0cb3a26795b1c0db5c7e58c9afaadb28_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0cb3a26795b1c0db5c7e58c9afaadb28_JaffaCakes118
Size

257KB
MD5

0cb3a26795b1c0db5c7e58c9afaadb28
SHA1

413d11f6dc33d10520d1e55b6a8914f57295ec63
SHA256

27274231019af3d19333db9af18ff369d5172c0cafaf70cd010d72eeb007cffc
SHA512

eca8d023054114d21bc2df43c7935189ef649d821b303d3fbf0a62099c7fa6c6ac51b305756dfa40dddeccff3afa3d3a5fb7a40c76385e6d611d5e63cc0a5730
SSDEEP

6144:U2cBI081CUJapUly6LcDIBe/xAAz825s:TcqAsaqly6LVIxbzZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cb3a26795b1c0db5c7e58c9afaadb28_JaffaCakes118

Files

0cb3a26795b1c0db5c7e58c9afaadb28_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f33f46d725b776bcbcb825e76e86e383

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
FlushFileBuffers
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
InitializeCriticalSectionAndSpinCount
SetFilePointer
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
SetEndOfFile
GetProcessHeap
ReadFile
GetTickCount
GetLocalTime
Sleep
GetModuleFileNameA
GetCommandLineA
GetTempPathA
CreateDirectoryA
DeleteFileA
RemoveDirectoryA
MoveFileA
CreateMutexA
GetLastError
lstrcpyA
lstrcatA
lstrlenA
ExpandEnvironmentStringsA
GetFileAttributesExA
CreateThread
WriteFile
WaitForSingleObject
TerminateThread
CloseHandle
HeapFree
HeapCreate
HeapDestroy
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryW
ExitProcess
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetLastError
TlsFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetModuleHandleW
TlsGetValue
GetProcAddress
IsBadReadPtr
HeapValidate
GetStartupInfoA
GetModuleFileNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement

user32

wsprintfA
GetClassLongA

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegSetValueExA

ole32

CoInitialize

shell32

ShellExecuteA

shlwapi

PathIsDirectoryA
PathFileExistsA
PathRemoveBlanksA
PathFindFileNameA
PathGetArgsA

gdi32

GetTextCharsetInfo
TranslateCharsetInfo
CreateRoundRectRgn
AbortPath
GetGlyphOutlineA
GetLayout
SetEnhMetaFileBits
ColorCorrectPalette
GetDCPenColor
GetGraphicsMode
SetBkColor
PlayEnhMetaFileRecord
RoundRect
GetSystemPaletteEntries
SetDIBitsToDevice
GetFontUnicodeRanges
PolyBezier
SetStretchBltMode

ws2_32

recv
closesocket
__WSAFDIsSet
select
connect
ioctlsocket
htons
socket
gethostbyname
WSAStartup
send

netapi32

Netbios

comdlg32

ChooseFontW
FindTextW
ChooseFontA
GetFileTitleW
GetOpenFileNameA
CommDlgExtendedError
GetSaveFileNameA
PageSetupDlgW
ReplaceTextA
PrintDlgA
ChooseColorA
GetOpenFileNameW

comsvcs

CoCreateActivity

crypt32

CryptInstallDefaultContext
CertAddEncodedCTLToStore
CryptStringToBinaryW
CryptBinaryToStringW
CertCreateCRLContext
CertGetCRLFromStore
CryptEnumKeyIdentifierProperties
CryptDecodeMessage
CertRemoveEnhancedKeyUsageIdentifier
CryptRegisterDefaultOIDFunction
CryptUninstallDefaultContext
CryptEnumOIDFunction
CertSetEnhancedKeyUsage
CryptInitOIDFunctionSet
CryptSignCertificate
CertDuplicateCertificateChain
CertCompareCertificateName
CryptGetMessageCertificates
CertSerializeCTLStoreElement
CertDeleteCertificateFromStore
CertFindCertificateInCRL
CryptQueryObject
CryptVerifyCertificateSignature
CryptSignMessage
CryptCloseAsyncHandle
CertEnumSubjectInSortedCTL

imm32

ImmGetContext
ImmEscapeA
ImmGetRegisterWordStyleW
ImmGetConversionListA
ImmGetCandidateWindow
ImmSetCompositionWindow
ImmGetOpenStatus
ImmRegisterWordW
ImmGetDescriptionW
ImmGetCandidateListCountA
ImmGetCandidateListCountW
ImmIsUIMessageW
ImmSetConversionStatus
ImmUnregisterWordA
ImmDisableIME
ImmGetCandidateListW
ImmEnumRegisterWordW
ImmEnumInputContext
ImmIsIME
ImmSetStatusWindowPos
ImmGetDefaultIMEWnd
ImmRegisterWordA
ImmSetCompositionStringA
ImmGetRegisterWordStyleA
ImmGetImeMenuItemsA
ImmGetCompositionFontA
ImmGetStatusWindowPos
ImmConfigureIMEA
ImmInstallIMEW
ImmAssociateContext
ImmGetCandidateListA
ImmSetCompositionFontW

iphlpapi

SetIfEntry
NotifyAddrChange
SetIpNetEntry
NhpAllocateAndGetInterfaceInfoFromStack
GetIpAddrTable
GetIcmpStatisticsEx
DeleteIpNetEntry
SetTcpEntry
SetIpTTL
GetBestInterfaceEx
GetInterfaceInfo
GetTcpStatistics
RestoreMediaSense
GetOwnerModuleFromUdpEntry
CreateProxyArpEntry
GetIpNetTable
GetRTTAndHopCount
GetIfTable
GetExtendedUdpTable
CreateIpNetEntry
GetIpForwardTable
GetOwnerModuleFromTcpEntry
SendARP
DeleteIPAddress
GetIpErrorString
GetUdpStatistics
AddIPAddress
GetExtendedTcpTable
SetIpForwardEntry
GetAdaptersInfo
GetIcmpStatistics
GetFriendlyIfIndex
EnableRouter
GetTcpTable

msi

ord126
ord83
ord11
ord190
ord251
ord178
ord223
ord242
ord219
ord254
ord131
ord169
ord275
ord208
ord82
ord109
ord209
ord213
ord216
ord203
ord14
ord42
ord231
ord256
ord205
ord239
ord81
ord228
ord66
ord210
ord214
ord179
ord168
ord60
ord16
ord192
ord85
ord177
ord244
ord276
ord94
ord218
ord67
ord180
ord36
ord174
ord137
ord204
ord211
ord87
ord113
ord246
ord141
ord273
ord238
ord265
ord90
ord240
ord71
ord281
ord267
ord37
ord194
ord89
ord8
ord181
ord243
ord248
ord10
ord227
ord195
ord226
ord241
ord5
ord269
ord255
ord172
ord70
ord193
ord173
ord257
ord274
ord176
ord259
ord260

msimg32

TransparentBlt

mswsock

WSARecvEx

Sections

.text
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f33f46d725b776bcbcb825e76e86e383

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

shlwapi

gdi32

ws2_32

netapi32

comdlg32

comsvcs

crypt32

imm32

iphlpapi

msi

msimg32

mswsock

Sections

.text Size: 169KB - Virtual size: 168KB

.rdata Size: 65KB - Virtual size: 64KB

.data Size: 4KB - Virtual size: 21KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 169KB - Virtual size: 168KB

.rdata
Size: 65KB - Virtual size: 64KB

.data
Size: 4KB - Virtual size: 21KB

.reloc
Size: 17KB - Virtual size: 17KB