0eded82585b6e921d7e7351011e1d31e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0eded82585b6e921d7e7351011e1d31e_JaffaCakes118
Size

189KB
MD5

0eded82585b6e921d7e7351011e1d31e
SHA1

44ad62a39f055709e4de4baba64f2d1201fd44a6
SHA256

814860f405279bf1794138794557f48b24696d03a552e245a39e9f9b4a699555
SHA512

14455e080ae21ff7c330cad36d9a407d16fb3c0eecceac68fcbd715100ad75767715a568890595d13602d968013a5a1a83fb2dc1c054a11ccb13d3f1f25b1a9c
SSDEEP

3072:LM47K641P3ufwO001mlXf4zYRvoJkOU/hTMrj3FjzCUZhFVVgUoGMtpHdIVmQnng:o4/4Fefs0kiYRvoyR/hI/p3novp9inpK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0eded82585b6e921d7e7351011e1d31e_JaffaCakes118

Files

0eded82585b6e921d7e7351011e1d31e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

770a96b473f2d133e929fa06ed30f901

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesExW
OpenEventW
DuplicateHandle
GetCurrentProcessId
WriteProcessMemory
CreateMutexW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
TlsAlloc
TlsFree
GetThreadContext
SetThreadContext
GetProcessId
GetEnvironmentVariableW
FileTimeToDosDateTime
GetTempFileNameW
HeapReAlloc
FindFirstFileW
SetEndOfFile
CreateProcessW
HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
GetLogicalDriveStringsW
HeapFree
GetProcessHeap
SetFileTime
VirtualQueryEx
Thread32First
ResetEvent
ReadProcessMemory
HeapDestroy
HeapCreate
VirtualProtect
Thread32Next
ReadFile
GetTimeZoneInformation
MultiByteToWideChar
lstrlenW
GetTempPathW
GetFileSizeEx
OpenMutexW
GetLastError
VirtualProtectEx
VirtualAllocEx
FindClose
RemoveDirectoryW
QueryDosDeviceW
FindNextFileW
GetFileTime
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
SetHandleInformation
CreatePipe
SetThreadPriority
TerminateProcess
TlsSetValue
GetCurrentThread
SetEvent
TlsGetValue
FreeLibrary
GetProcAddress
GetPrivateProfileIntW
FlushFileBuffers
GetComputerNameW
SetErrorMode
GetCommandLineW
GetCurrentThreadId
SetLastError
GetCurrentProcess
SetFileAttributesW
WTSGetActiveConsoleSessionId
lstrcmpiA
CreateDirectoryW
ExitProcess
LoadLibraryW
GetUserDefaultUILanguage
GetModuleFileNameW
Sleep
lstrcpynW
MoveFileExW
CreateFileW
WriteFile
GetPrivateProfileStringW
GetModuleHandleW
CreateThread
GetSystemTime
LocalFree
GetVersionExW
GetNativeSystemInfo
GetModuleHandleA
LoadLibraryA
GetFileAttributesW
IsBadReadPtr
VirtualAlloc
VirtualFree
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
VirtualFreeEx
OpenProcess
lstrcmpiW
CreateRemoteThread
CloseHandle
WaitForMultipleObjects
CreateEventW
GetLocalTime
ExitThread
ReleaseMutex
WaitForSingleObject
EnterCriticalSection
GlobalUnlock
LeaveCriticalSection
InitializeCriticalSection
GetTickCount
GlobalLock
ExpandEnvironmentStringsW
WideCharToMultiByte

user32

LoadImageW
GetTopWindow
CreateWindowExA
ShowWindow
UpdateWindow
GetKeyboardLayoutList
DispatchMessageW
CreateDesktopW
SetProcessWindowStation
GetThreadDesktop
CloseWindowStation
CreateWindowStationW
GetProcessWindowStation
OpenDesktopW
CloseDesktop
SetThreadDesktop
MsgWaitForMultipleObjects
OpenWindowStationW
GetMessageA
SetCapture
GetParent
GetClassLongW
GetCapture
SetCursorPos
GetWindowLongW
GetAncestor
PeekMessageW
CallWindowProcW
SetWindowPos
SendMessageTimeoutW
IsWindow
ReleaseCapture
MapWindowPoints
GetMessagePos
GetWindowThreadProcessId
CharToOemW
WindowFromPoint
CharLowerA
CharUpperW
SetWindowLongW
GetWindow
MapVirtualKeyW
CharLowerW
RegisterWindowMessageW
GetMenuItemID
SetKeyboardState
GetSubMenu
MenuItemFromPoint
GetMenu
GetMenuItemRect
TrackPopupMenuEx
SystemParametersInfoW
GetClassNameW
GetMenuState
GetMenuItemCount
HiliteMenuItem
EndMenu
GetShellWindow
DefDlgProcW
DefFrameProcA
RegisterClassExW
DefWindowProcA
DefMDIChildProcW
DefDlgProcA
SwitchDesktop
DefMDIChildProcA
RegisterClassW
GetUserObjectInformationW
CallWindowProcA
EndPaint
GetUpdateRgn
GetMessageW
DefFrameProcW
RegisterClassA
CharLowerBuffA
GetWindowDC
FillRect
PostMessageW
GetWindowInfo
DrawEdge
BeginPaint
GetUpdateRect
IntersectRect
GetDCEx
ReleaseDC
PostThreadMessageW
EqualRect
PrintWindow
SendMessageW
DefWindowProcW
IsRectEmpty
DrawIcon
GetIconInfo
GetCursorPos
DestroyWindow
RegisterClassExA
LoadCursorW
OpenInputDesktop
PeekMessageA
LoadIconW
GetDC
MessageBoxA
GetSystemMetrics
TranslateMessage
GetKeyboardState
GetClipboardData
ToUnicode
ExitWindowsEx
GetWindowRect

advapi32

InitiateSystemShutdownExW
GetLengthSid
ConvertSidToStringSidW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
EqualSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSecurityDescriptorSacl
IsWellKnownSid
CreateProcessAsUserA
CreateProcessAsUserW
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptCreateHash
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegSetValueExW
CryptHashData

shlwapi

SHDeleteValueW
wvnsprintfA
StrCmpNIA
PathMatchSpecW
PathUnquoteSpacesW
PathAddExtensionW
PathCombineW
SHDeleteKeyW
PathSkipRootW
PathIsURLW
PathAddBackslashW
PathFindFileNameW
PathIsDirectoryW
wvnsprintfW
UrlUnescapeA
PathRemoveBackslashW
PathQuoteSpacesW
StrCmpNIW
StrStrIW
StrStrIA
PathRenameExtensionW
PathRemoveFileSpecW

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW

secur32

GetUserNameExW

ole32

CLSIDFromString
StringFromGUID2
CoInitializeEx
CoUninitialize
CoCreateInstance

gdi32

SelectObject
GetDeviceCaps
RestoreDC
SaveDC
CreateCompatibleDC
SetRectRgn
GdiFlush
DeleteDC
SetViewportOrgEx
GetStockObject
CreateCompatibleBitmap
GetDIBits
CreateDIBSection
DeleteObject

ws2_32

sendto
select
getaddrinfo
recvfrom
getpeername
send
gethostbyname
closesocket
WSASend
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
recv
freeaddrinfo
WSAEventSelect
getsockname
accept
WSAGetLastError
listen
WSASetLastError
socket
bind
shutdown
setsockopt
inet_addr

crypt32

PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
PFXImportCertStore
CryptUnprotectData

wininet

HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetOpenA
InternetQueryDataAvailable
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
InternetQueryOptionA
InternetSetOptionA
InternetQueryOptionW
HttpOpenRequestW
HttpSendRequestW
InternetReadFile
InternetReadFileExA
InternetCrackUrlA
HttpSendRequestExW
HttpSendRequestExA
HttpQueryInfoA
InternetConnectA
InternetCloseHandle

oleaut32

SysFreeString
VariantInit
SysAllocString
VariantClear

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

PlaySoundW
waveOutSetVolume
waveOutGetVolume
PlaySoundA

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

770a96b473f2d133e929fa06ed30f901

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

version

winmm

Sections

.text Size: 177KB - Virtual size: 177KB

.data Size: 2KB - Virtual size: 10KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 177KB - Virtual size: 177KB

.data
Size: 2KB - Virtual size: 10KB

.reloc
Size: 7KB - Virtual size: 7KB