JaffaCakes118_19f78d45acece45126fad544289a33d8

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_19f78d45acece45126fad544289a33d8
Size

275KB
MD5

19f78d45acece45126fad544289a33d8
SHA1

a6b7437362ef0c2efb495b3dbeac291e896b3a3c
SHA256

2423ec279e591af7117a4c12465169a1a26f7a6adf35d5983ed8d254d82132d2
SHA512

6654a400fb5c962126b38aa357c748b04f5254ca63d28dd7e8dc7043f613ce9ac87a0b2a8ca1b5c98f6d3842aba12b52eebfdb76ebbebb882e605a376b5d51ad
SSDEEP

6144:b2J9n/ekxcnYvkGc9plVQYsvkk2EOqpJjSsTS:b2JUcX8LvVQY8kk2EO+d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_19f78d45acece45126fad544289a33d8

Files

JaffaCakes118_19f78d45acece45126fad544289a33d8
.exe windows:4 windows x86 arch:x86

2c59df6083165220959cf80ab831c667

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA
CharPrevExA
CharUpperBuffW
CharNextExA

advapi32

AddAccessDeniedAce
SetThreadToken
AddAccessAllowedAce
DeregisterEventSource
ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegisterTraceGuidsA
RegCreateKeyExW
FreeSid
RegQueryValueExW
InitializeSecurityDescriptor
GetLengthSid
OpenSCManagerW
OpenServiceW
SetSecurityDescriptorDacl
RegisterServiceCtrlHandlerExW
GetTraceEnableFlags
DuplicateToken
LookupAccountSidA
GetTraceEnableLevel
InitializeAcl
RegSetValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorA
UnregisterTraceGuids
GetTokenInformation
DuplicateTokenEx
RegisterEventSourceW
StartServiceCtrlDispatcherW
GetTraceLoggerHandle
TraceMessage
RegOpenKeyExW
RegCloseKey
CloseServiceHandle
AllocateAndInitializeSid
SetServiceStatus

rpcrt4

RpcServerUseProtseqEpA
NdrServerCall2
RpcMgmtStopServerListening
RpcServerListen
RpcServerUnregisterIf
RpcServerRegisterAuthInfoA
RpcServerRegisterIf

kernel32

CreateMutexW
UnregisterWaitEx
VirtualAlloc
HeapFree
GetVolumeInformationW
QueryPerformanceFrequency
LCMapStringA
CreateSemaphoreW
HeapDestroy
RaiseException
GetConsoleOutputCP
GlobalFree
ReleaseSemaphore
SetHandleCount
FreeEnvironmentStringsA
CreateEventW
ResetEvent
SystemTimeToFileTime
HeapAlloc
QueueUserWorkItem
GetVolumePathNamesForVolumeNameW
DeleteTimerQueueTimer
CreateFileMappingA
GetProcessHeap
UnlockFile
GetCurrentThreadId
CreateMutexA
RegisterWaitForSingleObject
CreateFileMappingW
UnhandledExceptionFilter
TlsFree
IsValidLocale
GetOEMCP
WideCharToMultiByte
MapViewOfFile
GetUserDefaultLCID
DeleteCriticalSection
GetTempFileNameW
CreateEventA
HeapReAlloc
OpenMutexA
IsValidCodePage
GetCommandLineA
GetPriorityClass
SetEndOfFile
CreateFileW
OpenProcess
CreateTimerQueueTimer
TlsAlloc
GetSystemTime
FreeEnvironmentStringsW
UnregisterWait
TlsGetValue
GetConsoleCP
EnumSystemLocalesA
CreateIoCompletionPort
MoveFileW
UnmapViewOfFile
DeleteTimerQueueEx
GetFileType
GetThreadPriority
GetShortPathNameA
ExpandEnvironmentStringsW
GetDriveTypeW
LoadLibraryExA
GetStdHandle
FlushFileBuffers
GetFileSizeEx
SetThreadPriority
GetSystemTimeAsFileTime
CreateProcessW
CreateFileA
FreeLibrary
GlobalMemoryStatusEx
DeleteFileW
LCMapStringW
GetComputerNameW
WriteConsoleA
GetConsoleMode
SetFilePointer
EnterCriticalSection
CloseHandle
ReleaseMutex
LeaveCriticalSection
IsDebuggerPresent
GetFileSize
HeapSize
VirtualFree
LocalFree
WaitForMultipleObjects
CompareStringW
CopyFileW
LockFileEx
GetModuleHandleA
CreateTimerQueue
GlobalAlloc
RtlUnwind
GetComputerNameA
SetFilePointerEx
CreateDirectoryW
WaitForSingleObject
GetACP
SetLastError
CreateThread
SetStdHandle
TlsSetValue
OpenEventA
GetLocalTime
WriteConsoleW
SetUnhandledExceptionFilter
GetQueuedCompletionStatus
GetSystemInfo
WriteFile
SetPriorityClass
PostQueuedCompletionStatus
SetErrorMode
ReadFile
CompareStringA
GetStartupInfoW
VirtualAllocEx

rtm

RtmCloseEnumerationHandle
RtmGetFirstRoute
RtmGetListEnumRoutes
RtmReleaseNextHopInfo
MgmGetMfe
RtmUpdateAndUnlockRoute
InsertIntoTable
RtmReleaseDests
RtmReadInstanceConfig
DumpTable
MgmReleaseInterfaceOwnership
MgmGetNextMfe
RtmReleaseRoutes

qedit

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 240KB - Virtual size: 558KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c59df6083165220959cf80ab831c667

Headers

File Characteristics

Imports

user32

advapi32

rpcrt4

kernel32

rtm

qedit

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 240KB - Virtual size: 558KB

.rsrc Size: 4KB - Virtual size: 16KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 240KB - Virtual size: 558KB

.rsrc
Size: 4KB - Virtual size: 16KB