fa74f7698c3f9
Size

259KB
MD5

12cc90cc35833b32222fa74f7698c3f9
SHA1

4453ee2c3e165a11db0df491fcae0edfb8cdac68
SHA256

d25f866777dc66bf127868b1e350077449dfd6c399985a470c5041c8786fda82
SHA512

2a7920b0fb9374bd1b7e0e1213dfa2fbed39902d35c8213117dcca9e5b8cac2b3f53f6abb15c39bfb3a682dbc6de511fe34e5985988b08ed5889a816b1e00b44
SSDEEP

6144:p5HPTsOPhJP7a/4TuPOFTTnUpdY6DrJyk2:7vTBPhtCPO9nedrrJc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_12cc90cc35833b32222fa74f7698c3f9

Files

JaffaCakes118_12cc90cc35833b32222fa74f7698c3f9
.exe windows:4 windows x86 arch:x86

6d2c41455cb58ef0edcf6d7531d404b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msi

ord113

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

advapi32

RegCreateKeyExW
CreateProcessAsUserW
CloseServiceHandle
AllocateAndInitializeSid
SetTokenInformation
ControlService
CryptAcquireContextW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteValueW
CryptCreateHash
CryptHashData
AddAccessAllowedAce
GetLengthSid
GetSidIdentifierAuthority
CryptGetHashParam
CreateServiceW
StartServiceW
AddAce
GetAce
InitializeAcl
GetNamedSecurityInfoW
DuplicateTokenEx
RegCloseKey
GetUserNameW
ChangeServiceConfig2W
StartServiceCtrlDispatcherW
InitializeSecurityDescriptor
OpenSCManagerW
CryptGenRandom
SetServiceStatus
RegOpenKeyExW
RegisterServiceCtrlHandlerW
SetNamedSecurityInfoW
RegSetValueExW
OpenServiceW
QueryServiceStatus
FreeSid
OpenProcessToken
CryptReleaseContext
RegQueryValueExW
SetSecurityDescriptorSacl
CryptDestroyHash
GetSidSubAuthorityCount
SetEntriesInAclW
LookupPrivilegeValueW
GetAclInformation
RegEnumKeyW
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
AdjustTokenPrivileges
GetSidSubAuthority

kernel32

ReadFile
GlobalUnlock
WriteFile
LeaveCriticalSection
LoadResource
CreateFileMappingW
FindResourceW
OpenMutexW
WideCharToMultiByte
GetCommandLineW
GetProcessHeap
Process32NextW
GetCurrentThreadId
ExpandEnvironmentStringsW
Process32FirstW
LocalAlloc
CreateProcessW
SizeofResource
CreateToolhelp32Snapshot
UnhandledExceptionFilter
FreeLibrary
CloseHandle
TryEnterCriticalSection
ReadProcessMemory
FindResourceExW
GlobalAlloc
SetLastError
IsDebuggerPresent
HeapFree
EnterCriticalSection
HeapReAlloc
GetLocalTime
FindFirstFileW
GetSystemTime
CreateMutexW
DeleteFileW
RaiseException
CreateFileW
SetUnhandledExceptionFilter
ReleaseMutex
HeapDestroy
LockResource
CreateEventW
FindClose
WaitForMultipleObjects
GetShortPathNameW
MoveFileExW
OpenEventW
GetSystemDirectoryW
CopyFileW
CreateDirectoryW
GetSystemTimeAsFileTime
MapViewOfFile
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
UnmapViewOfFile
HeapSize
GlobalMemoryStatus
SetFilePointer
GlobalLock
ResetEvent
OpenProcess
HeapAlloc
GlobalFree
OpenFileMappingW
GetModuleHandleW
Module32FirstW
ProcessIdToSessionId
WaitForSingleObject
VirtualQuery
LocalFree
FindNextFileW
Module32NextW
CreateThread
GetVersion
VirtualAllocEx

psapi

GetModuleFileNameExW
EnumProcesses
EnumProcessModules

shlwapi

PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
SHDeleteKeyW
PathAppendW
PathRemoveBlanksW
PathIsUNCServerShareW
PathRemoveExtensionW
PathFileExistsA
PathUnquoteSpacesW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

shell32

SHGetFolderPathW
SHCreateDirectoryExW

mscms

RegisterCMMW
UnregisterCMMA
DisassociateColorProfileFromDeviceA
GetColorDirectoryA
DeleteColorTransform
InternalSetDeviceConfig
CheckBitmapBits

qasf

DllGetClassObject
DllCanUnloadNow
DllRegisterServer

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tNT
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.YvT
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qZ
Size: 1024B - Virtual size: 714B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Yrmnu
Size: 512B - Virtual size: 411B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.XtP
Size: 512B - Virtual size: 341B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.k
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.O
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 213KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wHe
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hRxS
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ARThzg
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d2c41455cb58ef0edcf6d7531d404b6

Headers

DLL Characteristics

File Characteristics

Imports

msi

version

advapi32

kernel32

psapi

shlwapi

userenv

shell32

mscms

qasf

Sections

.text Size: 19KB - Virtual size: 18KB

.tNT Size: 1KB - Virtual size: 2KB

.YvT Size: 1024B - Virtual size: 1KB

.qZ Size: 1024B - Virtual size: 714B

.Yrmnu Size: 512B - Virtual size: 411B

.XtP Size: 512B - Virtual size: 341B

.rdata Size: 5KB - Virtual size: 4KB

.k Size: 1KB - Virtual size: 1KB

.O Size: 1024B - Virtual size: 788B

.data Size: 213KB - Virtual size: 358KB

.wHe Size: 1024B - Virtual size: 784B

.hRxS Size: 1KB - Virtual size: 1KB

.ARThzg Size: 1KB - Virtual size: 1KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 19KB - Virtual size: 18KB

.tNT
Size: 1KB - Virtual size: 2KB

.YvT
Size: 1024B - Virtual size: 1KB

.qZ
Size: 1024B - Virtual size: 714B

.Yrmnu
Size: 512B - Virtual size: 411B

.XtP
Size: 512B - Virtual size: 341B

.rdata
Size: 5KB - Virtual size: 4KB

.k
Size: 1KB - Virtual size: 1KB

.O
Size: 1024B - Virtual size: 788B

.data
Size: 213KB - Virtual size: 358KB

.wHe
Size: 1024B - Virtual size: 784B

.hRxS
Size: 1KB - Virtual size: 1KB

.ARThzg
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 9KB - Virtual size: 9KB