JaffaCakes118_76b8b247b452dd486c8f70fe026325ea

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_76b8b247b452dd486c8f70fe026325ea
Size

278KB
MD5

76b8b247b452dd486c8f70fe026325ea
SHA1

220463ff0fa5c293230e6ffaa7e166da22de19d2
SHA256

68ac86f4d8ed5d7f0e857fa3a97e37d2a6f826961bf773a6a269eeb4e156d9eb
SHA512

399b96d8ae4d6012ee271ca5000a798f5435f577d0d922bf89abc667ac9d62bab74f618834c3bd30b5b20753dac32d647895bfd78a56b503d8f6b57f147c61d9
SSDEEP

6144:Iw8yL7ppV+WJG6de5dAqkNLBeYClpKzkc4qkeBACbx8YGLcRf:Iw/t+AMlkN1eYCDckc4jXgSYGI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_76b8b247b452dd486c8f70fe026325ea

Files

JaffaCakes118_76b8b247b452dd486c8f70fe026325ea
.exe windows:4 windows x86 arch:x86

5b323ad38fa98d3f877190adc06e1e82

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysStringLen
SysAllocString
SysFreeString
VarUI4FromStr
SysStringByteLen
VariantClear
SysAllocStringByteLen
SysAllocStringLen
SysReAllocStringLen
VarBstrCmp
VariantCopy
VariantChangeType
VariantInit
LoadRegTypeLib
VarI2FromUI1
VarBstrFromBool
VarTokenizeFormatString
VarBoolFromDec
LHashValOfNameSys
VarUI2FromI8
VarI4FromI2
SysStringByteLen
VarI1FromCy
VarBoolFromStr
VarR8FromI1
VarDecCmpR8
VarI4FromUI4
VarCyInt
VarBstrCat
VarCyFix
VarDateFromUI1
SafeArrayDestroyData
SafeArrayGetLBound
CreateDispTypeInfo
VariantChangeType
VarI1FromUI4
VarI2FromStr
VarDecFromI4
SystemTimeToVariantTime
VarCmp
VarI8FromDate
VarDecFromI2
VarDecFromUI2
VarDecSub
VarCyMulI8
VarR8FromBool
VarUI1FromDec
OaBuildVersion

kernel32

LeaveCriticalSection
VirtualProtectEx
OpenProcess
GetWindowsDirectoryW
FindResourceExW
CreateProcessW
lstrcmpiA
GetThreadPriority
SearchPathW
GetModuleHandleW
GetFileSize
LoadLibraryExW
lstrlenW
HeapReAlloc
RaiseException
CreateRemoteThread
CreateEventA
ContinueDebugEvent
SizeofResource
TlsSetValue
ReadProcessMemory
MapViewOfFile
GetFileInformationByHandle
GetSystemTimeAsFileTime
CreateThread
SetThreadAffinityMask
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
FreeLibrary
HeapDestroy
GetCurrentDirectoryW
OpenThread
FindFirstFileW
GetThreadSelectorEntry
GetLongPathNameW
ResumeThread
VirtualQuery
CancelIo
SetLastError
LCMapStringW
LoadLibraryExA
QueryDosDeviceW
EnterCriticalSection
ResetEvent
SetErrorMode
ReadFile
GetProcessHeap
TlsFree
WaitForDebugEvent
SetNamedPipeHandleState
LocalAlloc
CreateFileMappingW
FormatMessageA
FindClose
CreateMutexW
GetSystemInfo
VirtualAlloc
FindResourceW
GetComputerNameW
GetSystemDirectoryW
GetFileTime
GetLogicalDrives
SwitchToThread
TransactNamedPipe
GetVolumeInformationW
GetFullPathNameW
CreateEventW
UnhandledExceptionFilter
GetOverlappedResult
FormatMessageW
Process32First
WaitNamedPipeW
SetHandleInformation
VirtualQueryEx
HeapAlloc
SetUnhandledExceptionFilter
GetProcessAffinityMask
FlushInstructionCache
DuplicateHandle
OutputDebugStringW
DeleteFileW
SuspendThread
IsDebuggerPresent
GetCurrentThreadId
FindResourceA
CreateFileMappingA
GetThreadContext
FreeLibraryAndExitThread
Process32Next
ExpandEnvironmentStringsW
LoadResource
WideCharToMultiByte
QueryPerformanceFrequency
CreateFileW
FreeEnvironmentStringsW
LockResource
WriteProcessMemory
DeleteCriticalSection
VirtualFree
HeapFree
IsDBCSLeadByte
CloseHandle
DebugActiveProcess
UnmapViewOfFile
ProcessIdToSessionId
GetModuleHandleA
CreateToolhelp32Snapshot
HeapSize
ReleaseMutex
TlsGetValue
TlsAlloc
SetFilePointer
lstrlenA
SetThreadContext
LocalFree
VirtualAllocEx

user32

SetDebugErrorLevel
EnumWindows
PostThreadMessageW
GetWindowThreadProcessId
IsWindowVisible
CharLowerBuffA
LoadStringA
LoadStringW
GetWindowTextW
CharNextA

ole32

CoCreateFreeThreadedMarshaler
CoInitializeEx
CoCreateInstance
CoReleaseMarshalData
StringFromCLSID
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CoTaskMemAlloc
CoWaitForMultipleHandles
CoCreateGuid
StringFromGUID2

advapi32

GetSecurityDescriptorOwner
CryptGetHashParam
RegCloseKey
GetSidIdentifierAuthority
CryptDestroyHash
IsValidSecurityDescriptor
RegQueryInfoKeyA
GetUserNameW
PrivilegeCheck
FreeSid
SetSecurityDescriptorGroup
RegEnumKeyExA
CryptReleaseContext
SetSecurityDescriptorDacl
LookupPrivilegeValueW
GetKernelObjectSecurity
RegDeleteKeyA
RegOpenKeyExA
CryptHashData
AdjustTokenPrivileges
AddAccessAllowedAce
GetTokenInformation
RegConnectRegistryW
AllocateAndInitializeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteValueA
CryptCreateHash
RegQueryValueExW
CryptAcquireContextA
RegEnumValueA
RegOpenKeyExW
RegQueryValueExA
RegSetValueExA
GetSidSubAuthority
AccessCheck
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
RegQueryInfoKeyW
EqualSid
OpenProcessToken
RegCreateKeyExA
DuplicateToken
SetSecurityDescriptorOwner
GetSidSubAuthorityCount
RegCreateKeyExW

shell32

CommandLineToArgvW

qedit

DllGetClassObject

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 30KB - Virtual size: 892KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 180KB - Virtual size: 841KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b323ad38fa98d3f877190adc06e1e82

Headers

File Characteristics

Imports

oleaut32

kernel32

user32

ole32

advapi32

shell32

qedit

Sections

.text Size: 22KB - Virtual size: 21KB

.bss Size: 30KB - Virtual size: 892KB

.reloc Size: 180KB - Virtual size: 841KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 35KB - Virtual size: 315KB

.rsrc Size: 3KB - Virtual size: 15KB

.text
Size: 22KB - Virtual size: 21KB

.bss
Size: 30KB - Virtual size: 892KB

.reloc
Size: 180KB - Virtual size: 841KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 35KB - Virtual size: 315KB

.rsrc
Size: 3KB - Virtual size: 15KB