220e79a5d9dc77b9c84b30245fc7064b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

220e79a5d9dc77b9c84b30245fc7064b_JaffaCakes118
Size

354KB
MD5

220e79a5d9dc77b9c84b30245fc7064b
SHA1

067c9a10d89653ab85fff1cc0360be47a16b3f2c
SHA256

154af42b1b25bdd509b982a532bc4293d6e59b2c0ff15033e7d828984afa83df
SHA512

188439789b19e2950ad44063c119271097718fa222bbd00b68f9897fc9499fd45eb52348bafdb1310f9da8c372f468605429e6dc0cc01f7eee0690c7e6cc5d26
SSDEEP

6144:vbkTaN+KQiZhCXXAjSgne+cZ7SIVP65ZEnT6GN7:v4TUZhCnKS4uZuIt65CT/N7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
220e79a5d9dc77b9c84b30245fc7064b_JaffaCakes118

Files

220e79a5d9dc77b9c84b30245fc7064b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cc686e7ef0970c9e52aaf3aa8f8a2ec6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
HeapSize
GetProcessHeap
GetFileType
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExA
DecodePointer
FlushFileBuffers
HeapFree
GetLastError
GetModuleHandleExW
ExitProcess
CloseHandle
GetModuleFileNameA
WriteFile
GetStdHandle
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RtlUnwind
RaiseException
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
FillConsoleOutputCharacterA
EnumDateFormatsA
MultiByteToWideChar
FindNextFileA
FindFirstFileA
CreateFileA
GlobalGetAtomNameA
GlobalAddAtomA
GetModuleHandleA
LoadLibraryW
LoadLibraryA
CreateEventA
lstrcatA
lstrcpyA
GetTickCount
WaitCommEvent
SetCommTimeouts
ClearCommError
SetCommMask
GetStringTypeW
WinExec
GetCurrentThreadId
HeapAlloc
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
CreateFileW
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FindClose
GlobalDeleteAtom
GetOverlappedResult
WideCharToMultiByte
SetLastError
GetACP
GetProcAddress

user32

IsMenu
ShowWindow
EndDialog
GetDlgItem
CreateWindowExA
OpenClipboard
CloseClipboard
GetClipboardData
RegisterClipboardFormatA
IsWindow
SetCapture
ReleaseCapture
RegisterClassExA
PostQuitMessage
DefWindowProcA
AttachThreadInput
PostMessageA
SendMessageA
PeekMessageA
GetSystemMetrics
LoadMenuA
GetMenu
SetMenu
CreateMenu
CreatePopupMenu
SetFocus
CreateWindowExW
DestroyMenu
TrackPopupMenu
DrawTextA
DispatchMessageA
wsprintfA
GetDlgCtrlID
FreeDDElParam
UnpackDDElParam
PackDDElParam
DefMDIChildProcA
LoadStringA
CreateIconIndirect
LoadImageA
LoadIconA
LoadCursorA
LoadBitmapA
GetWindow
GetWindowThreadProcessId
GetTopWindow
GetClassNameA
EnumChildWindows
SetWindowLongA
GetWindowLongA
SetWindowWord
GetWindowWord
InflateRect
FillRect
DrawFocusRect
GetSysColor
WindowFromPoint
GetCursor
GetCursorPos
MessageBoxA
GetClientRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
UpdateWindow

gdi32

CreatePolygonRgn
TextOutA
MoveToEx
GetObjectA
GetTextMetricsA
CreateEnhMetaFileA
SetTextAlign
SelectObject
Rectangle
LineTo
GetGlyphIndicesW
GetStockObject
GetRgnBox
GetRandomRgn
FillRgn
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePen
CreateFontA
CreateCompatibleDC
Polygon

comdlg32

ChooseColorA

advapi32

OpenServiceA
OpenSCManagerA
DeleteService
ControlService
CloseServiceHandle

shell32

SHOpenFolderAndSelectItems
ord189
ExtractIconExA

ole32

CoWaitForMultipleHandles
MkParseDisplayName
CoCreateInstance

ws2_32

gethostbyaddr
recvfrom
WSAStartup
WSACleanup
WSAGetLastError
WSASocketA
recv
listen
send
sendto
htons
accept
bind
closesocket
socket

netapi32

NetShareGetInfo

avicap32

capGetDriverDescriptionA

msacm32

acmStreamSize
acmDriverClose
acmStreamConvert

shlwapi

StrChrA
PathMatchSpecA
PathRelativePathToA
PathRemoveBackslashA
UrlUnescapeW

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_GetImageInfo
ImageList_GetImageCount

pdh

PdhBrowseCountersA

gdiplus

GdipCreatePen1
GdipDeletePen
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawLine

opengl32

wglSwapLayerBuffers
wglSwapMultipleBuffers

setupapi

CM_Open_Class_KeyA
CM_Open_Class_Key_ExA
CM_Next_Range

uxtheme

SetWindowTheme

usp10

ScriptGetGlyphABCWidth
ScriptGetCMap
ScriptGetFontProperties

tapi32

lineAddToConference

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc686e7ef0970c9e52aaf3aa8f8a2ec6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

ws2_32

netapi32

avicap32

msacm32

shlwapi

comctl32

pdh

gdiplus

opengl32

setupapi

uxtheme

usp10

tapi32

Sections

.text Size: 105KB - Virtual size: 104KB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 2KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 332B

.rsrc Size: 191KB - Virtual size: 190KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 105KB - Virtual size: 104KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 2KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 332B

.rsrc
Size: 191KB - Virtual size: 190KB

.reloc
Size: 7KB - Virtual size: 6KB