7ea1535d1d97400f6b4067edcb53f92e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7ea1535d1d97400f6b4067edcb53f92e_JaffaCakes118
Size

28.4MB
MD5

7ea1535d1d97400f6b4067edcb53f92e
SHA1

a04d8bf724b73c0b4635b8930dc1b4ff0044cfdf
SHA256

bb3019ec70feb9102ea012070b582b8d415c5c00e58e64d21460dead0c610ac7
SHA512

ac99ba7b61078748dd2321b0eafe32ff859238e9199cb3222b44ae682514412f9bd6ca25c4ce5287e0afa22bbf121a5c2735374a05f44b9d313d1ce33faa06a9
SSDEEP

393216:v4hSLyg7ErZfbpdzma5uDj4mQSB5p5ufK:wSLybpJ8H4GWC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7ea1535d1d97400f6b4067edcb53f92e_JaffaCakes118

Files

7ea1535d1d97400f6b4067edcb53f92e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

286ac059ab441152a1a83992f9b04feb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegCloseKey
RegCreateKeyExA
RegSetValueExA

crypt32

CertCloseStore
CertDeleteCertificateFromStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore
PFXImportCertStore

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileW
CreateSemaphoreA
CreateSemaphoreW
CreateThread
DeleteCriticalSection
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FormatMessageA
FreeLibrary
GetACP
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDriveTypeA
GetFileAttributesA
GetFileAttributesExA
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileType
GetFullPathNameA
GetHandleInformation
GetLastError
GetLogicalDrives
GetLongPathNameA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNumberOfConsoleInputEvents
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathA
GetThreadContext
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalHandle
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LockResource
MapViewOfFile
MoveFileExA
MoveFileExW
MultiByteToWideChar
OpenProcess
OutputDebugStringA
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleInputA
ReadFile
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetConsoleMode
SetConsoleTextAttribute
SetCurrentDirectoryA
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFilePointer
SetLastError
SetPriorityClass
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VirtualProtect
VirtualQuery
VirtualQueryEx
WaitForMultipleObjects
WaitForSingleObject
WaitNamedPipeW
WideCharToMultiByte
WriteConsoleW
lstrcpyA
lstrcpynA

msvcrt

__doserrno
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__p__acmdln
__p__fmode
__pioinfo
__set_app_type
__setusermatherr
_aligned_free
_aligned_malloc
_aligned_realloc
_amsg_exit
_atoi64
_beginthread
_beginthreadex
_cexit
_close
_endthread
_endthreadex
_errno
_exit
_filelengthi64
_fileno
_findclose
_fstati64
_ftime
_fullpath
_get_osfhandle
_hypot
_initterm
_iob
_lock
_locking
_lseeki64
_mbsrchr
_mkdir
_onexit
_open
_open_osfhandle
_rmdir
_setjmp3
_setmode
_sopen
_stati64
_stricmp
_strnicmp
_ultoa
_unlink
_unlock
_vsnprintf
_wfopen
_wfullpath
_wgetenv
_wmkdir
_wopen
_wrename
_write
_wrmdir
_wsopen
_wstati64
_wunlink
abort
acos
asin
atan
atof
atoi
bsearch
calloc
clearerr
clock
cosh
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
frexp
fseek
fsetpos
ftell
fwprintf
fwrite
getc
getenv
isalnum
isalpha
islower
isprint
isspace
isupper
isxdigit
localeconv
log10
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
mktime
localtime
gmtime
ctime
perror
printf
putc
putchar
puts
qsort
raise
rand
realloc
remove
rename
rewind
setbuf
setlocale
setvbuf
signal
sinh
sprintf
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncat
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtok
strtol
strtoul
tan
tanh
time
tolower
toupper
ungetc
vfprintf
vsprintf
time
wcscat
wcscpy
wcslen
wcsncmp
_wfindnext
_wfindfirst
_snwprintf
_findnext
_findfirst
longjmp
_write
_unlink
_strdup
_setmode
_rmdir
_read
_putenv
_open
_mkdir
_memccpy
_fileno
_fdopen
_creat
_close
_chmod
_access

ole32

CoCreateInstance
CoInitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CreateItemMoniker
GetRunningObjectTable

psapi

EnumProcessModules

shell32

SHGetFolderPathA

shlwapi

PathCombineW
PathIsRelativeW
PathIsUNCW

user32

CreateWindowExA
DefWindowProcA
DispatchMessageA
GetMessageA
LoadCursorA
MessageBoxW
PostQuitMessage
RegisterClassA
SendMessageA
ShowWindow
TranslateMessage
UnregisterClassA
wsprintfA
wsprintfW

winmm

mciGetErrorStringA
mciSendCommandA
timeBeginPeriod
timeGetTime

ws2_32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyaddr
gethostbyname
gethostname
getpeername
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 20.6MB - Virtual size: 20.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7.4MB - Virtual size: 7.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 10.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

286ac059ab441152a1a83992f9b04feb

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

crypt32

kernel32

msvcrt

ole32

psapi

shell32

shlwapi

user32

winmm

ws2_32

Sections

.text Size: 20.6MB - Virtual size: 20.6MB

.rotext Size: 109KB - Virtual size: 109KB

.data Size: 194KB - Virtual size: 194KB

.rodata Size: 15KB - Virtual size: 15KB

.rdata Size: 7.4MB - Virtual size: 7.4MB

.bss Size: - Virtual size: 10.3MB

.idata Size: 11KB - Virtual size: 10KB

.CRT Size: 512B - Virtual size: 56B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 110KB - Virtual size: 109KB

.text
Size: 20.6MB - Virtual size: 20.6MB

.rotext
Size: 109KB - Virtual size: 109KB

.data
Size: 194KB - Virtual size: 194KB

.rodata
Size: 15KB - Virtual size: 15KB

.rdata
Size: 7.4MB - Virtual size: 7.4MB

.bss
Size: - Virtual size: 10.3MB

.idata
Size: 11KB - Virtual size: 10KB

.CRT
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 110KB - Virtual size: 109KB