a4dbd87f979b17d9c8038f2b1c0a43a1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a4dbd87f979b17d9c8038f2b1c0a43a1_JaffaCakes118
Size

3.1MB
MD5

a4dbd87f979b17d9c8038f2b1c0a43a1
SHA1

fa44f93d9b7f8ff268be27a5b6a70145a66d5acf
SHA256

1279dc5bd8cc802c430495e2c9ff428316effb62bd59e2c44e053cab02c60a51
SHA512

29b7950894acf29cdb216dea95dd00138a69eab806d6fab4692a1f3e8fac564b6392168361a8059e8cf7aaa414f09a2667811af1c954e9c5d12ee541db8692a7
SSDEEP

49152:7mvM31IIwbYJSVFHw3+bU+f6mBim4unLwvM4Ow+D/aX9z8bxe:7mKJSTHw3qpN4unkUVnDaa1e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4dbd87f979b17d9c8038f2b1c0a43a1_JaffaCakes118

Files

a4dbd87f979b17d9c8038f2b1c0a43a1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

04c0c27c77ad3a2a76e83af0bd566196

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetProcessImageFileNameW

rpcrt4

UuidToStringW
RpcStringFreeW

imagehlp

ImageEnumerateCertificates
ImageGetCertificateData

shlwapi

PathFindFileNameW
SHEnumKeyExW
SHDeleteValueW
SHEnumValueW
SHGetValueW
SHDeleteKeyW
SHSetValueW
StrStrIW

kernel32

CreateMutexW
HeapCompact
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FreeLibrary
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
WaitForSingleObject
InterlockedCompareExchange
UnlockFile
LockFile
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
FormatMessageW
GetVersionExW
HeapDestroy
LeaveCriticalSection
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetLastError
GetProcAddress
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
OutputDebugStringA
GetVersionExA
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
PostQueuedCompletionStatus
TlsAlloc
TlsFree
FindFirstFileW
OpenProcess
FindClose
FindNextFileW
GetVersion
GetCurrentProcess
MoveFileExW
CreateDirectoryW
GetSystemDirectoryW
GetModuleFileNameW
GetFileSize
TlsGetValue
InitializeCriticalSectionAndSpinCount
CreateIoCompletionPort
GetModuleHandleA
CancelIo
GetCurrentThreadId
SetWaitableTimer
GetQueuedCompletionStatus
TlsSetValue
TerminateThread
CopyFileW
SetLastError
QueueUserAPC
WaitForMultipleObjects
HeapReAlloc
FreeResource
FindResourceW
LoadResource
SizeofResource
LockResource
Process32FirstW
GetProcessId
Process32NextW
ExitProcess
SetThreadExecutionState
SetProcessShutdownParameters
VirtualFree
VirtualAlloc
VirtualProtect
CreateProcessW
GetModuleHandleW
GetCurrentThread
TerminateProcess
DuplicateHandle
GetDriveTypeW
FindFirstFileExW
SetStdHandle
ReadConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
UnregisterWaitEx
InitializeSListHead
ReleaseSemaphore
RtlUnwind
FreeLibraryAndExitThread
GetThreadTimes
GetStringTypeW
GetConsoleMode
GetConsoleCP
GetOEMCP
GetACP
IsValidCodePage
CreateSemaphoreW
GetStartupInfoW
CreateEventW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTimeZoneInformation
GetModuleHandleExW
FileTimeToSystemTime
GetFileInformationByHandle
FileTimeToLocalFileTime
SetFilePointerEx
LoadLibraryExW
ExitThread
GetCommandLineA
GetCPInfo
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
RemoveDirectoryW
CreateFileA
GetFullPathNameA
GetFullPathNameW
SystemTimeToTzSpecificLocalTime
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
WriteConsoleW
SetEnvironmentVariableA
GetCurrentDirectoryW
GetExitCodeThread
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
SetEvent
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
CreateTimerQueue
DecodePointer
EncodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
LoadLibraryExA
RaiseException
ExpandEnvironmentStringsA
PeekNamedPipe
GetFileType
GetStdHandle
VerifyVersionInfoA
SleepEx
VerSetConditionMask
DeviceIoControl
CreateToolhelp32Snapshot

user32

SetProcessWindowStation
SwitchToThisWindow
GetSystemMetrics
CreateWindowExW
ShowWindow
GetMessageW
PostQuitMessage
CloseWindowStation
BringWindowToTop
LoadIconW
RegisterClassExW
OpenDesktopW
CloseDesktop
TranslateMessage
DestroyIcon
SetWindowLongW
SetThreadDesktop
OpenWindowStationW
DefWindowProcW
DispatchMessageW
SetTimer
GetWindowRect
PostMessageW
KillTimer
SetWindowPos
GetWindowThreadProcessId
GetClassNameW
FindWindowExA
GetShellWindow
FindWindowW
SetForegroundWindow
SendMessageW
EnumWindows
GetWindowTextW
SendMessageA
MessageBoxIndirectW
GetWindowLongW
ReleaseCapture
SetWindowTextW
DestroyWindow

gdi32

GetStockObject

advapi32

AllocateAndInitializeSid
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
AdjustTokenPrivileges
DuplicateTokenEx
LookupPrivilegeValueW
GetSidSubAuthorityCount
OpenThreadToken
GetSidSubAuthority
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
FreeSid
SetEntriesInAclW
SetSecurityInfo
GetSecurityInfo
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
CryptAcquireContextA

shell32

SHChangeNotify
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW

ole32

CoCreateGuid
CoInitializeEx
CoSetProxyBlanket
CoUninitialize
CoCreateInstance

oleaut32

SafeArrayGetUBound
SafeArrayDestroy
SafeArrayAccessData
SafeArrayGetLBound
SysAllocString
SysFreeString
VariantClear
VariantInit

ws2_32

accept
WSAGetLastError
htons
setsockopt
bind
WSASetLastError
closesocket
gethostname
listen
WSAStartup
WSACleanup
sendto
recvfrom
freeaddrinfo
getaddrinfo
WSAIoctl
socket
ntohs
getsockopt
getsockname
getpeername
connect
send
recv
select
__WSAFDIsSet
ioctlsocket
WSARecv
WSASocketW
WSASend

wldap32

ord143
ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord301
ord200
ord30
ord79
ord35

mswsock

GetAcceptExSockaddrs
AcceptEx

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 221KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04c0c27c77ad3a2a76e83af0bd566196

Headers

DLL Characteristics

File Characteristics

Imports

version

psapi

rpcrt4

imagehlp

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

wldap32

mswsock

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 221KB - Virtual size: 221KB

.data Size: 31KB - Virtual size: 51KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 221KB - Virtual size: 221KB

.data
Size: 31KB - Virtual size: 51KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB