79c209a7fe48a5b5eb3dfffee336b1fa_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

79c209a7fe48a5b5eb3dfffee336b1fa_JaffaCakes118
Size

1.8MB
MD5

79c209a7fe48a5b5eb3dfffee336b1fa
SHA1

38bcc8deb57782ef132f445641833a1fabcc5d06
SHA256

6090acec5147ba31164ea3f3ec73f44b934bf49a2b1a0ff96dc94f23a3ef2dff
SHA512

ed9f557f2e70fe41f38730e0a1395321ab01bd7c47a204abbbc4518ee1f8856631f41f390daae0b9b27bd86516dca1bc86eeda4e3826efcc4b39c5c102b27691
SSDEEP

24576:TlFS7RB5uMgzSJ0bXsc0gABLjQqHoCdUJIBLYYxOjO/VbvCSqBd3iV2+qhSGKA7X:RoXvgplAV7hr4CRz2+eFKRjvMn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79c209a7fe48a5b5eb3dfffee336b1fa_JaffaCakes118

Files

79c209a7fe48a5b5eb3dfffee336b1fa_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fc4e3d24ae96261cf65bf2e03ce10f90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidCreate

wininet

InternetGetConnectedState
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW
DeleteUrlCacheEntryW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

winhttp

WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpReceiveResponse
WinHttpReadData
WinHttpSendRequest
WinHttpQueryDataAvailable
WinHttpCloseHandle

wtsapi32

WTSQuerySessionInformationW

kernel32

LoadLibraryExW
GlobalAlloc
GlobalLock
GlobalDeleteAtom
lstrcmpA
lstrcmpW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetModuleHandleA
GlobalUnlock
GlobalFree
RaiseException
SetEvent
SetThreadPriority
SuspendThread
ResumeThread
GlobalAddAtomW
EncodePointer
DecodePointer
GetSystemDirectoryW
GlobalFindAtomW
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedIncrement
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
CompareStringW
InterlockedExchange
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
GetThreadLocale
GetVolumeInformationW
DuplicateHandle
GetFileSizeEx
GetFileTime
SetErrorMode
IsDebuggerPresent
IsProcessorFeaturePresent
RtlUnwind
GetModuleHandleExW
VirtualAlloc
VirtualProtect
ExitThread
HeapQueryInformation
SetStdHandle
GetFileType
GetStdHandle
GetStartupInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsValidCodePage
GetOEMCP
GetCPInfo
GetStringTypeW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
GetTimeZoneInformation
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetEnvironmentVariableW
WriteConsoleW
SetEnvironmentVariableA
GetACP
InterlockedCompareExchange
InitializeCriticalSection
AreFileApisANSI
CreateFileA
CreateFileMappingA
DeleteFileA
FlushFileBuffers
FormatMessageA
FreeLibrary
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFullPathNameA
GetFullPathNameW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetVersionExA
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
LoadLibraryA
LoadLibraryW
LockFile
LockFileEx
QueryPerformanceCounter
SetEndOfFile
SetFilePointer
SystemTimeToFileTime
UnlockFile
UnlockFileEx
OutputDebugStringA
GetProcessHeap
ReadFile
WTSGetActiveConsoleSessionId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
FindResourceExW
GetCurrentThread
GetCommandLineW
GetExitCodeProcess
GetCurrentProcess
MulDiv
FreeResource
WaitForSingleObject
TerminateProcess
Thread32Next
Thread32First
OpenProcess
WaitForMultipleObjectsEx
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
ProcessIdToSessionId
GetCurrentThreadId
SetLastError
GetFileSize
Sleep
OutputDebugStringW
InterlockedDecrement
GetModuleFileNameW
RemoveDirectoryW
GetFileAttributesW
FindClose
CopyFileW
GetTempPathW
MoveFileExW
GetFileAttributesExW
UnmapViewOfFile
VirtualQuery
MapViewOfFile
CreateFileMappingW
LocalAlloc
lstrlenW
FormatMessageW
CloseHandle
WriteFile
CreateFileW
GetExitCodeThread
TerminateThread
WaitForMultipleObjects
CreateThread
PulseEvent
CreateEventW
GetCurrentProcessId
LocalFree
GetModuleHandleW
GetProcAddress
GetVersionExW
CreateProcessW
MultiByteToWideChar
GetVersion
CreateMutexW
FindNextFileW
DeleteFileW
FindFirstFileW
CreateDirectoryW
GetTickCount
ExitProcess
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
GetLocaleInfoW

user32

IsRectEmpty
IntersectRect
SetRect
InvalidateRgn
CopyAcceleratorTableW
OffsetRect
CharNextW
InvalidateRect
KillTimer
SetTimer
RealChildWindowFromPoint
LoadCursorW
ReleaseCapture
SetCapture
DestroyMenu
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetTopWindow
GetClassNameW
GetClassLongW
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
RedrawWindow
SetForegroundWindow
GetForegroundWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
IsChild
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
GetSysColor
ScreenToClient
SetWindowContextHelpId
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
UnhookWindowsHookEx
IsDialogMessageW
GetWindow
GetWindowTextW
SetWindowTextW
SetFocus
GetDlgCtrlID
GetWindowLongW
SetWindowLongW
LoadImageW
SendMessageW
SetWindowPos
MoveWindow
ShowWindow
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetLastActivePopup
SetCursor
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
IsWindowVisible
TranslateMessage
GetMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
GetFocus
RegisterWindowMessageW
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
IsWindow
PostQuitMessage
GetParent
MapDialogRect
GetSysColorBrush
CharUpperW
MessageBeep
SendDlgItemMessageA
CharLowerW
GetNextDlgGroupItem
RegisterClipboardFormatW
UnregisterClassW
ClientToScreen
LoadIconW
GetSystemMetrics
GetClientRect
GetKeyState
GetSystemMenu
EnableMenuItem
EnableWindow
SendNotifyMessageW
wsprintfW
PostMessageW
MessageBoxW
PeekMessageW
DispatchMessageW
PostThreadMessageW
GetWindowThreadProcessId
GetDesktopWindow
GetDC
ReleaseDC
GetWindowRect
AdjustWindowRect
GetShellWindow
PtInRect

gdi32

ScaleWindowExtEx
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
ScaleViewportExtEx
OffsetViewportOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
GetObjectW
GetClipBox
Escape
DeleteObject
DeleteDC
CreateBitmap
GetTextExtentPoint32W
GetTextFaceW
GetTextMetricsW
SelectObject
GetMapMode
GetDeviceCaps
SetTextColor
SetMapMode
SetBkColor
ExtSelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetStockObject

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

SetSecurityDescriptorGroup
RegEnumKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
FreeSid
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
RegDeleteValueW
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
DuplicateToken
OpenThreadToken
RegDeleteKeyW
DuplicateTokenEx
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSetValueW
RegSetValueExW
RegQueryValueW
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW
RegCloseKey
RegOpenCurrentUser

shell32

CommandLineToArgvW
SHGetFolderPathW
SHChangeNotify
ShellExecuteW
SHGetSpecialFolderPathW

comctl32

InitCommonControlsEx

shlwapi

PathRemoveFileSpecW
PathAppendW
PathFileExistsW
PathCanonicalizeW
SHQueryValueExW
PathFindExtensionW
UrlUnescapeW
PathIsUNCW
PathStripToRootW
PathFindFileNameW

ole32

StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromProgID
CoGetClassObject
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoDisconnectObject
CLSIDFromString
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
StringFromGUID2
CoInitialize
CoCreateInstance
CoUninitialize
CoInitializeEx
CoRegisterMessageFilter
CoCreateGuid
CoTaskMemAlloc
CoTaskMemFree

oleaut32

VariantClear
VariantInit
VariantCopy
VariantChangeType
LoadRegTypeLi
DispCallFunc
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayCreate
SafeArrayDestroy
SysFreeString
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
LoadTypeLi
SysAllocStringLen
SysAllocString
SysStringLen

oledlg

OleUIBusyW

urlmon

URLDownloadToFileW

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 310KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc4e3d24ae96261cf65bf2e03ce10f90

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

wininet

version

winhttp

wtsapi32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

urlmon

oleacc

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 194KB - Virtual size: 193KB

.data Size: 22KB - Virtual size: 40KB

.rsrc Size: 310KB - Virtual size: 309KB

.reloc Size: 167KB - Virtual size: 166KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 194KB - Virtual size: 193KB

.data
Size: 22KB - Virtual size: 40KB

.rsrc
Size: 310KB - Virtual size: 309KB

.reloc
Size: 167KB - Virtual size: 166KB