f780b129c1d669b30251b61aabb68654_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f780b129c1d669b30251b61aabb68654_JaffaCakes118
Size

304KB
MD5

f780b129c1d669b30251b61aabb68654
SHA1

c264e93d0127cf0179ba2fd781bd7cbe7a7d859d
SHA256

ded4c700a35f5854d3824b2aa4c78dc3c8c80d038cdf6b295e7bb6ba7719e4d7
SHA512

5f65938b397200a7d53120b22255d2de80e42634ed29f728a575d5a62db2fb2c45e0ad236496fd8b9a3a5a4c816c156da7d257c30ec1d2f33825e6a511aca5c9
SSDEEP

6144:BWo07T26Z7WkOwQ1QzwRqAMRUAwAhHrRHKF4fz8:Z0/26XOlMRUAwyrRHKFv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f780b129c1d669b30251b61aabb68654_JaffaCakes118

Files

f780b129c1d669b30251b61aabb68654_JaffaCakes118
.exe windows:5 windows x86 arch:x86

95d9d9a711e790bdf8309a9ba18992fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
lstrcmpW
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GlobalFindAtomA
GlobalGetAtomNameA
MulDiv
WritePrivateProfileStringA
GetCurrentThreadId
Process32First
CreateThread
GetModuleHandleA
lstrcmpiA
GetFileAttributesA
LocalSize
lstrcpyW
CreatePipe
GetStartupInfoA
WaitForMultipleObjects
PeekNamedPipe
WriteFile
TerminateProcess
DisconnectNamedPipe
HeapAlloc
HeapFree
ExitProcess
TerminateThread
OpenProcess
CreateRemoteThread
GetCurrentProcess
SetLastError
ReadFile
SetFilePointer
CreateFileA
GetFileSize
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
DeleteFileA
RemoveDirectoryA
LocalAlloc
FindFirstFileA
LocalReAlloc
FindNextFileA
LocalFree
GetLogicalDriveStringsA
GetVolumeInformationA
CreateProcessA
GetLastError
GetPrivateProfileStringA
lstrcmpA
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
GetWindowsDirectoryA
lstrcatA
GetPrivateProfileSectionNamesA
ResetEvent
CancelIo
InterlockedExchange
SetEvent
CreateEventA
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
SetErrorMode
GetTickCount
GetModuleFileNameA
WaitForSingleObject
CloseHandle
GetVersionExA
Sleep
lstrcpyA
GetSystemInfo
GlobalMemoryStatusEx
GetDriveTypeA
GetDiskFreeSpaceExA
LoadLibraryA
GetProcAddress
lstrlenA
GetModuleFileNameW
GlobalUnlock
GlobalFree
FreeResource
GetCurrentProcessId
GlobalAddAtomA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetACP
GetStdHandle
HeapCreate
HeapSize
GetCommandLineA
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
CompareStringA
FindResourceA
LoadResource
LockResource
SizeofResource
GlobalLock
GlobalAlloc
GlobalFlags
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
TlsFree
FormatMessageA
InterlockedIncrement
FlushFileBuffers
GetCPInfo
GetOEMCP
HeapReAlloc
RtlUnwind
GetModuleHandleW

user32

SetWindowPos
DrawIcon
SendMessageA
IsIconic
GetClientRect
LoadIconA
DestroyMenu
UnregisterClassA
GetSysColorBrush
LoadCursorA
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ShowWindow
SetWindowTextA
IsDialogMessageA
PostMessageA
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetWindowTextA
ExitWindowsEx
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
CharNextA
GetSystemMetrics
GetProcessWindowStation
OpenWindowStationA
SetProcessWindowStation
EnableWindow
wsprintfA
PostQuitMessage
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
SetCursor
MessageBoxA
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
EndDialog
GetNextDlgTabItem
GetDlgItem
IsWindow
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetDesktopWindow
UnhookWindowsHookEx
GetWindow
GetWindowRect
GetWindowPlacement
SystemParametersInfoA
SetWindowLongA
GetMenu
CallWindowProcA
DefWindowProcA
GetDlgCtrlID
PtInRect
CopyRect
AdjustWindowRectEx
GetSysColor
RegisterClassA
GetClassInfoA
GetClassInfoExA
CreateWindowExA
GetMenuItemCount
GetMenuItemID
GetSubMenu
UpdateWindow
SetForegroundWindow
SetMenu
MapWindowPoints
GetMessagePos
GetMessageTime
GetTopWindow
GetForegroundWindow
SetFocus
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassLongA
GetCapture
WinHelpA
SendDlgItemMessageA
RegisterWindowMessageA

shlwapi

PathFindExtensionA
PathFindFileNameA

gdi32

GetDeviceCaps
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
GetObjectA
SaveDC
RestoreDC
SetMapMode
DeleteObject

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegEnumKeyA
StartServiceA
AbortSystemShutdownA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
ClearEventLogA
CloseEventLog
OpenServiceA
QueryServiceStatus
ControlService
CloseServiceHandle
RegQueryValueA
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LookupAccountNameA
IsValidSid
RegOpenKeyExA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA

oleaut32

VariantClear
VariantChangeType
VariantInit

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

ws2_32

gethostname
WSAStartup
closesocket
ntohs
gethostbyname
recv
select
send
setsockopt
WSAIoctl
connect
htons
socket
inet_ntoa
inet_addr
bind
sendto
recvfrom
__WSAFDIsSet
getpeername
accept
listen
WSACleanup
ioctlsocket
getsockname

netapi32

NetUserDel
NetUserAdd
NetLocalGroupAddMembers
NetUserSetInfo
NetUserGetInfo
NetUserGetLocalGroups
NetUserEnum
NetApiBufferFree

psapi

EnumProcessModules
GetModuleFileNameExA

wtsapi32

WTSLogoffSession
WTSEnumerateSessionsA
WTSQuerySessionInformationW
WTSFreeMemory
WTSQuerySessionInformationA
WTSDisconnectSession

Sections

.text
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95d9d9a711e790bdf8309a9ba18992fc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shlwapi

gdi32

winspool.drv

advapi32

shell32

oleaut32

wininet

ws2_32

netapi32

psapi

wtsapi32

Sections

.text Size: 229KB - Virtual size: 228KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 14KB - Virtual size: 41KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 229KB - Virtual size: 228KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 14KB - Virtual size: 41KB

.rsrc
Size: 16KB - Virtual size: 16KB