JaffaCakes118_1404fefb3214d46cd978b79b4781b930

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_1404fefb3214d46cd978b79b4781b930
Size

272KB
MD5

1404fefb3214d46cd978b79b4781b930
SHA1

a2480fc8136a1ac5ed342f707158c45bf95dea8c
SHA256

13fb4277b10ad923fa9d9a8410bce8a4ba7df4dc3672454eca4d8d2290435ec5
SHA512

60794a0cc44a08bb013ba2bd3596da72d7a5f8e5c7b7d7fda2ac753b4ebae6ffacb0a676aba0df41541d12653964ee76a8e6847d796526d25be9363ff9ee5d83
SSDEEP

6144:F4SWm6kawyeKCTsElfiPX0PGD3n8nDTR4cWmhUR9c:gQad6lZzU38/6k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_1404fefb3214d46cd978b79b4781b930

Files

JaffaCakes118_1404fefb3214d46cd978b79b4781b930
.exe windows:5 windows x86 arch:x86

a49703b61e26210a85c040b307f3e2aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathQuoteSpacesW
PathRemoveFileSpecW

userenv

UnloadUserProfile

kernel32

CreateThread
SetConsoleCtrlHandler
SetUnhandledExceptionFilter
GetUserDefaultLCID
WaitForMultipleObjects
OpenProcess
HeapFree
FindResourceW
LCMapStringW
IsValidCodePage
HeapReAlloc
FreeLibrary
TlsGetValue
SetHandleCount
TlsAlloc
CreateEventW
LCMapStringA
CreateFileW
SetProcessWorkingSetSize
SetFilePointer
GetConsoleOutputCP
WriteConsoleA
LeaveCriticalSection
SizeofResource
GetModuleHandleW
EnterCriticalSection
GetModuleHandleA
WaitForSingleObject
WideCharToMultiByte
FlushFileBuffers
lstrlenA
RtlUnwind
GetACP
UnhandledExceptionFilter
LockResource
GetDriveTypeW
FreeEnvironmentStringsA
GetVolumeNameForVolumeMountPointW
GetConsoleMode
GetCommandLineW
VirtualProtect
CreateProcessW
GetCommandLineA
LoadLibraryExW
SetLastError
CreateWaitableTimerW
VirtualAlloc
SetProcessShutdownParameters
WriteFile
EnumSystemLocalesA
VerifyVersionInfoW
IsValidLocale
VirtualQuery
TlsSetValue
CancelIo
DeviceIoControl
GetSystemInfo
CloseHandle
TerminateThread
SetStdHandle
HeapAlloc
GetFileType
GetSystemTimeAsFileTime
RaiseException
VerSetConditionMask
WriteConsoleW
GetExitCodeThread
GetOEMCP
HeapDestroy
lstrlenW
SetWaitableTimer
lstrcmpiW
ResumeThread
GetCurrentThreadId
FreeEnvironmentStringsW
DeleteCriticalSection
TlsFree
LocalFree
GetConsoleCP
GetStdHandle
GetProcessHeap
HeapSize
CreateFileA
VirtualFree
LoadResource
DuplicateHandle
GetThreadLocale
FindResourceExW
IsDebuggerPresent
CompareFileTime
VirtualAllocEx

oleaut32

VariantCopyInd
VariantClear
SysAllocString
VariantCopy
CreateErrorInfo
VariantChangeType
SafeArrayDestroy
LoadTypeLi
SafeArrayUnlock
SafeArrayGetVartype
SafeArrayGetLBound
SafeArrayLock
UnRegisterTypeLi
SetErrorInfo
SafeArrayGetUBound
SysFreeString
SafeArrayCreate
SysStringByteLen
LoadRegTypeLi
SafeArrayRedim
SysStringLen
VarUI4FromStr
SysAllocStringLen
RegisterTypeLi
SafeArrayCopy
SysAllocStringByteLen
GetErrorInfo
VariantInit

ole32

CoRevertToSelf
CoRevokeClassObject
CoUninitialize
OleRun
CoSuspendClassObjects
CoImpersonateClient
ProgIDFromCLSID
CoTaskMemRealloc
CoRegisterClassObject
CoTaskMemAlloc
CoInitializeSecurity
CoResumeClassObjects
CoTaskMemFree
StringFromCLSID
CoCreateInstance
StringFromGUID2
CoInitializeEx
CLSIDFromString

advapi32

QueryServiceStatusEx
ConvertSecurityDescriptorToStringSecurityDescriptorW
DeleteService
CopySid
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorOwner
ReportEventW
DuplicateToken
ChangeServiceConfigW
RegOpenKeyExW
MakeSelfRelativeSD
OpenServiceW
EqualSid
RegisterEventSourceW
SetSecurityDescriptorGroup
OpenSCManagerW
RegisterServiceCtrlHandlerW
RegSetValueExW
RegQueryValueExW
SetSecurityDescriptorOwner
RegCreateKeyExW
MakeAbsoluteSD
GetAclInformation
GetSecurityDescriptorLength
LookupAccountNameW
GetSecurityDescriptorGroup
GetSidLengthRequired
ControlService
QueryServiceConfigW
CreateServiceW
DuplicateTokenEx
StartServiceCtrlDispatcherW
RegEnumValueW
GetSecurityDescriptorControl
CreateProcessAsUserW
GetTokenInformation
CheckTokenMembership
CloseServiceHandle
SetThreadToken
GetSecurityDescriptorDacl
GetLengthSid
ChangeServiceConfig2W
InitializeSid
RegEnumKeyExW
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AddAce
RegDeleteKeyW
SetServiceStatus
DeregisterEventSource
RegDeleteValueW
GetSecurityDescriptorSacl
RegQueryInfoKeyW
GetSidSubAuthority
OpenThreadToken
SetNamedSecurityInfoW
RegCloseKey
IsValidSid

setupapi

SetupDiGetDeviceInstanceIdW
CM_Get_DevNode_Status_Ex
SetupDiSetDeviceRegistryPropertyW
CM_Get_Device_IDW
SetupDiGetClassDevsExW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
CM_Locate_DevNodeW
CM_Get_Device_ID_Size
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInterfaces
CM_Get_Child
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInfoListDetailW
SetupDiEnumDeviceInfo
SetupDiCreateDeviceInfoListExW
SetupDiOpenDeviceInfoW
CM_Get_Parent
CM_Get_Sibling

user32

PeekMessageW
wsprintfW
CharUpperBuffW
CreateWindowExW
TranslateMessage
GetMessageW
LoadStringW
PostThreadMessageW
DefWindowProcW
UnregisterClassA
LoadCursorW
DispatchMessageW
RegisterClassW
GetSysColorBrush
MsgWaitForMultipleObjects
CharNextW
DestroyWindow
UnregisterClassW

iphlpapi

NotifyAddrChange

winspool.drv

OpenPrinterW
AddJobW
DevicePropertySheets
StartDocDlgW
ConnectToPrinterDlg
DeletePrinterDriverA
DeletePortW
DocumentPropertiesW
ADVANCEDSETUPDIALOG
AddPrinterDriverW
SpoolerDevQueryPrintW
AddPrintProvidorW
AddPrinterConnectionA
DeletePrintProcessorA

sti

DllRegisterServer

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qCmr
Size: 1024B - Virtual size: 995B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tzHzc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.VSUJrp
Size: 512B - Virtual size: 429B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.EisFjr
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.myxUmhC
Size: 1024B - Virtual size: 582B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yyQrY
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.BenXwvG
Size: 105KB - Virtual size: 607KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 111KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HWtOe
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.TAYWXtr
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.aMJtEQB
Size: 512B - Virtual size: 429B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ThTXE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a49703b61e26210a85c040b307f3e2aa

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

userenv

kernel32

oleaut32

ole32

advapi32

setupapi

user32

iphlpapi

winspool.drv

sti

Sections

.text Size: 21KB - Virtual size: 20KB

.qCmr Size: 1024B - Virtual size: 995B

.tzHzc Size: 2KB - Virtual size: 2KB

.VSUJrp Size: 512B - Virtual size: 429B

.EisFjr Size: 3KB - Virtual size: 2KB

.rdata Size: 7KB - Virtual size: 6KB

.myxUmhC Size: 1024B - Virtual size: 582B

.yyQrY Size: 2KB - Virtual size: 1KB

.BenXwvG Size: 105KB - Virtual size: 607KB

.data Size: 111KB - Virtual size: 1.2MB

.HWtOe Size: 2KB - Virtual size: 1KB

.rsrc Size: 11KB - Virtual size: 10KB

.TAYWXtr Size: 2KB - Virtual size: 2KB

.aMJtEQB Size: 512B - Virtual size: 429B

.ThTXE Size: 1KB - Virtual size: 1KB

.text
Size: 21KB - Virtual size: 20KB

.qCmr
Size: 1024B - Virtual size: 995B

.tzHzc
Size: 2KB - Virtual size: 2KB

.VSUJrp
Size: 512B - Virtual size: 429B

.EisFjr
Size: 3KB - Virtual size: 2KB

.rdata
Size: 7KB - Virtual size: 6KB

.myxUmhC
Size: 1024B - Virtual size: 582B

.yyQrY
Size: 2KB - Virtual size: 1KB

.BenXwvG
Size: 105KB - Virtual size: 607KB

.data
Size: 111KB - Virtual size: 1.2MB

.HWtOe
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 11KB - Virtual size: 10KB

.TAYWXtr
Size: 2KB - Virtual size: 2KB

.aMJtEQB
Size: 512B - Virtual size: 429B

.ThTXE
Size: 1KB - Virtual size: 1KB