b3fb2ebc75dff0901a4f62cfbd3a565d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b3fb2ebc75dff0901a4f62cfbd3a565d_JaffaCakes118
Size

882KB
MD5

b3fb2ebc75dff0901a4f62cfbd3a565d
SHA1

14519fdc52cd73280581f5faf526409026d6b861
SHA256

a4799b9f3bbc9d5e49f42dd0982613743372a83e3ed9a46c6af5011569486f81
SHA512

160a46373c946ab4a311cc048d22c23ad8037f27b7b7d34318b92d46360dc79d04f010777281b12f59db3838c8b493c0ae7dabae8d2eb6ef2632e1d2fc3d5ad3
SSDEEP

12288:OQs7WgPJtNHVBpDTmun+FfrL0cJGSKzKj:ObWgh3HVvDXn+RnJdKz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3fb2ebc75dff0901a4f62cfbd3a565d_JaffaCakes118

Files

b3fb2ebc75dff0901a4f62cfbd3a565d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e296f061346a7c7e81ba5400de1c0b8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenEventW
QueryDosDeviceW
QueryPerformanceCounter
ReadFile
ReleaseMutex
RemoveDirectoryW
ResetEvent
RtlUnwind
SetCurrentDirectoryW
SetErrorMode
SetEvent
SetFileAttributesW
MultiByteToWideChar
SetLastError
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringW
WriteProfileStringW
lstrlenA
MoveFileW
MoveFileExW
LockResource
LocalFree
LocalAlloc
LoadResource
LoadLibraryExW
LeaveCriticalSection
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
InitializeCriticalSection
HeapFree
GlobalUnlock
GlobalLock
GlobalFree
GetWindowsDirectoryW
GetWindowsDirectoryA
GetVersionExW
GetVersionExA
GetUserGeoID
GetUserDefaultLangID
GetUserDefaultLCID
GetTimeZoneInformation
GetTempPathW
GetTempPathA
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetSystemInfo
GetSystemDirectoryW
GetSystemDefaultLangID
GetShortPathNameW
GetProfileStringW
GetProcAddress
GetPrivateProfileStringW
GetNumberFormatW
GetNativeSystemInfo
GetModuleFileNameW
GetLongPathNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFileTime
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetExitCodeProcess
GetDiskFreeSpaceExW
GetCurrentThreadId
GetCurrentProcess
GetCurrentDirectoryW
GetComputerNameW
GetCommandLineW
FreeLibrary
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
ExpandEnvironmentStringsW
EnterCriticalSection
DeviceIoControl
DeleteFileW
DeleteFileA
DeleteCriticalSection
DebugBreak
CreateThread
CreateProcessW
CreateMutexW
CreateFileW
CreateFileA
CreateEventW
CreateDirectoryW
CopyFileW
CompareStringW
CloseHandle
GetFileAttributesA
VirtualAllocEx
GetProcessHeap
GetModuleHandleW
LoadLibraryA
GlobalAlloc
GetCurrentProcessId
GetDriveTypeW
GetVersion
Sleep
GetStartupInfoA
GetTickCount
GetModuleHandleA
lstrlenW
SetFilePointer
LoadLibraryW

user32

TranslateMessage
ShowWindow
SetWindowTextW
SetWindowPos
SetWindowLongW
SetTimer
SetScrollInfo
SetForegroundWindow
SetFocus
SetCursor
SendMessageW
SendDlgItemMessageW
ScrollWindow
ScreenToClient
ReleaseDC
RegisterWindowMessageA
PostThreadMessageW
PostQuitMessage
PostMessageW
PeekMessageW
MoveWindow
MessageBoxW
MapWindowPoints
LockSetForegroundWindow
LoadStringW
LoadStringA
LoadImageW
LoadCursorW
KillTimer
IsWindow
IsDlgButtonChecked
IsDialogMessageW
IsCharAlphaW
InvalidateRect
GetWindowRect
GetWindowLongW
GetSystemMenu
GetScrollInfo
GetMessageW
GetDlgItem
GetDesktopWindow
GetDC
GetClientRect
GetActiveWindow
FindWindowW
FindWindowExW
EndPaint
EnableWindow
DrawTextW
DrawFocusRect
DispatchMessageW
DestroyWindow
DestroyCursor
DefWindowProcW
CreateWindowExW
CreateDialogParamW
CheckRadioButton
CharNextW
CharNextA
CallWindowProcW
BeginPaint
EnableMenuItem
GetSystemMetrics
LoadIconW
UpdateWindow
LoadIconA
IsWindowVisible
SendMessageA
LoadBitmapW
DestroyIcon
GetSysColor
GetParent

gdi32

SetMapMode
SetBkColor
PatBlt
GetTextMetricsW
GetTextFaceA
GetFontLanguageInfo
SelectObject
DeleteEnhMetaFile
GdiFlush
CreateHalftonePalette
GetLayout
GetEnhMetaFileW
GetGraphicsMode
GetColorSpace
GetBkMode
CloseMetaFile
EndDoc
GetEnhMetaFileA
CloseFigure
EndPage
AbortPath
CreateMetaFileA
CancelDC
BeginPath
GetStockObject
CreateCompatibleDC
CreateSolidBrush
GetDCBrushColor
FlattenPath
GdiGetBatchLimit
SetBkMode
AbortDoc
SetTextColor
SetTextAlign
DeleteColorSpace
CreateFontA
CreateFontIndirectW
CreatePen
DeleteObject
ExtTextOutW
GetDeviceCaps
GetObjectW
DeleteDC

advapi32

EnumDependentServicesW
TraceMessage
StartServiceW
SetSecurityInfo
SetNamedSecurityInfoW
SetEntriesInAclW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExA
RegEnumValueW
RegEnumKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
OpenProcessToken
LookupPrivilegeValueW
LookupAccountSidW
RegOpenKeyA
RegQueryValueExA
AddAccessAllowedAceEx
AddAce
AdjustTokenPrivileges
AllocateAndInitializeSid
CloseServiceHandle
ControlService
ConvertSidToStringSidW
ConvertStringSidToSidW
CreateServiceW
DeleteService
EqualSid
FreeSid
GetAce
GetAclInformation
GetLengthSid
GetNamedSecurityInfoW
GetSecurityInfo
GetTokenInformation
InitializeAcl
InitiateSystemShutdownExW
LookupAccountNameW

shell32

ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHGetFolderPathW
SHGetFolderLocation
SHChangeNotify
CommandLineToArgvW

ole32

CLSIDFromString
CoCreateInstance
CoInitialize
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal
OleInitialize
OleUninitialize

shlwapi

SHDeleteKeyW
PathGetCharTypeW
PathGetCharTypeA
PathFindFileNameW
PathFindExtensionW
PathAddBackslashW
PathAddBackslashA

winmm

timeGetTime

msvcrt

wcsstr
wcsrchr
wcstol
wcsncmp
wcschr
towupper
wcspbrk
wcstok
_unlock
_XcptFilter
__dllonexit
__getmainargs
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_acmdln
_adjust_fdiv
_amsg_exit
_beginthreadex
_cexit
_controlfp
_endthread
_exit
_initterm
_ismbblead
_itow
_lock
_onexit
_purecall
_stricmp
_strlwr
_vsnprintf
_vsnwprintf
_wcsicmp
_wcslwr
_wcsnicmp
_wcsupr
_wtoi
_wtol
bsearch
calloc
ceil
exit
free
iswalnum
iswalpha
iswdigit
iswspace
malloc
memcpy
memmove
memset
strrchr
strstr
swscanf
towlower

Sections

.text
Size: 722KB - Virtual size: 722KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zzz0
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e296f061346a7c7e81ba5400de1c0b8a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

winmm

msvcrt

Sections

.text Size: 722KB - Virtual size: 722KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 19KB - Virtual size: 19KB

.zzz0 Size: 19KB - Virtual size: 18KB

.rsrc Size: 98KB - Virtual size: 98KB

.text
Size: 722KB - Virtual size: 722KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 19KB - Virtual size: 19KB

.zzz0
Size: 19KB - Virtual size: 18KB

.rsrc
Size: 98KB - Virtual size: 98KB