f201b7d941a5d44663663d86973d563a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f201b7d941a5d44663663d86973d563a_JaffaCakes118
Size

912KB
MD5

f201b7d941a5d44663663d86973d563a
SHA1

d5f764f0a70a57c765f632c4bf4efe796da8ec0e
SHA256

6def9cf956ff67526aecd10c2df7d521b0cd8082a7d58f0bdd377a330c275834
SHA512

2e93b0a799edf9d4441923e82be3b130c094734e5accc6aa7873893e5592ab3b50b380eb5c86a355e193aa6daf9b1b78fe7cc678a7f8d790409b908cb9454312
SSDEEP

12288:exHo3A7JblMGZ14ScFIWwGkmq4gU6IBS2Nr3I6XJy9UuyQB:exHJJbN747IWwEqKS2NM8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f201b7d941a5d44663663d86973d563a_JaffaCakes118

Files

f201b7d941a5d44663663d86973d563a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a85af131596c30a1fe943026a58159ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteProcessMemory
GetVersionExA
OutputDebugStringW
HeapFree
HeapAlloc
GetProcessHeap
WritePrivateProfileStringA
GetCurrentDirectoryA
CreateMutexW
OpenMutexW
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
CreateThread
ExitProcess
SetUnhandledExceptionFilter
CreateProcessA
GetExitCodeProcess
WaitForSingleObject
SetEvent
OpenEventA
TerminateThread
CreateFileW
FindClose
RemoveDirectoryA
FindNextFileA
SetFileAttributesA
FindFirstFileA
GetPrivateProfileIntA
GetPrivateProfileStringW
GetPrivateProfileStringA
GetCurrentDirectoryW
CreateEventA
CreateProcessW
WinExec
WriteFile
InterlockedExchange
SetFilePointer
DeleteFileW
lstrcmpiA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadLibraryExA
GetModuleHandleA
CreateFileA
GetFileSize
CloseHandle
SetEnvironmentVariableA
CompareStringW
CompareStringA
GlobalHandle
OutputDebugStringA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
HeapReAlloc
HeapCreate
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
RtlUnwind
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualProtect
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
InterlockedCompareExchange
WriteConsoleW
DeleteFileA
GlobalFree
Sleep
GetTickCount
GlobalAlloc
GlobalLock
GlobalUnlock
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
MulDiv
lstrcmpA
DeleteCriticalSection
InitializeCriticalSection
FindResourceA
LoadResource
LockResource
GetLastError
SetLastError
GetModuleFileNameA
lstrlenA
lstrlenW
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
RaiseException
FlushFileBuffers
MultiByteToWideChar

user32

MonitorFromPoint
GetMenuItemInfoA
RemoveMenu
GetMenuItemCount
AppendMenuA
CreatePopupMenu
DefFrameProcA
DestroyMenu
LoadStringW
LoadImageA
LoadIconA
PostQuitMessage
PeekMessageA
GetMessageA
TranslateMessage
PtInRect
TrackPopupMenuEx
GetSubMenu
GetMenuStringA
DrawMenuBar
LoadMenuA
LoadAcceleratorsA
RegisterWindowMessageW
SetWindowLongA
GetWindowLongA
DestroyWindow
UnregisterClassA
GetClientRect
BringWindowToTop
GetDlgItemInt
GetDlgItemTextA
IsDlgButtonChecked
SetDlgItemInt
GetDlgItem
IsDialogMessageA
SetWindowPos
MapWindowPoints
GetMonitorInfoA
MonitorFromWindow
DispatchMessageA
ModifyMenuA
GetCursorPos
TrackPopupMenu
IsWindowVisible
EndDialog
SetDlgItemTextA
EnableWindow
MessageBoxW
FindWindowA
SetForegroundWindow
wsprintfW
LoadStringA
MessageBoxA
TranslateAcceleratorA
TranslateMDISysAccel
wsprintfA
CreateDialogIndirectParamA
GetWindowRect
GetWindow
GetParent
SendMessageA
GetClassInfoExA
LoadCursorA
CharLowerA
DefWindowProcA
RegisterClassExA
DefMDIChildProcA
AdjustWindowRectEx
DialogBoxIndirectParamA
GetActiveWindow
CheckDlgButton
PostMessageA
FindWindowExW
UpdateWindow
InvalidateRect
ScrollWindowEx
SetScrollPos
GetScrollInfo
SetScrollInfo
CallWindowProcA
SystemParametersInfoA
BeginPaint
EndPaint
GetScrollPos
KillTimer
SetTimer
ShowWindow
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
CreateAcceleratorTableA
IsWindow
GetDesktopWindow
GetFocus
SetFocus
DestroyAcceleratorTable
FillRect
ReleaseCapture
GetClassNameA
IsChild
SetCapture
RedrawWindow
InvalidateRgn
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
MoveWindow
CharNextA
MapDialogRect
SetWindowContextHelpId
SendDlgItemMessageA
GetSysColor
CreateWindowExA
MessageBeep

gdi32

CreateSolidBrush
GetStockObject
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
GetObjectA
SetViewportOrgEx
SelectObject
DeleteObject
DeleteDC

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteKeyA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
ShellExecuteExA
ShellExecuteA
Shell_NotifyIconA
SHGetSpecialFolderPathA

ole32

CoTaskMemFree
CoTaskMemRealloc
CoInitialize
OleRun
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoTaskMemAlloc
OleLockRunning
StringFromGUID2
CoUninitialize

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocStringLen
SysAllocString
LoadRegTypeLi
LoadTypeLi
OleCreateFontIndirect
SysAllocStringByteLen
SysStringByteLen
DispCallFunc
VarUI4FromStr
GetErrorInfo
SysStringLen

shlwapi

PathFileExistsA

comctl32

InitCommonControlsEx

rasapi32

RasEnumEntriesW
RasEnumConnectionsW
RasHangUpW
RasGetEntryDialParamsW
RasDialW

iphlpapi

GetAdaptersInfo

wininet

InternetReadFile
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpQueryInfoA
HttpOpenRequestA
InternetSetOptionA
HttpSendRequestA
InternetGetConnectedState

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cc0
Size: 559KB - Virtual size: 558KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a85af131596c30a1fe943026a58159ff

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

rasapi32

iphlpapi

wininet

Sections

.text Size: 184KB - Virtual size: 183KB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 16KB - Virtual size: 38KB

.rsrc Size: 108KB - Virtual size: 107KB

.cc0 Size: 559KB - Virtual size: 558KB

.reloc Size: 1024B - Virtual size: 536B

.text
Size: 184KB - Virtual size: 183KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 16KB - Virtual size: 38KB

.rsrc
Size: 108KB - Virtual size: 107KB

.cc0
Size: 559KB - Virtual size: 558KB

.reloc
Size: 1024B - Virtual size: 536B