0f40266503728086b7eab7924f710e19_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0f40266503728086b7eab7924f710e19_JaffaCakes118
Size

941KB
MD5

0f40266503728086b7eab7924f710e19
SHA1

0a765ac554bbf4618d48350acc2de68a6dbc7130
SHA256

0261189fbeef656ac3fa45780c1ae04d381df34cf23c60f883c1d0c740bdbbfb
SHA512

6c59cec430c879c0726ecda3a016b57696d097dff907781a1e67c82368352c21cd205f9d905f9d324426fdaab37a9e1cb92861dcb7250435687a554af2821aa0
SSDEEP

12288:G86BXkvpGwHB5eZQYK1wnQ7YbjHf74d3eW4HCc28KiMe6fNP9iDCD8eAFb/BZPrH:GLPa5eKYk72DuhmyvdNP9iDWkXrJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f40266503728086b7eab7924f710e19_JaffaCakes118

Files

0f40266503728086b7eab7924f710e19_JaffaCakes118
.exe windows:4 windows x86 arch:x86

518db3ed6c76ef230208a39c6eb12aa1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

dhcpcsvc

DhcpRegisterOptions

msvcrt

malloc
wcscmp
_wcsnicmp
wcsrchr
wcscpy
_vsnwprintf
memmove
_stricmp
wcslen
iswprint
_except_handler3
_initterm
_purecall
swprintf
strtoul
wcsncpy
_wtol
_ltow
wcschr
_itow
_adjust_fdiv
_wcsicmp
free
iswspace
wcscat
strtok

rpcrt4

RpcNetworkIsProtseqValidA
RpcBindingFromStringBindingA
RpcStringFreeA
UuidCreate
RpcBindingFree
RpcStringBindingComposeA
RpcEpResolveBinding
NdrClientCall2
UuidToStringA

netapi32

DsGetDcNameW
NetGetDCName
NetApiBufferFree

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

GetWindowLongW
FillRect
GetSysColorBrush
MoveWindow
IsDlgButtonChecked
PostMessageA
MessageBoxExW
DestroyWindow
LoadBitmapW
wsprintfA
EnableWindow
CheckRadioButton
SendMessageA
SetFocus
SetRect
GetDesktopWindow
DrawIcon
PeekMessageA
MapDialogRect
GetMonitorInfoW
ReleaseDC
GetWindowTextW
SetWindowTextA
SendMessageW
LoadIconA
DrawTextExW
DialogBoxParamW
InvalidateRect
GetDlgItemTextW
SetDlgItemInt
GetWindowRect
MapWindowPoints
SystemParametersInfoA
PostMessageW
GetFocus
LoadCursorA
SendDlgItemMessageW
SetWindowTextW
GetNextDlgTabItem
IsWindowEnabled
IsWindowVisible
LoadStringA
SetClassLongA
GetClientRect
GetParent
EndPaint
GetDlgItemTextA
SetWindowPos
DrawFocusRect
GetDlgItemInt
SetWindowLongA
BeginPaint
CopyRect
GetWindowLongA
MonitorFromWindow
SendDlgItemMessageA
GetDC
GetDialogBaseUnits
CreateWindowExW
SetDlgItemTextW
GetUpdateRect
ReleaseCapture
LoadCursorW
RegisterClipboardFormatA
CreateWindowExA
SetCursor
GetSysColor
LoadStringW
GetWindowDC
GetWindow
ShowWindow
SetWindowLongW
UpdateWindow
MessageBoxW
SetCapture
WinHelpW
DestroyIcon
GetDlgItem
EndDialog
CallWindowProcA

wininet

InternetCanonicalizeUrlW
InternetCrackUrlW

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
TrustIsCertificateSelfSigned
WintrustGetDefaultForUsage
WTHelperGetProvCertFromChain
WinVerifyTrustEx
WTHelperGetKnownUsages

crypt32

CryptMsgGetParam
PFXExportCertStoreEx
CertFreeCertificateChain
CertGetNameStringW
CryptFindLocalizedName
CertOpenStore
CertCompareCertificate
CertGetCertificateChain
CertGetSubjectCertificateFromStore
CryptMsgOpenToDecode
CryptGetDefaultOIDFunctionAddress
CertEnumSystemStore
CertFreeCTLContext
CertEnumCertificatesInStore
CryptSIPRetrieveSubjectGuid
CertFreeCRLContext
CertDuplicateCertificateContext
CertGetValidUsages
CertGetCertificateContextProperty
CryptBinaryToStringA
PFXImportCertStore
CertSetCertificateContextProperty
PFXExportCertStore
CertCreateCTLContext
CryptQueryObject
CertDeleteCertificateFromStore
CertEnumPhysicalStore
CertSetEnhancedKeyUsage
CryptMsgClose
CertGetStoreProperty
CertFreeCertificateChainEngine
CertNameToStrW
CertVerifyTimeValidity
CertEnumCTLsInStore
CertSetCTLContextProperty
CertSaveStore
CryptDecodeObjectEx
CertFindCRLInStore
CertAddCertificateContextToStore
CertGetEnhancedKeyUsage
CryptMsgUpdate
CertAddCRLContextToStore
CryptFindOIDInfo
CertFindCTLInStore
CryptFreeOIDFunctionAddress
CryptMsgEncodeAndSignCTL
CryptAcquireCertificatePrivateKey
CryptInitOIDFunctionSet
PFXVerifyPassword
CertAddCTLContextToStore
CertGetCRLFromStore
CertGetCTLContextProperty
CertCloseStore
CryptMsgVerifyCountersignatureEncoded
CertFreeCertificateContext
CryptDecodeObject
CryptFormatObject
CryptEncodeObject
CryptEnumOIDInfo
CertCreateCertificateContext
CertFindAttribute
CryptMsgControl
CertFindCertificateInStore
CryptFindCertificateKeyProvInfo
CertFindExtension
CertDuplicateStore
CryptMsgDuplicate
CertCreateCertificateChainEngine
CryptGetDefaultOIDDllList
CertGetPublicKeyLength

ntdll

NtAllocateVirtualMemory
NtFilterToken

gdi32

RealizePalette
CreateDIBitmap
SelectObject
GetBkColor
SelectPalette
CreateBitmap
CreatePalette
CreateCompatibleBitmap
GetDeviceCaps
GetTextExtentPoint32W
SetPixel
CreateFontIndirectA
GetObjectW
CreateFontIndirectW
DeleteDC
SetBkColor
BitBlt
GetObjectA
DeleteObject
CreateCompatibleDC

kernel32

MultiByteToWideChar
InitializeCriticalSection
CreateFileA
UnhandledExceptionFilter
ExpandEnvironmentStringsA
GetModuleHandleW
FindResourceA
GetComputerNameW
GetDateFormatA
DisableThreadLibraryCalls
GlobalAlloc
DeleteCriticalSection
lstrlenW
WideCharToMultiByte
GlobalFree
GetLocalTime
LoadLibraryW
LocalFree
GetTickCount
GlobalUnlock
FormatMessageW
FileTimeToLocalFileTime
CloseHandle
CreateFileW
Sleep
GetDateFormatW
lstrcatA
InterlockedCompareExchange
lstrlenA
GetCurrentDirectoryW
GetCurrentThread
GetUserDefaultLCID
GetACP
TerminateProcess
GetModuleHandleA
GetTimeFormatW
GetModuleFileNameW
SetEndOfFile
LeaveCriticalSection
GetVersionExA
CompareStringW
LoadLibraryA
GetCurrentThreadId
lstrcmpA
GetCurrentProcessId
EnterCriticalSection
ExpandEnvironmentStringsW
UnmapViewOfFile
GetCurrentProcess
LockResource
LoadLibraryExA
GetTimeFormatA
SetFilePointer
CompareStringA
FreeLibrary
QueryPerformanceCounter
GlobalLock
SystemTimeToFileTime
OutputDebugStringA
MulDiv
LoadResource
WriteFile
GetSystemTimeAsFileTime
LocalReAlloc
GetComputerNameExW
GetLastError
LocalAlloc
lstrcpyA
SetUnhandledExceptionFilter
CreateFileMappingA
FileTimeToSystemTime
MapViewOfFile
SetLastError
CompareFileTime
DelayLoadFailureHook
GetFileSize
GetProcAddress
FreeResource
DeleteFileW

shlwapi

PathFindFileNameW
PathUndecorateW
StrCmpNIW

advapi32

CryptSetProvParam
RegCreateKeyExW
StartServiceW
AllocateAndInitializeSid
RegSetValueExW
CryptGetKeyParam
RegQueryValueExA
GetTokenInformation
RegEnumValueW
ChangeServiceConfigA
OpenProcessToken
RegOpenKeyExA
RegEnumKeyExA
DuplicateToken
RegQueryValueExW
RegQueryInfoKeyA
OpenThreadToken
RegEnumValueA
RegSetValueExA
OpenServiceW
CryptReleaseContext
QueryServiceStatus
FreeSid
OpenSCManagerW
CryptGetProvParam
CryptDestroyKey
CryptAcquireContextA
CloseServiceHandle
GetUserNameW
RegCreateKeyExA
QueryServiceConfigA
RegCloseKey
LockServiceDatabase
EqualSid
StartServiceA
ControlService
UnlockServiceDatabase
CryptAcquireContextW
RegEnumKeyExW
CryptGetUserKey
RegOpenKeyExW

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 182KB - Virtual size: 12.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 673KB - Virtual size: 672KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

518db3ed6c76ef230208a39c6eb12aa1

Headers

File Characteristics

Imports

dhcpcsvc

msvcrt

rpcrt4

netapi32

version

user32

wininet

wintrust

crypt32

ntdll

gdi32

kernel32

shlwapi

advapi32

Sections

.text Size: 56KB - Virtual size: 56KB

.data Size: 182KB - Virtual size: 12.9MB

.rsrc Size: 673KB - Virtual size: 672KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 27KB - Virtual size: 27KB

.text
Size: 56KB - Virtual size: 56KB

.data
Size: 182KB - Virtual size: 12.9MB

.rsrc
Size: 673KB - Virtual size: 672KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 27KB - Virtual size: 27KB