f62623070ef8bd75383507976bd8ec8f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f62623070ef8bd75383507976bd8ec8f_JaffaCakes118
Size

998KB
MD5

f62623070ef8bd75383507976bd8ec8f
SHA1

fa31be64de924f67eea7f82fca0275d206721c07
SHA256

cfedc8e70822a96614dc49416fbea1b7f0f9be5a8710080ed9f4279635c64128
SHA512

a2e4da0ef8307aeb852b59287bcffec76e242046246b68af940f8e13808c8d61b9d4216ecedfd80b147b64ce83d1ac4c325b0c7d8766c7e861fe1872d0bbe138
SSDEEP

24576:GD18pa3wZrMJrWHvbklSZ2V7W7hAB+pHHV:GCA3wZ2y72VXBWn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f62623070ef8bd75383507976bd8ec8f_JaffaCakes118

Files

f62623070ef8bd75383507976bd8ec8f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

876865ba04c6721df3ccfb6933755a66

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
CryptGenRandom
RegCreateKeyExA
RegSetValueExW
RegCloseKey
CryptDecrypt
CryptReleaseContext
OpenProcessToken
CryptHashData
CryptAcquireContextA
CryptDestroyKey
RegQueryValueExW
GetUserNameW
CryptEncrypt
RegDeleteValueW
RegDeleteKeyW
AllocateAndInitializeSid
CryptExportKey
RegCreateKeyExW
RegQueryValueExA
CryptGenKey
RegEnumValueW
RegisterEventSourceW
RegEnumKeyExW
CryptGetUserKey
CryptDestroyHash
GetTokenInformation
RegOpenKeyExW
RegQueryInfoKeyW
GetUserNameA
CryptImportKey
RegSetValueExA
ReportEventW
CryptCreateHash
EqualSid
CryptAcquireContextW
CryptDeriveKey

user32

PostQuitMessage
GetComboBoxInfo
FindWindowExW
RegisterWindowMessageW
DrawTextExW
UnionRect
GetWindowDC
GetDlgItemTextW
OffsetRect
GetSysColor
EnableMenuItem
RegisterClipboardFormatW
CheckDlgButton
GetClipboardData
SetCapture
FillRect
LoadBitmapW
GetWindowRect
IsZoomed
FindWindowW
ShowWindow
InsertMenuW
MoveWindow
MessageBoxW
SetTimer
EndDeferWindowPos
KillTimer
PostMessageW
CopyRect
DeferWindowPos
IsRectEmpty
ExitWindowsEx
SetWindowTextW
GetCapture
SetMenuDefaultItem
EqualRect
SetWindowRgn
GetFocus
BeginPaint
SetForegroundWindow
OpenClipboard
GetDlgCtrlID
EnableWindow
LoadStringW
GetWindowLongW
DispatchMessageW
IsClipboardFormatAvailable
GetSubMenu
UnregisterClassA
UpdateLayeredWindow
LoadIconW
SendMessageTimeoutW
GetDesktopWindow
SetCursor
LoadCursorW
ScreenToClient
SystemParametersInfoW
GetMessageW
RemoveMenu
wsprintfA
SetWindowPos
SetDlgItemTextW
wsprintfW
GetMenuItemID
LoadMenuW
DrawTextW
GetKeyState
GetWindow
TrackPopupMenu
EndPaint
UpdateWindow
PostThreadMessageW
UnregisterClassW
SetMenu
BringWindowToTop
CheckMenuItem
EndDialog
WindowFromPoint
GetCursorPos
GetOpenClipboardWindow
TranslateMessage
BeginDeferWindowPos
IsWindow
IsDlgButtonChecked
GrayStringW
ReleaseCapture
GetSystemMenu
GetActiveWindow
PeekMessageW
SetClassLongW
InvalidateRect
SendDlgItemMessageW
GetDlgItem
LoadImageW
GetWindowTextW
RedrawWindow
GetMenuItemCount
MapDialogRect
DrawStateW
AdjustWindowRectEx
IntersectRect
GetSystemMetrics
GetClientRect
CloseClipboard
SendMessageW
SetClipboardData
IsWindowEnabled
SetRectEmpty
DrawFocusRect
LockWindowUpdate
InflateRect
GetDC
PtInRect
DestroyIcon
SetWindowLongW
IsIconic
DrawIconEx
GetMessagePos
IsWindowVisible
SetActiveWindow
GetDlgItemInt
TabbedTextOutW
ClientToScreen
ReleaseDC
ModifyMenuW
SetRect
GetParent
SetDlgItemInt
DefWindowProcW

kernel32

GetACP
GetStartupInfoW
GetCurrentThread
RaiseException
VirtualFree
GetDriveTypeW
GetTempPathW
InterlockedIncrement
GetDiskFreeSpaceExW
HeapFree
LockResource
GetPrivateProfileStringW
LeaveCriticalSection
GetThreadLocale
GetSystemDefaultLangID
GetDiskFreeSpaceA
LoadLibraryA
SetFileAttributesW
GetSystemInfo
FileTimeToLocalFileTime
GetFullPathNameA
InterlockedExchange
GetComputerNameA
CreateFileA
ResetEvent
GetWindowsDirectoryW
lstrlenA
FindClose
RemoveDirectoryW
GetProcessHeap
GetModuleHandleW
GlobalLock
GetCurrentThreadId
GetCurrentProcess
CreateFileW
GetLogicalDriveStringsW
DeviceIoControl
GetModuleHandleA
GetLongPathNameW
MoveFileW
GetExitCodeProcess
WaitForSingleObject
GetFileSize
Process32FirstW
WideCharToMultiByte
GetShortPathNameW
GlobalMemoryStatus
InterlockedDecrement
GetCurrentProcessId
FindResourceW
CreateFileMappingA
GetDateFormatW
LocalAlloc
GetModuleFileNameW
FindNextFileW
ResumeThread
SystemTimeToFileTime
LocalFree
GetFileAttributesW
GetProcAddress
Sleep
CreateToolhelp32Snapshot
GlobalFree
lstrcpynW
CloseHandle
SetFilePointer
IsBadReadPtr
FormatMessageW
GetTimeFormatW
ReadFile
SetCurrentDirectoryW
TerminateProcess
VirtualAlloc
GetLastError
SuspendThread
lstrlenW
GlobalUnlock
SetEvent
UnmapViewOfFile
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryW
Process32NextW
DeleteFileW
InitializeCriticalSection
GetVersionExW
DeleteCriticalSection
MapViewOfFile
GetLocalTime
MulDiv
GetFullPathNameW
CopyFileW
_llseek
CreateProcessW
FileTimeToSystemTime
FreeResource
WriteFile
HeapAlloc
GetVolumeInformationW
MultiByteToWideChar
GetNumberFormatW
LoadResource
GetVersionExA
GetCurrentDirectoryW
GetTickCount
lstrcpyW
CreateEventW
SetThreadPriority
OutputDebugStringW
GetProcessAffinityMask
Thread32Next
IsBadWritePtr
GetTempFileNameW
CreateDirectoryW
FindFirstFileW
OpenProcess
SetProcessAffinityMask
CreateMutexW
GetSystemTime
GetLocaleInfoW
FreeLibrary
QueryPerformanceFrequency
GlobalAlloc
lstrcmpiW
EnterCriticalSection
Thread32First
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
CreatePipe
QueryPerformanceCounter

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shell32

SHGetDesktopFolder
SHFileOperationW
SHGetSpecialFolderLocation
ShellExecuteW
ShellExecuteExW
SHGetPathFromIDListW
SHBindToParent
DragQueryFileW
SHGetSpecialFolderPathW
SHGetMalloc
DragAcceptFiles
SHGetFileInfoW

tapi32

lineUncompleteCall
lineAccept

shlwapi

PathRemoveBackslashW
PathRemoveExtensionW
PathFileExistsW
PathIsRelativeW
SHDeleteKeyW
PathIsDirectoryW
PathAddExtensionW
PathRemoveFileSpecW
PathRemoveFileSpecA
PathAppendA
PathFindFileNameW
PathAddBackslashW
PathCompactPathW
PathAppendW
PathFindExtensionW
PathRenameExtensionW
PathIsRootW
StrStrIW
StrCmpIW

comctl32

ImageList_DragEnter
ImageList_GetIconSize
ImageList_EndDrag
ImageList_SetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_DragLeave
FlatSB_GetScrollInfo
ImageList_Add
ImageList_ReplaceIcon
ImageList_Draw
ImageList_AddMasked
ImageList_DragMove
_TrackMouseEvent

ole32

CoCreateInstance
CoGetObject
CoInitializeSecurity
CoSetProxyBlanket
OleUninitialize
CoTaskMemAlloc
CoUninitialize
StgCreateDocfile
CreateClassMoniker
CoInitialize
StgOpenStorage
StringFromGUID2
GetRunningObjectTable
ReleaseStgMedium
CoTaskMemFree
OleInitialize

gdi32

StretchBlt
Escape
SelectObject
CreateCompatibleDC
SelectPalette
Rectangle
PatBlt
GetTextExtentPoint32A
SetBkColor
CreateBitmapIndirect
CreateICW
StretchDIBits
CreateBrushIndirect
EnumFontFamiliesW
ExtCreatePen
CreateRectRgnIndirect
CreatePalette
GetStockObject
PtVisible
PtInRegion
TextOutW
GetTextExtentPoint32W
CreateDIBitmap
RealizePalette
CombineRgn
GetTextMetricsW
CreateDCW
SetTextAlign
GetViewportExtEx
SelectClipRgn
SetDIBits
GetMapMode
GetDIBits
ExtTextOutW
GetTextMetricsA
CreatePen
GetDIBColorTable
SetTextColor
GetCharABCWidthsW
SetStretchBltMode
CreateDIBSection
SetBkMode
CreateFontIndirectW
GetCurrentObject
GetWindowExtEx
RectVisible
OffsetRgn
GetObjectW
GetPixel
CreatePolygonRgn
DeleteDC
SetROP2
GetDeviceCaps
CreateCompatibleBitmap
BitBlt
CreateBitmap
LPtoDP
CreateHalftonePalette
DeleteObject
CreateRectRgn
DPtoLP
GetTextColor
CreateSolidBrush

msacm32

acmDriverDetailsW

winmm

mciSendCommandA
mciGetErrorStringW
mmioOpenW
mmioClose
timeGetTime
mmioDescend

comdlg32

ChooseFontW
GetFileTitleW
ChooseColorW

gdiplus

GdipCloneImage
GdipGetImageBounds
GdipGetImageWidth
GdiplusShutdown
GdipCreateFromHDC
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipGetImageHeight
GdipDeleteGraphics
GdipFree
GdipAlloc
GdipDrawImageRectRect
GdiplusStartup
GdipBitmapGetPixel
GdipGetImageThumbnail
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipImageRotateFlip

Sections

.text
Size: 677KB - Virtual size: 677KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 276KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

876865ba04c6721df3ccfb6933755a66

Headers

File Characteristics

Imports

advapi32

user32

kernel32

version

shell32

tapi32

shlwapi

comctl32

ole32

gdi32

msacm32

winmm

comdlg32

gdiplus

Sections

.text Size: 677KB - Virtual size: 677KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 276KB - Virtual size: 3.5MB

.rsrc Size: 32KB - Virtual size: 31KB

.text
Size: 677KB - Virtual size: 677KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 276KB - Virtual size: 3.5MB

.rsrc
Size: 32KB - Virtual size: 31KB