a796fe63b61f7522f2e2fd3f22dcb97a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a796fe63b61f7522f2e2fd3f22dcb97a_JaffaCakes118
Size

294KB
MD5

a796fe63b61f7522f2e2fd3f22dcb97a
SHA1

0aebb6d91d713643386fbd588253dc005c4b4719
SHA256

1a571f87f038cb604d7c5c71aeb4de30b92f011abff1b29d44813bfbb339d87c
SHA512

a9b60d3dc906faf5bbfe19e665c2c5f34455e4c377dbff116977bc39d36d6530e4c7ae0ee8ece9bf65313375f09055f68d02dec6cc25a3fabe3c132f1c24da55
SSDEEP

6144:GJ4WTBJJibYaFvqcMAEuT7QSW8vU8Jy+84+Mkoqts5H+8ImaYW3PBuqzvCA9St:G4WTrJibYaFUAEuXTWzr+84+BoBH+dvu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a796fe63b61f7522f2e2fd3f22dcb97a_JaffaCakes118

Files

a796fe63b61f7522f2e2fd3f22dcb97a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c2d353136d7d77bdc8393c8c8d509831

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
GetTempPathW
FileTimeToLocalFileTime
lstrcpyA
MultiByteToWideChar
DuplicateHandle
ResumeThread
GetCurrentThreadId
ReleaseMutex
GetHandleInformation
GetThreadContext
SetThreadContext
VirtualQuery
GetCurrentProcess
InterlockedCompareExchange
FlushInstructionCache
VirtualAlloc
VirtualProtect
ExitProcess
CreateDirectoryW
WTSGetActiveConsoleSessionId
GetProcessId
FindFirstFileW
VirtualFree
FindClose
RemoveDirectoryW
FindNextFileW
ExpandEnvironmentStringsW
UnregisterWait
RegisterWaitForSingleObject
lstrcatW
HeapReAlloc
GetProcessHeap
MapViewOfFile
UnmapViewOfFile
CreateProcessW
GetCommandLineW
GetVolumeNameForVolumeMountPointW
DosDateTimeToFileTime
CreateMutexW
TlsAlloc
TlsFree
VirtualQueryEx
ReadProcessMemory
VirtualProtectEx
VirtualAllocEx
WriteProcessMemory
SystemTimeToFileTime
GetTimeZoneInformation
GetLocalTime
GetSystemTime
GetNativeSystemInfo
GetSystemDefaultUILanguage
GetProcessTimes
GetModuleFileNameW
lstrcmpW
GlobalMemoryStatusEx
GetUserDefaultUILanguage
GetDiskFreeSpaceExW
GetVolumeInformationW
lstrcmpiA
GetVersionExW
OpenMutexW
InterlockedIncrement
InterlockedDecrement
IsBadReadPtr
SetErrorMode
GetComputerNameW
OpenEventW
GetCurrentProcessId
FreeLibrary
GetEnvironmentVariableW
ResetEvent
SetThreadPriority
TerminateProcess
TlsSetValue
GetCurrentThread
TlsGetValue
MoveFileExW
GetTempFileNameW
WaitForMultipleObjects
FileTimeToDosDateTime
LocalFree
TerminateThread
lstrcpyW
GetLogicalDrives
GetDriveTypeW
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
CreateThread
lstrcmpiW
LoadLibraryA
Thread32Next
LoadLibraryW
Thread32First
Sleep
TryEnterCriticalSection
GetExitCodeThread
SetFilePointer
OutputDebugStringA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetFileAttributesW
GetFileInformationByHandle
lstrcmpA
DeleteFileW
GetFileTime
GetProcAddress
GetFileSizeEx
FlushFileBuffers
ReadFile
GetFileAttributesW
SetFileTime
GetModuleHandleW
SetFilePointerEx
SetEndOfFile
GetLastError
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
VirtualFreeEx
OpenProcess
CreateRemoteThread
CreateFileW
WriteFile
CloseHandle
CreateEventW
SetEvent
WaitForSingleObject
QueryPerformanceCounter
WideCharToMultiByte
SetLastError
DeleteCriticalSection
EnterCriticalSection
GlobalUnlock
LeaveCriticalSection
InitializeCriticalSection
GetTickCount
GlobalLock
lstrlenW
lstrlenA
CreateFileMappingW

user32

GetProcessWindowStation
OpenDesktopW
CloseDesktop
SetThreadDesktop
GetUserObjectInformationW
OpenWindowStationW
CharLowerA
GetMessageA
GetWindowRect
SetCapture
GetParent
GetCapture
SetCursorPos
GetSystemMetrics
MapVirtualKeyW
ExitWindowsEx
GetWindow
SetWindowLongW
WindowFromPoint
LoadImageW
GetTopWindow
GetShellWindow
CreateWindowStationW
DefFrameProcW
SwitchDesktop
CallWindowProcW
EndMenu
CallWindowProcA
RegisterClassW
HiliteMenuItem
DefMDIChildProcA
DefDlgProcA
GetMenuItemCount
MsgWaitForMultipleObjects
DispatchMessageW
GetLastInputInfo
DrawIcon
GetIconInfo
RegisterClassExA
RegisterWindowMessageW
GetMenuItemID
SetKeyboardState
GetSubMenu
DefDlgProcW
DefFrameProcA
OpenInputDesktop
CloseWindowStation
GetThreadDesktop
SetProcessWindowStation
RegisterClassA
GetWindowLongW
GetAncestor
PeekMessageW
PeekMessageA
SetWindowPos
GetCursorPos
SendMessageTimeoutW
IsWindow
ReleaseCapture
MapWindowPoints
GetMessagePos
GetWindowThreadProcessId
CharLowerW
CharUpperW
CharToOemW
EndPaint
GetUpdateRgn
GetMessageW
GetWindowDC
FillRect
PostMessageW
GetWindowInfo
DrawEdge
BeginPaint
GetUpdateRect
GetDC
IntersectRect
GetDCEx
ReleaseDC
PostThreadMessageW
EqualRect
MenuItemFromPoint
GetMenu
RegisterClassExW
GetMenuItemRect
TrackPopupMenuEx
SystemParametersInfoW
GetClassNameW
GetMenuState
DefWindowProcA
DefMDIChildProcW
CreateDesktopW
PrintWindow
SendMessageW
DefWindowProcW
IsRectEmpty
TranslateMessage
GetKeyboardState
GetClipboardData
ToUnicode
GetClassLongW

advapi32

CryptVerifySignatureW
CryptGetKeyParam
CryptImportKey
CryptDestroyKey
CryptDestroyHash
GetLengthSid
OpenProcessToken
GetSidSubAuthority
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
CreateProcessAsUserW
LookupPrivilegeValueW
AdjustTokenPrivileges
EqualSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
InitiateSystemShutdownExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
CryptHashData
IsWellKnownSid
ConvertSidToStringSidW

shlwapi

StrChrA
StrChrW
StrCmpIW
StrRChrA
PathGetDriveNumberW
StrCmpNW
PathAddBackslashW
PathQuoteSpacesW
SHDeleteKeyW
SHDeleteValueW
StrCmpNIA
UrlUnescapeA
PathMatchSpecW
PathIsURLW
PathUnquoteSpacesW
PathSkipRootW
StrCmpNIW
PathRemoveBackslashW
wvnsprintfA
wvnsprintfW
StrCmpNA
PathFindExtensionW
PathFindFileNameW
PathAddExtensionW
PathRemoveFileSpecW
PathIsDirectoryW
ord14

shell32

CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW

secur32

EncryptMessage
DecryptMessage
GetUserNameExW

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CreateStreamOnHGlobal
StringFromGUID2
CLSIDFromString
CoSetProxyBlanket
CoTaskMemFree
CoUninitialize

gdi32

SetRectRgn
CreateCompatibleBitmap
DeleteObject
GetDIBits
CreateDIBSection
RestoreDC
SaveDC
CreateCompatibleDC
SelectObject
GdiFlush
DeleteDC
SetViewportOrgEx
GetDeviceCaps
CreateDCW
BitBlt

ws2_32

setsockopt
sendto
WSACleanup
recv
shutdown
getsockname
WSAEventSelect
WSAEnumNetworkEvents
recvfrom
WSARecv
WSASend
WSAGetOverlappedResult
getaddrinfo
select
freeaddrinfo
WSACloseEvent
getpeername
bind
socket
WSACreateEvent
WSASetLastError
closesocket
send
getsockopt
listen
WSAAddressToStringA
WSAStringToAddressW
accept
WSAGetLastError
WSAIoctl
connect
WSAStartup

crypt32

PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
CryptUnprotectData

wininet

InternetCrackUrlA
InternetQueryOptionA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetSetOptionA
InternetReadFile
InternetConnectA
HttpQueryInfoA

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

netapi32

NetUserGetInfo
NetUserEnum
NetApiBufferFree

iphlpapi

GetAdaptersAddresses

msvcrt

_errno
memcpy
memcmp
_ultow
memset
abs
_purecall
memmove
strcmp
memchr
_vsnwprintf
_vsnprintf
strtoul
_wtoi
_except_handler3

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ntdll

RtlUnwind

Sections

.text
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2d353136d7d77bdc8393c8c8d509831

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

iphlpapi

msvcrt

version

ntdll

Sections

.text Size: 271KB - Virtual size: 270KB

.data Size: 2KB - Virtual size: 9KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 271KB - Virtual size: 270KB

.data
Size: 2KB - Virtual size: 9KB

.reloc
Size: 15KB - Virtual size: 14KB