71d23be9edb0476c4d44848d4e2f785d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

71d23be9edb0476c4d44848d4e2f785d_JaffaCakes118
Size

4.2MB
MD5

71d23be9edb0476c4d44848d4e2f785d
SHA1

a918306b111de92cf9ac5633e7535e14e7309f10
SHA256

f30166fd9dfc6a91fb40be8d36025acf5680566e3bdf3059d460963e67ab81e2
SHA512

1e4358ec3e1739ed096bac2aefba9e551704e465ed7c4246ad860f1afe7c0941f7157e347daca01cc61b5c3602b236b5cee3c162f739c72008e03f541777b1ab
SSDEEP

98304:9SstTmpILIzIS4Tk4jMV7RsKHay++WY/j+wNcK/kyd2:9SQTmpILIMSmjMZukaIRNVs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71d23be9edb0476c4d44848d4e2f785d_JaffaCakes118

Files

71d23be9edb0476c4d44848d4e2f785d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

42fb5e5cde82b6e09e63e7dd5b58c903

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetReadFile
InternetSetOptionW
HttpQueryInfoW
InternetQueryOptionW
InternetCloseHandle
InternetOpenUrlW
InternetOpenW
InternetGetConnectedState

winhttp

WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpen
WinHttpOpenRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpReadData

kernel32

GetCurrentThreadId
SetLastError
GetCurrentProcess
lstrcmpW
DeviceIoControl
CreateFileA
SetPriorityClass
GetFileAttributesW
SetFileAttributesW
GetDiskFreeSpaceExW
FindFirstFileW
FindNextFileW
OpenProcess
TerminateProcess
WaitForSingleObject
GetCurrentProcessId
SetThreadPriority
ExitProcess
QueryPerformanceCounter
VirtualAlloc
VirtualFree
SetEvent
ResetEvent
ReleaseSemaphore
CreateEventW
CreateSemaphoreW
GetModuleFileNameW
SetEndOfFile
SetFilePointerEx
GetModuleHandleA
AreFileApisANSI
FormatMessageA
ReadFile
CloseHandle
RtlUnwind
GetSystemTimeAsFileTime
GetModuleHandleExW
IsDebuggerPresent
GetFileType
ExitThread
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetDateFormatW
GetTimeFormatW
CompareStringW
LoadLibraryExW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
WriteFile
HeapSize
GetConsoleMode
ReadConsoleW
SetFilePointer
GetConsoleCP
IsValidCodePage
GetACP
GetOEMCP
FlushFileBuffers
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
HeapReAlloc
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
GetExitCodeThread
CreateThread
InitializeCriticalSection
GetCurrentDirectoryW
GlobalUnlock
GlobalLock
GlobalAlloc
WritePrivateProfileStringW
InitializeCriticalSectionAndSpinCount
DeleteFileW
GetCommandLineW
LoadLibraryW
GetLogicalDriveStringsW
lstrcpyW
GetTickCount
GetLocalTime
CreateFileW
Sleep
LeaveCriticalSection
EnterCriticalSection
LocalFree
GetProcAddress
FreeLibrary
InterlockedIncrement
GetVersionExW
CreateDirectoryW
GetTempPathW
FindResourceW
OutputDebugStringW
GetModuleHandleW
lstrlenW
lstrlenA
SizeofResource
LoadResource
DebugBreak
LockResource
FreeResource
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
RaiseException
GetLastError
OutputDebugStringA
LCMapStringW
DeleteCriticalSection
HeapAlloc
HeapFree
GetProcessHeap
IsProcessorFeaturePresent
EncodePointer
DecodePointer
GetStringTypeW

user32

UnregisterClassW
SetWindowsHookExW
UnhookWindowsHookEx
WindowFromPoint
DestroyWindow
DrawIconEx
FrameRect
DrawTextA
DefWindowProcW
RegisterClipboardFormatW
RegisterClassExW
LoadIconW
SendMessageW
ScreenToClient
IsIconic
SetFocus
TrackMouseEvent
EndPaint
BeginPaint
GetWindowTextW
UpdateLayeredWindow
GetWindowDC
FillRect
SetLayeredWindowAttributes
GetClassLongW
SetWindowRgn
SetWindowPos
CreateWindowExW
GetClientRect
DispatchMessageW
TranslateMessage
GetMessageW
SetWindowLongW
GetWindowLongW
IsWindow
GetParent
GetWindowRect
SystemParametersInfoW
GetCursorPos
DrawTextW
KillTimer
ReleaseCapture
SetCapture
GetCapture
IsWindowVisible
GetFocus
PostMessageW
SetTimer
IntersectRect
GetKeyState
ClientToScreen
PtInRect
GetClipboardData
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ReleaseDC
GetDC
ShowWindow
LoadCursorW
SetCursor
IsZoomed
PostQuitMessage
LoadStringW
CharNextW
wsprintfW
CallNextHookEx
MessageBoxW

gdi32

GetBitmapBits
GetCurrentObject
LineTo
MoveToEx
Rectangle
CreatePen
SetPixel
ExtTextOutW
FillRgn
CreateCompatibleBitmap
SetViewportOrgEx
BitBlt
CreateRoundRectRgn
GetTextColor
GetObjectW
SetBitmapBits
DeleteDC
SetBkMode
SetTextColor
GetStockObject
CreateCompatibleDC
SelectClipRgn
GetTextExtentPoint32W
GetTextMetricsW
SelectObject
DeleteObject
CreateSolidBrush
FrameRgn
TextOutW
GetObjectType
CreateFontIndirectW
CreatePolygonRgn
SetBkColor
CreateRectRgn

advapi32

RegSetValueExW
RegOpenKeyExW
RegCreateKeyW
RegCloseKey
RegOpenKeyW
RegQueryValueExW

shell32

SHBrowseForFolderW
CommandLineToArgvW
SHGetSpecialFolderPathW
ShellExecuteW
SHGetFolderPathW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation

ole32

CoInitialize
CoUninitialize
CoInitializeEx
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

SysAllocStringLen
SysFreeString
SysStringLen
SysAllocString

shlwapi

PathCombineW
PathFileExistsW
PathAppendW

msimg32

GradientFill

gdiplus

GdipSetImageAttributesWrapMode
GdipSetImageAttributesRemapTable
GdipDrawImageRectI
GdipCreateLineBrushFromRectI
GdipSetSmoothingMode
GdiplusShutdown
GdiplusStartup
GdipFillRectangleI
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateFromHDC
GdipCloneBitmapArea
GdipCreateBitmapFromResource
GdipDeleteGraphics
GdipDrawImageRectRectI
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipLoadImageFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromStream
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount

ws2_32

WSACleanup
WSAStartup

iphlpapi

GetAdaptersAddresses

setupapi

SetupIterateCabinetW

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

Sections

.text
Size: 901KB - Virtual size: 901KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42fb5e5cde82b6e09e63e7dd5b58c903

Headers

DLL Characteristics

File Characteristics

Imports

wininet

winhttp

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msimg32

gdiplus

ws2_32

iphlpapi

setupapi

imm32

Sections

.text Size: 901KB - Virtual size: 901KB

.rdata Size: 262KB - Virtual size: 261KB

.data Size: 23KB - Virtual size: 76KB

.rsrc Size: 2.8MB - Virtual size: 2.8MB

.reloc Size: 231KB - Virtual size: 230KB

.text
Size: 901KB - Virtual size: 901KB

.rdata
Size: 262KB - Virtual size: 261KB

.data
Size: 23KB - Virtual size: 76KB

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

.reloc
Size: 231KB - Virtual size: 230KB