0d6276385d6e57b142797a9b8f9e62e4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0d6276385d6e57b142797a9b8f9e62e4_JaffaCakes118
Size

532KB
MD5

0d6276385d6e57b142797a9b8f9e62e4
SHA1

9661ac826c07d31050342122f3c387e4bdcbf43c
SHA256

db6feb59312609e20eca8891b5be18a695cc306fdb5393ff4b2fb6e7853ebc9e
SHA512

59f0df9ad969720704545a1ffa2b483b628b8944f59bef0e00cddfe9f145118a6031153a19fb8646c6783219f557ca93756f5e4cec14b38e59513b1c271ac8a0
SSDEEP

3072:/qODXcblo4lih9tpJ7wAFY/y/jPGHrIsw1foGSS96M7E+QB85VL:/qgP9tTFGHrIr1fjSPMz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d6276385d6e57b142797a9b8f9e62e4_JaffaCakes118

Files

0d6276385d6e57b142797a9b8f9e62e4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cdd02713c7bded47881180e87bc0cd18

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

nlvscan2

NLvsscanf

kernel32

FindClose
FindFirstFileA
GetFullPathNameA
GetFileAttributesA
RtlUnwind
ExitProcess
FindNextFileA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetStartupInfoA
GetCommandLineA
HeapReAlloc
RaiseException
GetACP
HeapSize
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
IsBadWritePtr
UnlockFile
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetExitCodeProcess
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
LockFile
FlushFileBuffers
WriteFile
InterlockedExchange
ReadFile
DuplicateHandle
GetOEMCP
GetCPInfo
SizeofResource
GetProcessVersion
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
MulDiv
SetLastError
LocalFree
FileTimeToLocalFileTime
FileTimeToSystemTime
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GlobalLock
GlobalAlloc
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
lstrcmpA
VirtualFree
VirtualAlloc
lstrcatA
GetModuleFileNameA
lstrcpynA
lstrcpyA
lstrlenA
CreateProcessA
CreateDirectoryA
RemoveDirectoryA
GetProfileStringA
_llseek
GetFileTime
SetFileAttributesA
GetDiskFreeSpaceA
SetEndOfFile
SystemTimeToFileTime
SetFileTime
SetFilePointer
SetErrorMode
lstrcmpiA
DeleteFileA
GetTickCount
CreateFileA
WaitForSingleObject
TerminateProcess
GetCurrentProcess
GetProcAddress
OpenProcess
GetModuleHandleA
FreeLibrary
LoadLibraryA
GetVersionExA
Sleep
GetFileSize
_lread
_lclose
_lwrite
WriteProfileStringA
GetSystemDirectoryA
GetVolumeInformationA
GetUserDefaultLangID
CreateMutexA
GetLastError
ReleaseMutex
OpenFile
WinExec
CloseHandle
UnhandledExceptionFilter

user32

GetClassNameA
PtInRect
GetSysColorBrush
DestroyMenu
InflateRect
InvalidateRect
ClientToScreen
wvsprintfA
ShowWindow
IsDialogMessageA
SendDlgItemMessageA
MapWindowPoints
GetSysColor
AdjustWindowRectEx
ScreenToClient
CopyRect
GetTopWindow
GetCapture
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
CallWindowProcA
RemovePropA
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
UnhookWindowsHookEx
EndDialog
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
LoadIconA
GetDesktopWindow
SendMessageA
UnregisterClassA
HideCaret
ShowCaret
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
SetCursor
PostQuitMessage
SetCapture
SetFocus
ReleaseCapture
SetActiveWindow
GetAsyncKeyState
GetDC
ReleaseDC
CharUpperA
EnumChildWindows
GetWindowLongA
LoadStringA
IsDlgButtonChecked
GetDlgItem
SetWindowTextA
PeekMessageA
GetWindowTextA
wsprintfA
MessageBoxA
LoadCursorA
SetTimer
KillTimer
WaitMessage
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetMessageTime
GetWindowDC
GetWindowThreadProcessId
PostMessageA
EnumWindows
UpdateWindow
GetActiveWindow
WinHelpA
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
CharNextA
IsWindowUnicode
EnableWindow
GetPropA

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
PatBlt
IntersectClipRect
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
GetStockObject
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
CreateFontIndirectA
DeleteObject
SelectObject
GetTextMetricsA
GetDeviceCaps
CreateSolidBrush
CreateDIBitmap
GetTextExtentPointA
BitBlt
CreateCompatibleDC
DeleteDC

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

GetSecurityDescriptorControl
RegCloseKey
AllocateAndInitializeSid
IsValidSid
RegGetKeySecurity
RegOpenKeyExA
RegSetKeySecurity
AdjustTokenPrivileges
LookupPrivilegeValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyA
RegQueryValueExA
FreeSid
GetSecurityDescriptorDacl
GetAce
EqualSid
GetLengthSid
GetSecurityDescriptorLength
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
IsValidAcl
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
OpenProcessToken

shell32

FindExecutableA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA
ShellExecuteA

comctl32

ord17

wsock32

gethostbyname
recv
send
WSAAsyncSelect
socket
recvfrom
sendto
closesocket
htonl
htons
bind
ioctlsocket
accept
WSAGetLastError
WSASetLastError
WSAStartup
WSACleanup
listen
inet_ntoa
getsockname
ntohs
connect
inet_addr

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 348KB - Virtual size: 345KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cdd02713c7bded47881180e87bc0cd18

Headers

File Characteristics

Imports

nlvscan2

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

wsock32

version

Sections

.text Size: 348KB - Virtual size: 345KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 84KB - Virtual size: 98KB

.rsrc Size: 40KB - Virtual size: 38KB

.text
Size: 348KB - Virtual size: 345KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 84KB - Virtual size: 98KB

.rsrc
Size: 40KB - Virtual size: 38KB