801d014a0849c37a017f6159e1b9ca1d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

801d014a0849c37a017f6159e1b9ca1d_JaffaCakes118
Size

14.0MB
MD5

801d014a0849c37a017f6159e1b9ca1d
SHA1

9099e6eb07b6eccb7dccd0a9d0a7fd7b5245a43f
SHA256

2a884a5315905963f98c8d7e35f5d24fb6a6e39fb7465c8d2b834dacf23d207a
SHA512

229c76264ee9ad56717d7fc5e6ae7cfca17b42b1f46d413f1f6501071c18b94f21797306c19efaa8d48e5f042483d3b953abe03c19f46a92f973e6af3d44ba09
SSDEEP

393216:xaBt6zKA9aBKFKFC2z3KFKwRKFK0SpuNKFKUC:mK9aBKFKFC2z3KFKwRKFK0SpuNKFKU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
801d014a0849c37a017f6159e1b9ca1d_JaffaCakes118

Files

801d014a0849c37a017f6159e1b9ca1d_JaffaCakes118
.exe windows:6 windows x64 arch:x64

24ffba3965d48e6f2654413667d91fe6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

userenv

ExpandEnvironmentStringsForUserW
GetProfilesDirectoryW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

setupapi

InstallHinfSectionW

crypt32

CertVerifyCertificateChainPolicy
CertOpenSystemStoreA
CertAddEncodedCertificateToStore
CertFreeCertificateChain
CertGetCertificateChain
CertOpenSystemStoreW
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext
CertOpenStore
CertDeleteCertificateFromStore
PFXExportCertStoreEx
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CryptProtectData

ws2_32

WSAStartup
WSAAddressToStringA
WSACleanup
ntohl
htons
closesocket
ntohs
shutdown
WSAGetLastError
recv
send
WSASetLastError
htonl

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpSetTimeouts
WinHttpReadData
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse

user32

GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation
TranslateMessage
DispatchMessageW
GetMessageW
CharUpperW
CharNextW
LoadStringW
LoadStringA
PostThreadMessageW

ole32

CoCreateInstance
CoAddRefServerProcess
CoInitialize
OleRun
CoReleaseServerProcess

oleaut32

VariantClear
SysAllocString
SysFreeString

kernel32

GetModuleHandleW
GetProcAddress
DecodePointer
GetModuleFileNameW
GetCurrentThreadId
GetExitCodeProcess
SetUnhandledExceptionFilter
GetCommandLineW
GetSystemDefaultUILanguage
MoveFileW
Sleep
LoadLibraryW
GetTempPathW
GetTempFileNameW
GetCurrentProcess
GetFileAttributesW
CreateFileW
GetFileSizeEx
CopyFileW
CreateDirectoryW
GetNativeSystemInfo
GetWindowsDirectoryW
ExpandEnvironmentStringsW
GetCurrentProcessId
OpenProcess
CreateProcessW
FindClose
lstrlenW
lstrcpyW
GetFileSize
ReadFile
WriteFile
FindFirstFileExW
GetLongPathNameW
FindNextFileW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTickCount
CreateEventA
DuplicateHandle
SetEvent
TerminateProcess
FreeLibrary
LocalFree
GetFileAttributesExW
FileTimeToSystemTime
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateEventW
ResetEvent
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
DeleteCriticalSection
SetLastError
GetComputerNameW
GetSystemDirectoryW
GetVolumeInformationW
GetDriveTypeW
GetOverlappedResult
DeviceIoControl
GetSystemInfo
GetModuleHandleA
CancelIo
CreateFileA
LoadLibraryA
FindFirstFileW
CreateMutexA
ReleaseMutex
GetVersion
MultiByteToWideChar
GetFileType
GetStdHandle
SetFilePointer
SetEndOfFile
RtlVirtualUnwind
WideCharToMultiByte
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
SystemTimeToFileTime
GetSystemTime
GetStringTypeW
GetCurrentThread
CreateThread
GetFileInformationByHandle
AreFileApisANSI
EncodePointer
lstrlenA
InitializeCriticalSectionAndSpinCount
GetStringTypeExA
IsProcessorFeaturePresent
GetModuleHandleExW
WriteConsoleW
SystemTimeToTzSpecificLocalTime
ExitProcess
LoadLibraryExW
FileTimeToLocalFileTime
PeekNamedPipe
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
ExitThread
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
CreateTimerQueue
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
RtlCaptureContext
UnhandledExceptionFilter
GetStartupInfoW
CreateSemaphoreW
GetFullPathNameW
MoveFileExW
SetEnvironmentVariableA
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeSListHead
UnregisterWaitEx
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
OutputDebugStringW
GetThreadTimes
FreeLibraryAndExitThread
SetStdHandle
GetTimeZoneInformation
OpenEventA
FormatMessageA
RaiseException
WaitForSingleObject
WaitForMultipleObjects
GetSystemTimeAsFileTime
CloseHandle
ReleaseSemaphore
CreateSemaphoreA
GetLastError
DeleteFileW
GetCPInfo
ResumeThread
GetExitCodeThread
MapViewOfFileEx
UnmapViewOfFile
CreateFileMappingA
LCMapStringA
GetProcessHeap
IsDebuggerPresent

advapi32

ReportEventW
DeleteService
ControlService
CloseServiceHandle
CreateServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
ChangeServiceConfig2W
ChangeServiceConfigW
OpenServiceW
OpenSCManagerW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegisterEventSourceW
DeregisterEventSource
QueryServiceStatusEx
StartServiceW
OpenEventLogW
ReadEventLogW
CloseEventLog
EnumServicesStatusW
CreateProcessAsUserW
RevertToSelf
ImpersonateLoggedOnUser
DuplicateTokenEx
OpenSCManagerA
RegOpenKeyExA
StartServiceA
CreateServiceA
RegQueryValueExA
OpenServiceA
AdjustTokenPrivileges
LookupPrivilegeValueA
LookupAccountNameW
SetSecurityInfo
GetSecurityInfo
GetAce
GetAclInformation
AddAce
InitializeAcl
EqualSid
LookupAccountSidW
IsValidSid
GetLengthSid
CopySid
RegOpenKeyW
RegSetValueExA
RegEnumKeyExW
RegCreateKeyW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
NotifyChangeEventLog
ReadEventLogA
GetNumberOfEventLogRecords
GetOldestEventLogRecord
OpenEventLogA
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW

shell32

SHGetFolderPathW

shlwapi

SHDeleteKeyW
SHCopyKeyW

dbghelp

MiniDumpWriteDump

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory

psapi

GetModuleFileNameExA

Sections

.wdata
Size: 11.6MB - Virtual size: 11.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 378KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bsmyot
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24ffba3965d48e6f2654413667d91fe6

Headers

DLL Characteristics

File Characteristics

Imports

userenv

version

setupapi

crypt32

ws2_32

winhttp

user32

ole32

oleaut32

kernel32

advapi32

shell32

shlwapi

dbghelp

wtsapi32

psapi

Sections

.wdata Size: 11.6MB - Virtual size: 11.6MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 378KB - Virtual size: 464KB

.pdata Size: 177KB - Virtual size: 177KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.bsmyot Size: 202KB - Virtual size: 201KB

.wdata
Size: 11.6MB - Virtual size: 11.6MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 378KB - Virtual size: 464KB

.pdata
Size: 177KB - Virtual size: 177KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.bsmyot
Size: 202KB - Virtual size: 201KB