2eb23e59b02f92934b5df35ca2b4ba6f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2eb23e59b02f92934b5df35ca2b4ba6f_JaffaCakes118
Size

1.3MB
MD5

2eb23e59b02f92934b5df35ca2b4ba6f
SHA1

8e86692436cd040a09084e5a3440255a3f031d1c
SHA256

acb06a5841f542a0d2573190440038cbcbceb2c0277c1cf36e4d998b519d7656
SHA512

8839ef5030cf4851e1dc844a9868e2c358c2e8f5899b6335906d1649765eae312cbc4b5d55b4730ca34ffb9557de7458217e29caa7204f93aa9dbf2f94cda8e3
SSDEEP

24576:5lodfSmVyQLSn+R30vUi+A/q9itQiYqMZsjR4jZYX0cox+PQMBYk8hlekxG/dH5L:5HmKng0v0AcilYVKRGZ9cosJYk8xgVF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MossX64.exe

Files

2eb23e59b02f92934b5df35ca2b4ba6f_JaffaCakes118
.zip
MossX64.exe
.exe windows:6 windows x64 arch:x64

204c2cd829f8658b0c1b7aa912af6e0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\sources\oc2017\x64\RandomD3D_x64\moss.pdb

Imports

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod
PlaySoundW

advapi32

RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExA
RegCloseKey
InitializeSecurityDescriptor
RegCreateKeyExW
RegQueryValueExA
GetUserNameA
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
RegSetValueExA
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW

gdi32

CreatePalette
SelectPalette
RealizePalette
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
OffsetRgn
GetRgnBox
Rectangle
LPtoDP
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
GetTextColor
Ellipse
CreateEllipticRgn
SetDIBColorTable
StretchBlt
SetPixel
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
GetBkColor
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
EnumFontFamiliesExW
DPtoLP
SetRectRgn
PatBlt
CreateRectRgnIndirect
CombineRgn
GetTextMetricsW
GetTextExtentPoint32W
CreateFontIndirectW
SetTextColor
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
GetObjectW
SetBkColor
CreateBitmap
CopyMetaFileW
DeleteDC
GetDeviceCaps
CreateICW
RoundRect
ScaleWindowExtEx
CreateDIBSection
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
FillRgn

shlwapi

PathFindExtensionW
PathFindFileNameW
PathFileExistsA
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
PathAppendW
PathAppendA
StrRChrA
StrFormatKBSizeW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
DragQueryFileW
SHGetFileInfoW
SHGetDesktopFolder
DragFinish
SHAppBarMessage
ShellExecuteW
SHGetFolderPathA
SHGetFolderPathW

gdiplus

GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageI
GdipDrawImageRectI
GdipDeleteGraphics
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageWidth

imagehlp

MapFileAndCheckSumW
MapFileAndCheckSumA

iphlpapi

GetAdaptersInfo

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlW
InternetCanonicalizeUrlW
InternetOpenW
InternetGetConnectedState

version

VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoA

urlmon

URLDownloadToFileW

kernel32

SystemTimeToFileTime
GetCurrentDirectoryW
DosDateTimeToFileTime
CreateDirectoryW
SetFileTime
GetFileInformationByHandle
GetLocalTime
FileTimeToDosDateTime
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FindNextFileW
GetUserDefaultLCID
SearchPathW
GetProfileIntW
GetWindowsDirectoryW
FindResourceExW
WideCharToMultiByte
GetFileTime
GetFileSizeEx
SetThreadPriority
CreateEventW
GlobalFlags
lstrcmpiW
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
FlushFileBuffers
GetUserDefaultUILanguage
GetLocaleInfoW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
FreeResource
EncodePointer
GlobalGetAtomNameW
lstrcmpA
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CompareStringW
InitializeCriticalSectionAndSpinCount
SystemTimeToTzSpecificLocalTime
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GetModuleHandleExW
GetVersionExW
FormatMessageW
MulDiv
LocalFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemTime
VerifyVersionInfoW
VerSetConditionMask
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
SetFilePointer
InitializeCriticalSectionEx
HeapFree
GetCurrentThreadId
OutputDebugStringA
GetVersionExA
ReadProcessMemory
GetThreadContext
SuspendThread
RtlCaptureContext
LeaveCriticalSection
EnterCriticalSection
GlobalMemoryStatusEx
GetFileType
GetEnvironmentVariableA
GetModuleFileNameA
GetCurrentDirectoryA
SetLastError
GetEnvironmentVariableW
GetSystemInfo
SetCurrentDirectoryW
GetFileAttributesExW
CopyFileW
GetTempFileNameW
WriteFile
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
CreateSemaphoreW
GetProcessTimes
FindFirstFileW
ReadFile
GetFileSize
FindClose
FindNextFileA
FindFirstFileExA
IsWow64Process
OpenProcess
FileTimeToSystemTime
FileTimeToLocalFileTime
CreateFileW
WaitForSingleObject
TerminateThread
ResumeThread
CreateThread
GetExitCodeThread
InitializeCriticalSection
Sleep
FreeLibrary
SetUnhandledExceptionFilter
GetProcAddress
LoadLibraryW
IsDebuggerPresent
SetProcessDEPPolicy
GetSystemDirectoryW
GetLastError
MoveFileExW
GetFileAttributesW
SetFileAttributesW
GetTempPathW
MultiByteToWideChar
CloseHandle
DeleteFileW
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
GetModuleHandleW
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
SwitchToThread
LCMapStringW
GetStringTypeW
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
HeapSize
DuplicateHandle
ExitProcess
HeapQueryInformation
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
GetCommandLineW
VirtualAlloc
SetStdHandle
GetStdHandle
GetTimeZoneInformation
IsValidLocale
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
GetComputerNameA
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
lstrcpyW

user32

PostQuitMessage
GetClientRect
DefWindowProcW
DestroyWindow
DrawTextA
EndPaint
BeginPaint
DialogBoxParamW
EnableMenuItem
GetMenu
UpdateWindow
InvalidateRect
ShowWindow
SetLayeredWindowAttributes
GetDesktopWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
LoadStringW
GetDlgItemTextW
IsDlgButtonChecked
CheckDlgButton
SetDlgItemTextW
EndDialog
EnumDisplayMonitors
OffsetRect
EqualRect
CopyRect
UnionRect
SetRect
GetMonitorInfoW
wsprintfW
GetActiveWindow
MessageBoxW
GetAsyncKeyState
BringWindowToTop
GetWindowTextW
GetWindowLongPtrW
FindWindowW
SetForegroundWindow
SetMenuDefaultItem
LockWindowUpdate
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
WaitMessage
PostThreadMessageW
GetComboBoxInfo
ReuseDDElParam
GetSystemMetrics
EnumDisplayDevicesW
GetDoubleClickTime
GetWindowRgn
DestroyCursor
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
SetWindowPos
SetCursor
GetMenuItemCount
UnpackDDElParam
InsertMenuItemW
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
CreateMenu
InsertMenuW
AppendMenuW
RemoveMenu
SendMessageW
IsWindow
SetFocus
GetFocus
EnableWindow
IsWindowEnabled
GetParent
UnhookWindowsHookEx
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowLongW
GetWindowThreadProcessId
GetLastActivePopup
GetWindowTextLengthW
CheckMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
RegisterWindowMessageW
PeekMessageW
GetMessagePos
GetMessageTime
PostMessageW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
IsMenu
IsChild
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
GetDlgItem
GetDlgCtrlID
GetKeyState
GetCapture
SetMenu
TrackPopupMenu
SetActiveWindow
GetForegroundWindow
ValidateRect
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
GetWindowRect
AdjustWindowRectEx
ScreenToClient
MapWindowPoints
PtInRect
SetWindowLongW
SetWindowLongPtrW
GetClassLongPtrW
GetClassNameW
GetTopWindow
GetWindow
SetWindowsHookExW
CallNextHookEx
SetScrollInfo
GetScrollInfo
WinHelpW
MonitorFromWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CreateDialogIndirectParamW
GetNextDlgTabItem
DestroyIcon
CharUpperW
ClientToScreen
RealChildWindowFromPoint
GetCursorPos
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
FillRect
DestroyMenu
GetMenuItemInfoW
InflateRect
SystemParametersInfoW
CopyImage
SendDlgItemMessageA
SetRectEmpty
MapDialogRect
IntersectRect
TrackMouseEvent
LoadImageW
ShowOwnedPopups
DeleteMenu
SetTimer
KillTimer
CreatePopupMenu
GetMenuDefaultItem
GetNextDlgGroupItem
SetCapture
ReleaseCapture
WindowFromPoint
DrawFocusRect
IsRectEmpty
DrawIconEx
GetIconInfo
MessageBeep
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
MapVirtualKeyW
GetKeyNameTextW
LoadMenuW
SetClassLongPtrW
SetWindowRgn
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFrameControl
IsZoomed
GetSystemMenu
SetCursorPos
CopyIcon
FrameRect
DrawIcon
UpdateLayeredWindow
MonitorFromPoint

ole32

OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoInitialize
CoDisconnectObject
CoTaskMemAlloc
CoTaskMemFree
CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CoCreateInstance
OleLockRunning
RevokeDragDrop
ReleaseStgMedium
OleDuplicateData

oleaut32

VarBstrFromDate
SysAllocString
SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantInit
VariantClear
VariantCopy
VariantChangeType
LoadTypeLi
SysStringLen
SysAllocStringLen

psapi

EnumProcesses
EnumProcessModulesEx
GetModuleBaseNameW
GetModuleFileNameExA
GetModuleFileNameExW
EnumProcessModules

msimg32

TransparentBlt
AlphaBlend

uxtheme

GetThemePartSize
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
IsAppThemed
GetWindowTheme
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData
DrawThemeText
DrawThemeParentBackground

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 698KB - Virtual size: 697KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 403KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

204c2cd829f8658b0c1b7aa912af6e0c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

advapi32

gdi32

shlwapi

shell32

gdiplus

imagehlp

iphlpapi

wininet

version

urlmon

kernel32

user32

ole32

oleaut32

psapi

msimg32

uxtheme

oleacc

imm32

winspool.drv

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 698KB - Virtual size: 697KB

.data Size: 403KB - Virtual size: 484KB

.pdata Size: 89KB - Virtual size: 89KB

.rsrc Size: 58KB - Virtual size: 57KB

.reloc Size: 60KB - Virtual size: 59KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 698KB - Virtual size: 697KB

.data
Size: 403KB - Virtual size: 484KB

.pdata
Size: 89KB - Virtual size: 89KB

.rsrc
Size: 58KB - Virtual size: 57KB

.reloc
Size: 60KB - Virtual size: 59KB