ec8b78668f8815789930225f430d366e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ec8b78668f8815789930225f430d366e_JaffaCakes118
Size

414KB
MD5

ec8b78668f8815789930225f430d366e
SHA1

a341f67bd314bc8ad35a87dbbccf891c1845df32
SHA256

a8bfed54eeba6e82d4c260213c4d872215291e55d2a4e809d9a2c43612cb3f27
SHA512

5910436f029714f43697159cde6e21fbb2c6ac977be427dd3d3dd2604b973de879699676e120f25233003ced500e5574b2ecff4499cdc9db424245045b5f0a4a
SSDEEP

12288:JtWhB2kkkCybVYsH3qbPNS90VRiRaUbGRZg:XfyCEf6bcsEIUI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ec8b78668f8815789930225f430d366e_JaffaCakes118

Files

ec8b78668f8815789930225f430d366e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1e9b9edbb2aaafd361bef89f51d48efb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
HeapAlloc
HeapFree
VirtualAlloc
LocalFree
CreateToolhelp32Snapshot
CreateWaitableTimerA
TransactNamedPipe
GetProfileSectionW
GetLocalTime
GetExitCodeThread
DebugBreak
EnumSystemCodePagesA
LoadLibraryW
FindFirstFileA
CreateFileW
GetCommandLineA
FindFirstChangeNotificationA
GetProcessVersion
LeaveCriticalSection
GetTempFileNameW
CreateWaitableTimerW
SetThreadPriority
AddAtomW
SetThreadAffinityMask
GetNumberFormatA
EnumCalendarInfoW
TlsSetValue
GetFileAttributesW
GetCompressedFileSizeW
GetProcessShutdownParameters
SetConsoleScreenBufferSize
CommConfigDialogW
UpdateResourceA
EnumSystemLocalesA
LocalFlags
GetProcessTimes
lstrcpynA
GetShortPathNameA
LocalSize
GetDiskFreeSpaceW
GetFileAttributesExA
MultiByteToWideChar
OpenWaitableTimerW
SetThreadPriorityBoost
OutputDebugStringW
OpenMutexW
WaitForMultipleObjectsEx
VirtualLock
SetCriticalSectionSpinCount
EnumDateFormatsA
CreateFileMappingW
SetVolumeLabelW
FindNextFileA
SetThreadIdealProcessor
SetComputerNameA
GetStartupInfoW
Process32Next
GetTempPathA
HeapLock
UnlockFileEx
Heap32ListNext
GetEnvironmentStrings
GetThreadLocale
OpenEventA
GetPrivateProfileSectionNamesA
InterlockedCompareExchange
WriteConsoleInputA
RtlZeroMemory
lstrcpyA
CreateFileMappingA
GetThreadSelectorEntry
WaitNamedPipeA
SetEnvironmentVariableA
CommConfigDialogA
GetProfileIntW
BeginUpdateResourceA
GetCurrencyFormatA
EnumCalendarInfoExW
InitAtomTable
GetACP
FindResourceW
GetModuleFileNameW
GetLastError
GlobalWire
IsValidCodePage
CreateTapePartition
FreeLibrary
FillConsoleOutputCharacterA
SetFileAttributesW
VirtualProtect
OpenFile
lstrcmp
SystemTimeToFileTime
ReadConsoleInputA
CreateProcessW
EnumCalendarInfoA
LocalCompact
ReadDirectoryChangesW
Toolhelp32ReadProcessMemory
SetFilePointer
VirtualUnlock
GetSystemTimeAdjustment
SetConsoleTitleW
VirtualFreeEx
GetExitCodeProcess
OpenEventW
GetLogicalDriveStringsW
VirtualFree
FillConsoleOutputAttribute
WaitCommEvent
CreateRemoteThread
LocalLock
ReadFileScatter
SetEvent
GetProfileStringA
GetFileAttributesExW
SetConsoleCursorInfo
PeekNamedPipe
GetEnvironmentStringsA
WritePrivateProfileStructA
lstrlenA
SetComputerNameW
GetSystemInfo
SetConsoleCursorPosition
GetNumberFormatW
WaitForSingleObjectEx
CreateDirectoryExA
MoveFileExA
FindFirstFileW
SetConsoleTitleA
GetNamedPipeHandleStateW
DebugActiveProcess
TerminateThread
FreeResource
GetLongPathNameA
CreateProcessA
SetLocaleInfoW
CreateNamedPipeW
CreateMutexA
FindResourceExA
EnumCalendarInfoExA
GetPrivateProfileSectionA
lstrcpyn
FindAtomW
lstrcpy
LocalShrink
GlobalReAlloc
SetConsoleMode
DeleteFiber
GetConsoleOutputCP
GetLocaleInfoA
GetShortPathNameW
FreeEnvironmentStringsA
WritePrivateProfileStructW
GetStringTypeExA
ResetWriteWatch
WritePrivateProfileStringW
GetUserDefaultLCID
GetConsoleTitleA
GetProcessHeaps
FileTimeToSystemTime
GetNumberOfConsoleInputEvents
WriteConsoleOutputW
UnmapViewOfFile
CreateNamedPipeA
CreateEventA
EnumSystemCodePagesW
EnumDateFormatsW
GetDateFormatA
ReadConsoleOutputCharacterA
CreateMailslotW
WritePrivateProfileSectionA
GetProcAddress
HeapValidate
SetConsoleTextAttribute
GetCalendarInfoW
FindClose
GetConsoleScreenBufferInfo
GetPrivateProfileIntW
CreateDirectoryA
SetThreadExecutionState
lstrcat
WinExec
WaitForMultipleObjects
SleepEx
GetThreadTimes
UpdateResourceW
GlobalFix
GlobalGetAtomNameW
CreateEventW
lstrcmpiA
EraseTape
GetVersionExW
SetSystemTimeAdjustment
ReadConsoleOutputA
GetStdHandle
WaitForDebugEvent
EnumSystemLocalesW
lstrcmpW
GetLogicalDriveStringsA
lstrcatA
GlobalUnWire
GetDiskFreeSpaceA
FlushConsoleInputBuffer
ReadConsoleW
GlobalUnfix
GetVersion
CreateMutexW
DeleteFileA
MoveFileW
LockFileEx
GetProcessHeap
VirtualQueryEx
FindFirstFileExW
GetNumberOfConsoleMouseButtons
EnumResourceNamesA
SetCurrentDirectoryA
GetCurrencyFormatW
InterlockedExchangeAdd
LocalFileTimeToFileTime
GetPrivateProfileIntA
GlobalAddAtomA
FindResourceA
GetFileType
GetTempPathW
CreateConsoleScreenBuffer
SetLocalTime
CloseHandle
GetFileTime
GetSystemDefaultLangID
GetPriorityClass
GlobalHandle
GetDateFormatW
FlushViewOfFile
LoadModule
GetPrivateProfileStructA
WriteProfileSectionW
ReadConsoleOutputAttribute
Sleep
DeviceIoControl
SetFileAttributesA
GetProcessPriorityBoost
OpenWaitableTimerA
HeapDestroy
GetDiskFreeSpaceExW
PeekConsoleInputA
LockFile
Heap32ListFirst
WriteFileGather
DeleteAtom
SetLocaleInfoA
WriteFile
WriteFileEx
PulseEvent
SetVolumeLabelA
GetDriveTypeW
GlobalUnlock
UnhandledExceptionFilter
GetWindowsDirectoryW
GetSystemTime
GetTimeFormatA
ReadFile
GlobalFlags
HeapCompact
Heap32First
CreateFileA
EnterCriticalSection
GetFileAttributesA
FindResourceExW
GetPrivateProfileSectionW
CopyFileA
GetLogicalDrives
EnumDateFormatsExA
FindCloseChangeNotification
GetNamedPipeHandleStateA

shell32

InternalExtractIconListA

wininet

InternetGetConnectedStateExW
HttpSendRequestW
FtpCreateDirectoryA
FindNextUrlCacheGroup
FtpCreateDirectoryW
UnlockUrlCacheEntryFileW
InternetCreateUrlA
FtpRemoveDirectoryW
LoadUrlCacheContent
FtpRenameFileA
InternetQueryDataAvailable
DeleteUrlCacheEntryA
FreeUrlCacheSpaceA
InternetSetCookieW
InternetConfirmZoneCrossingA
HttpSendRequestExW
InternetGoOnlineA
InternetSetOptionExW
FtpFindFirstFileW
InternetGoOnlineW
GetUrlCacheHeaderData
InternetDialA
UnlockUrlCacheEntryFileA
InternetGetCookieW
InternetConfirmZoneCrossingW
HttpEndRequestW
InternetOpenUrlA
SetUrlCacheEntryGroup
FtpOpenFileA
IsUrlCacheEntryExpiredW
InternetSecurityProtocolToStringA

advapi32

InitiateSystemShutdownA
RegOpenKeyExA
RegNotifyChangeKeyValue
InitializeSecurityDescriptor
CreateServiceW
CryptSignHashW
RegDeleteKeyA
RegFlushKey
RegOpenKeyW
CryptDuplicateKey
CryptAcquireContextA
StartServiceA
RegSaveKeyA
RegQueryValueW
CryptEnumProvidersA
CryptSetKeyParam
ReportEventA
RegLoadKeyW
LookupAccountNameW
RegQueryValueExA
RegEnumValueW
DuplicateToken
CryptExportKey
LookupSecurityDescriptorPartsA
RegCreateKeyA
RegCreateKeyW
AbortSystemShutdownW
CryptSetHashParam
CryptDestroyHash
LookupAccountNameA
CryptReleaseContext
RegRestoreKeyW
RegQueryInfoKeyA
RegSetValueW
RegOpenKeyExW
RegSetValueExA
CryptGetHashParam
RegQueryMultipleValuesA
RegCreateKeyExA
LookupPrivilegeNameA
CreateServiceA
LookupAccountSidA
CryptSetProviderExW
RegOpenKeyA
LookupPrivilegeDisplayNameA
CryptCreateHash
RegEnumKeyExW
RegDeleteValueA
GetUserNameW
LogonUserA
LookupAccountSidW
RegEnumKeyExA
LookupSecurityDescriptorPartsW
CryptGenRandom
LookupPrivilegeNameW
CryptVerifySignatureW
CryptSetProvParam
CryptEncrypt
CryptDeriveKey
RegSetValueExW
RegQueryValueExW
CryptGetKeyParam
RegQueryValueA
CryptSetProviderA
RegDeleteValueW

comdlg32

GetFileTitleA
ChooseFontW
PageSetupDlgW

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1e9b9edbb2aaafd361bef89f51d48efb

Headers

File Characteristics

Imports

kernel32

shell32

wininet

advapi32

comdlg32

Sections

.text Size: 107KB - Virtual size: 107KB

.data Size: 285KB - Virtual size: 284KB

.reloc Size: 15KB - Virtual size: 14KB

.bss Size: 5KB - Virtual size: 5KB

.text
Size: 107KB - Virtual size: 107KB

.data
Size: 285KB - Virtual size: 284KB

.reloc
Size: 15KB - Virtual size: 14KB

.bss
Size: 5KB - Virtual size: 5KB