JaffaCakes118_e85b3594ce638ff4a027cc7baecf1bfa

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_e85b3594ce638ff4a027cc7baecf1bfa
Size

259KB
MD5

e85b3594ce638ff4a027cc7baecf1bfa
SHA1

cb8ff1b8722a819aed670d2a4edb97ea03a97c65
SHA256

a36d6ebaf2797f68e6e8bbde6b4acc7ba6d8780ed4519057ffafcf149b4f4bcb
SHA512

c2ca5f8fb9862fa1ab3b86d63a03f3ceff9d9b10c6d44eb6b8bc7bc2d0d08e2a9d16632498979c87f5e4d5561e17d8fcbded6ef141e252ec14b936604e03839f
SSDEEP

6144:iyK4+vW9EnkxPWu9oYUkZYeLoerbZP4sdA9hmEPpW5rpH:FK99kPWqBU0LDrNgsdA9hFPW9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_e85b3594ce638ff4a027cc7baecf1bfa

Files

JaffaCakes118_e85b3594ce638ff4a027cc7baecf1bfa
.exe windows:4 windows x86 arch:x86

29fd9996b10182982c429e7b0516724d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

GetErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SafeArrayDestroy
RegisterTypeLi
SysStringByteLen
SafeArrayGetUBound
SysAllocStringLen
SetErrorInfo
UnRegisterTypeLi
SafeArrayCopy
VariantCopyInd
SafeArrayGetVartype
SysStringLen
SysFreeString
SafeArrayLock
SafeArrayUnlock
VariantClear
LoadRegTypeLi
CreateErrorInfo
VariantInit
SafeArrayRedim
LoadTypeLi
SysAllocString
VariantChangeType
SysAllocStringByteLen
VariantCopy
VarUI4FromStr

userenv

UnloadUserProfile

kernel32

CancelIo
SetStdHandle
WriteConsoleW
GetOEMCP
TlsAlloc
FindResourceW
EnterCriticalSection
GetExitCodeThread
OpenProcess
GetCommandLineW
VerifyVersionInfoW
VirtualQuery
HeapAlloc
GetCommandLineA
LeaveCriticalSection
GetConsoleMode
GetModuleHandleW
IsValidCodePage
HeapFree
WideCharToMultiByte
TlsGetValue
SetConsoleCtrlHandler
CloseHandle
LCMapStringA
DeleteCriticalSection
GetConsoleOutputCP
FreeLibrary
GetProcessHeap
lstrlenW
GetModuleHandleA
SetUnhandledExceptionFilter
LocalFree
CreateFileA
SetProcessWorkingSetSize
VirtualProtect
VirtualFree
lstrcmpiW
WaitForSingleObject
VerSetConditionMask
HeapReAlloc
GetDriveTypeW
LCMapStringW
DeviceIoControl
GetCurrentThreadId
SetLastError
ResumeThread
HeapDestroy
CreateEventW
GetThreadLocale
LoadLibraryExW
GetStdHandle
GetACP
SetProcessShutdownParameters
GetSystemTimeAsFileTime
GetFileType
CreateThread
TerminateThread
RtlUnwind
DuplicateHandle
RaiseException
UnhandledExceptionFilter
EnumSystemLocalesA
GetSystemInfo
GetVolumeNameForVolumeMountPointW
lstrlenA
IsDebuggerPresent
WriteFile
IsValidLocale
WriteConsoleA
GetConsoleCP
CreateProcessW
FreeEnvironmentStringsA
CreateWaitableTimerW
HeapSize
SetFilePointer
FindResourceExW
SetWaitableTimer
FlushFileBuffers
FreeEnvironmentStringsW
SizeofResource
LoadResource
CreateFileW
GetUserDefaultLCID
WaitForMultipleObjects
SetHandleCount
LockResource
VirtualAlloc
TlsSetValue
TlsFree
GetStartupInfoW

shlwapi

PathRemoveFileSpecW
PathQuoteSpacesW

user32

DispatchMessageW
GetSysColorBrush
RegisterClassW
DestroyWindow
PostThreadMessageW
MsgWaitForMultipleObjects
LoadCursorW
CharNextW
UnregisterClassA
PeekMessageW
TranslateMessage
wsprintfW
CreateWindowExW
LoadStringW
GetMessageW
DefWindowProcW
UnregisterClassW
CharUpperBuffW

advapi32

QueryServiceConfigW
RegisterEventSourceW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSidSubAuthority
GetSecurityDescriptorOwner
RegDeleteValueW
QueryServiceStatusEx
RegEnumKeyExW
ConvertSecurityDescriptorToStringSecurityDescriptorW
SetSecurityDescriptorGroup
GetSecurityDescriptorDacl
SetSecurityDescriptorOwner
RegEnumValueW
SetThreadToken
GetAclInformation
RegQueryValueExW
RegOpenKeyExW
AddAce
StartServiceCtrlDispatcherW
DeregisterEventSource
OpenSCManagerW
CopySid
RegQueryInfoKeyW
GetSidLengthRequired
ControlService
RegCloseKey
SetServiceStatus
InitializeAcl
RegCreateKeyExW
RegisterServiceCtrlHandlerW
OpenServiceW
GetSecurityDescriptorLength
GetSecurityDescriptorGroup
GetSecurityDescriptorSacl
RegDeleteKeyW
CreateServiceW
MakeAbsoluteSD
LookupAccountNameW
InitializeSid
ChangeServiceConfig2W
GetTokenInformation
CreateProcessAsUserW
ReportEventW
DeleteService
IsValidSid
EqualSid
MakeSelfRelativeSD
CloseServiceHandle
SetNamedSecurityInfoW
CheckTokenMembership
DuplicateToken
RegSetValueExW
InitializeSecurityDescriptor
GetLengthSid
SetSecurityDescriptorDacl
DuplicateTokenEx
GetSecurityDescriptorControl
ChangeServiceConfigW
OpenThreadToken

setupapi

SetupDiCreateDeviceInfoListExW
SetupDiSetDeviceRegistryPropertyW
CM_Get_DevNode_Status_Ex
SetupDiGetDeviceInstanceIdW
CM_Get_Sibling
CM_Get_Child
SetupDiGetDeviceInfoListDetailW
SetupDiGetClassDevsW
CM_Get_Device_IDW
CM_Get_Parent
SetupDiOpenDeviceInfoW
SetupDiGetDeviceInterfaceDetailW
CM_Locate_DevNodeW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
CM_Get_Device_ID_Size
SetupDiCreateDeviceInfoList
SetupDiGetClassDevsExW

iphlpapi

NotifyAddrChange

ole32

OleRun
CoTaskMemAlloc
CoImpersonateClient
CoUninitialize
ProgIDFromCLSID
CoTaskMemFree
CoInitializeSecurity
StringFromGUID2
CoCreateInstance
CoInitializeEx
StringFromCLSID
CLSIDFromString
CoTaskMemRealloc
CoRevertToSelf
CoRegisterClassObject
CoResumeClassObjects
CoRevokeClassObject
CoSuspendClassObjects

mscms

CreateColorTransformA
SetColorProfileElement
UnregisterCMMW
OpenColorProfileW
CreateDeviceLinkProfile
SpoolerCopyFileEvent
InternalGetPS2ColorRenderingDictionary

kbdlt1

KbdLayerDescriptor

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bbihz
Size: 512B - Virtual size: 613B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Tumzbi
Size: 1KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Vbhc
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dR
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 212KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QwcF
Size: 512B - Virtual size: 251B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29fd9996b10182982c429e7b0516724d

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

userenv

kernel32

shlwapi

user32

advapi32

setupapi

iphlpapi

ole32

mscms

kbdlt1

Sections

.text Size: 16KB - Virtual size: 15KB

.bbihz Size: 512B - Virtual size: 613B

.rdata Size: 7KB - Virtual size: 6KB

.Tumzbi Size: 1KB - Virtual size: 12KB

.Vbhc Size: 1024B - Virtual size: 2KB

.dR Size: 1KB - Virtual size: 4KB

.data Size: 212KB - Virtual size: 272KB

.QwcF Size: 512B - Virtual size: 251B

.rsrc Size: 18KB - Virtual size: 17KB

.text
Size: 16KB - Virtual size: 15KB

.bbihz
Size: 512B - Virtual size: 613B

.rdata
Size: 7KB - Virtual size: 6KB

.Tumzbi
Size: 1KB - Virtual size: 12KB

.Vbhc
Size: 1024B - Virtual size: 2KB

.dR
Size: 1KB - Virtual size: 4KB

.data
Size: 212KB - Virtual size: 272KB

.QwcF
Size: 512B - Virtual size: 251B

.rsrc
Size: 18KB - Virtual size: 17KB