2f40ec5f18ab9d67503e14a44807c2d1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2f40ec5f18ab9d67503e14a44807c2d1_JaffaCakes118
Size

577KB
MD5

2f40ec5f18ab9d67503e14a44807c2d1
SHA1

8f892c29a568a58f40667174e9b16a5e6a7d7816
SHA256

d0e2bd522f61256c5f62249f4e61b2601001d50925e81057880872b9a0402f71
SHA512

6f634d43c044394ba871b52716aa80c59e8e531543c01b679c418824016c6a7361d4476c75b88bc8f1dbb841b38f297a42a6e78c9916046e8b39008b2c11c2b4
SSDEEP

12288:6t4477tC1e1sOjxhUWjY03vHLAd0Ba8vkDEv:6m477txsOF0oMy1ko

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f40ec5f18ab9d67503e14a44807c2d1_JaffaCakes118

Files

2f40ec5f18ab9d67503e14a44807c2d1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

509e04b8a60861f0b628730e010d68f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\Stylistic\pop\approval\ManualWo.pdb

Imports

kernel32

ExitProcess
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetFileType
GetStdHandle
SetHandleCount
HeapReAlloc
VirtualAlloc
VirtualFree
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetProcAddress
GetModuleHandleW
IsValidCodePage
GetOEMCP
lstrcpyA
GetCPInfo
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetStartupInfoA
GetCommandLineA
WideCharToMultiByte
RtlUnwind
HeapFree
GetModuleFileNameA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
HeapSize
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
InterlockedDecrement
InterlockedIncrement
GetTempPathA
GetTempFileNameA
CreateFileA
GetFileSizeEx
SetFilePointer
WriteFile
SetFileAttributesA
DeleteFileA
ExpandEnvironmentStringsA
OpenProcess
CloseHandle
ReadFile
CreateEventA
WaitForSingleObject
lstrcatA
lstrlenA
GlobalAlloc
MulDiv
GetCurrentProcessId
HeapCreate
HeapAlloc
OutputDebugStringA
GetLocalTime
GetUserDefaultLangID
GetLocaleInfoW
GetDateFormatW
GetLastError
RaiseException
GetEnvironmentStringsW
Sleep
LoadLibraryW
GetCurrentProcess
GetVersionExA
SetLastError
GlobalFree
LocalAlloc
LocalFree
GetModuleHandleA
GetACP
LoadLibraryA

user32

LoadBitmapA
GetClipboardFormatNameA
LoadImageA
DefMDIChildProcA
DrawTextA
DestroyIcon
DrawIcon
DefWindowProcA
PostQuitMessage
FillRect
MoveWindow
ShowWindow
ReleaseDC
SetWindowRgn
ClientToScreen
GetDC
SendMessageA
GetDlgItem
EnumWindows
SetMenu
AppendMenuA
CreatePopupMenu
MapWindowPoints
RegisterClassW
GetClassInfoW
EndPaint
SetScrollRange
OffsetRect
LoadStringA
GetWindowTextLengthA
GetWindowThreadProcessId
SetFocus
SendDlgItemMessageA
KillTimer
EndDialog
SetTimer
GetDesktopWindow
GetWindowDC
wsprintfA
MessageBoxA
GetSystemMetrics
DrawFrameControl
UpdateWindow
GetCursorPos
LoadCursorA
LoadIconA
TranslateMessage
GetMessageA
RegisterClassA
CreateWindowExA
DispatchMessageA
SetCapture
BeginPaint
GetClientRect
GetDialogBaseUnits
GetWindowLongA
DestroyWindow
GetKeyboardLayout
DialogBoxParamA
GetWindowRect
CreateMenu
InsertMenuA
FindWindowA
SetForegroundWindow
FindWindowExA
PtInRect

gdi32

GetTextFaceA
BitBlt
Ellipse
Rectangle
GetObjectA
GetTextMetricsA
LineTo
CheckColorsInGamut
CreateCompatibleDC
CreateCompatibleBitmap
EnumICMProfilesA
SelectObject
DeleteDC
GetStockObject
CreateFontIndirectA
DeleteObject
SetTextColor
TextOutA
CreateSolidBrush
CreateHalftonePalette
SelectPalette
SaveDC
GetDeviceCaps
TextOutW
MoveToEx

winspool.drv

EnumPrintersA
OpenPrinterA
ClosePrinter
GetPrinterA
EnumJobsA

comdlg32

ChooseColorA
PrintDlgA

advapi32

RegEnumValueA
OpenSCManagerA
RegOpenKeyExA
ConvertSidToStringSidA
CreateWellKnownSid
InitiateSystemShutdownA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CloseServiceHandle
RegCloseKey
EnumServicesStatusExA

shell32

SHGetDesktopFolder

ole32

OleInitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CreateItemMoniker
CoCreateInstance
CoLockObjectExternal
RegisterDragDrop

oleaut32

VariantInit
SafeArrayCreate
SysAllocString
SysFreeString
SafeArrayUnlock
SafeArrayGetUBound
SafeArrayRedim
SafeArrayGetLBound
SafeArrayLock
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayAccessData

wininet

InternetSetFilePointer
InternetReadFile
HttpQueryInfoA
InternetOpenA

ws2_32

WSACancelAsyncRequest

psapi

EnumProcessModules
GetModuleBaseNameA
GetModuleFileNameExA

mpr

WNetAddConnection2A

msacm32

acmDriverClose
acmStreamPrepareHeader
acmStreamClose
acmFormatTagDetailsA
acmDriverOpen
acmStreamOpen
acmDriverDetailsA

winmm

waveInGetDevCapsA
waveInGetNumDevs

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

crypt32

CryptEncodeObjectEx

shlwapi

StrToIntA
StrToInt64ExA

comctl32

ord411
ord17
ImageList_Create
ImageList_ReplaceIcon
ImageList_Draw
ImageList_BeginDrag
ImageList_DragEnter
ImageList_Destroy

rpcrt4

UuidToStringA
RpcBindingFromStringBindingA
RpcStringBindingComposeA
RpcStringFreeA
UuidFromStringA

gdiplus

GdiplusStartup

imm32

ImmGetContext
ImmGetOpenStatus
ImmSetOpenStatus
ImmIsIME
ImmGetDescriptionA
ImmReleaseContext
ImmGetConversionStatus

uxtheme

GetThemeBackgroundRegion

authz

AuthzInitializeContextFromSid
AuthzInitializeResourceManager
AuthzFreeResourceManager
AuthzFreeContext

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 137KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taxa
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dosad
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

509e04b8a60861f0b628730e010d68f1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

wininet

ws2_32

psapi

mpr

msacm32

winmm

version

crypt32

shlwapi

comctl32

rpcrt4

gdiplus

imm32

uxtheme

authz

Sections

.text Size: 122KB - Virtual size: 121KB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 137KB - Virtual size: 144KB

.taxa Size: 110KB - Virtual size: 110KB

.dosad Size: 101KB - Virtual size: 101KB

.rsrc Size: 49KB - Virtual size: 48KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 122KB - Virtual size: 121KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 137KB - Virtual size: 144KB

.taxa
Size: 110KB - Virtual size: 110KB

.dosad
Size: 101KB - Virtual size: 101KB

.rsrc
Size: 49KB - Virtual size: 48KB

.reloc
Size: 14KB - Virtual size: 13KB