15a7ed88ab3b0a17a625b181ef43cfdf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

15a7ed88ab3b0a17a625b181ef43cfdf_JaffaCakes118
Size

158KB
MD5

15a7ed88ab3b0a17a625b181ef43cfdf
SHA1

76afb63c91d6ec44403829cbc800b7abf7e2ae8b
SHA256

946c447e7cedb1d67bdcdb4740fb1732427ca317049c123749b2fc3090083337
SHA512

dce7bfbf2aa05ba772dc2deb84cdb2c27b8c74699814dca59e7e0007c69f380afbdc5092127647b978369519657dc865346963d24887b84c9eca5aef427340fa
SSDEEP

3072:kGL7+5TA6zhjYbVKdYrYycw2Owwfb8P+eF5ie7kHKYWo:L+5ZaRkerTfYGa5Cvb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15a7ed88ab3b0a17a625b181ef43cfdf_JaffaCakes118

Files

15a7ed88ab3b0a17a625b181ef43cfdf_JaffaCakes118
.exe windows:5 windows x86 arch:x86

070655e6fbe293f803b9bb756527bf0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptGetDefaultOIDFunctionAddress
CertEnumCertificatesInStore
CertAddCTLContextToStore
CertGetPublicKeyLength
CertGetCRLFromStore
CryptGetDefaultOIDDllList
CryptFindLocalizedName
CryptAcquireCertificatePrivateKey
CertDuplicateStore
CertSetCertificateContextProperty
CertGetValidUsages
CertDeleteCertificateFromStore
CertAddCertificateContextToStore
PFXVerifyPassword
CertVerifyTimeValidity
CertCreateCTLContext
CertEnumCTLsInStore
CertGetEnhancedKeyUsage
CryptMsgUpdate
CryptQueryObject
CertFindCRLInStore
CryptEncodeObject
CertCloseStore
CryptMsgControl
CryptFindOIDInfo
CertFindExtension
CertEnumPhysicalStore
CertSetCTLContextProperty
CryptMsgVerifyCountersignatureEncoded
PFXExportCertStore
CryptFreeOIDFunctionAddress
CertEnumSystemStore
CryptFindCertificateKeyProvInfo
CertFindCTLInStore
CryptBinaryToStringA
CertFreeCertificateChainEngine
CertGetCTLContextProperty
CertFreeCRLContext
CertFindCertificateInStore
CryptMsgEncodeAndSignCTL
CryptMsgGetParam
CertNameToStrW
CryptMsgDuplicate
CryptFormatObject
CertCompareCertificate
CertGetStoreProperty
PFXImportCertStore
CertFreeCTLContext
CertFindAttribute
CryptDecodeObject
CryptDecodeObjectEx
CertGetCertificateContextProperty
PFXExportCertStoreEx
CryptSIPRetrieveSubjectGuid
CertGetSubjectCertificateFromStore
CryptMsgOpenToDecode
CertSaveStore
CertSetEnhancedKeyUsage
CryptMsgClose
CertAddCRLContextToStore
CertGetCertificateChain
CertCreateCertificateContext
CertGetNameStringW
CertOpenStore
CryptInitOIDFunctionSet
CertDuplicateCertificateContext
CertFreeCertificateContext
CertFreeCertificateChain
CryptEnumOIDInfo
CertCreateCertificateChainEngine

netapi32

NetGetDCName
NetApiBufferFree
DsGetDcNameW

gdi32

GetObjectW
RealizePalette
DeleteObject
CreateCompatibleDC
SetPixel
CreateBitmap
DeleteDC
CreateDIBitmap
SetBkColor
CreateFontIndirectW
SelectPalette
CreatePalette
CreateCompatibleBitmap
SelectObject
BitBlt
GetTextExtentPoint32W
CreateFontIndirectA
GetBkColor
GetObjectA
GetDeviceCaps

msvcrt

wcscpy
_wtol
_ltow
wcschr
_wcsnicmp
_initterm
strtoul
wcsrchr
swprintf
_wcsicmp
_itow
_stricmp
_adjust_fdiv
iswprint
wcscat
iswspace
memmove
malloc
wcsncpy
_except_handler3
wcscmp
_purecall
_vsnwprintf
free
strtok
wcslen

user32

FillRect
SendDlgItemMessageA
GetDlgItemTextW
DialogBoxParamW
GetSysColorBrush
CallWindowProcA
SetDlgItemInt
GetWindowDC
SetWindowLongA
GetUpdateRect
LoadCursorW
SetDlgItemTextW
CreateWindowExA
GetClientRect
GetDC
MapDialogRect
LoadStringA
SystemParametersInfoA
LoadBitmapW
SetCapture
SetFocus
CheckRadioButton
SetWindowTextA
EndPaint
RegisterClipboardFormatA
DestroyWindow
GetDlgItemInt
BeginPaint
DrawIcon
SetWindowTextW
CreateWindowExW
DrawFocusRect
MoveWindow
LoadStringW
InvalidateRect
ShowWindow
LoadIconA
DrawTextExW
GetWindowLongA
ReleaseDC
DestroyIcon
wsprintfA
PostMessageW
SetWindowLongW
MessageBoxExW
LoadCursorA
MonitorFromWindow
GetDlgItemTextA
EndDialog
GetWindowTextW
UpdateWindow
IsDlgButtonChecked
SetCursor
GetParent
GetMonitorInfoW
SendDlgItemMessageW
SendMessageW
CopyRect
GetFocus
GetDlgItem
GetWindowLongW
GetDialogBaseUnits
IsWindowVisible
GetSysColor
WinHelpW
GetWindow
MessageBoxW
SendMessageA
GetNextDlgTabItem
GetDesktopWindow
IsWindowEnabled
GetWindowRect
SetRect
ReleaseCapture
SetClassLongA
SetWindowPos
EnableWindow
PeekMessageA
PostMessageA
MapWindowPoints

shlwapi

StrCmpNIW
PathFindFileNameW
PathUndecorateW

ntdll

NtOpenDirectoryObject
NtAllocateVirtualMemory

rpcrt4

RpcStringBindingComposeW
RpcStringBindingComposeA
NdrClientCall2
RpcBindingFree
RpcEpResolveBinding
UuidCreate
RpcBindingFromStringBindingA
RpcStringFreeW
RpcNetworkIsProtseqValidA

wintrust

TrustIsCertificateSelfSigned
WTHelperGetKnownUsages
WinVerifyTrustEx
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WintrustGetDefaultForUsage
WTHelperProvDataFromStateData

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

Sleep
GetTimeFormatW
GetCurrentThread
GetCurrentProcess
GetSystemTimeAsFileTime
UnmapViewOfFile
InitializeCriticalSection
GetStartupInfoA
CreateFileMappingA
MulDiv
lstrcpyA
GetProcAddress
ExpandEnvironmentStringsA
CloseHandle
GetModuleHandleA
GetFileSize
SystemTimeToFileTime
GetDateFormatW
CreateFileW
GlobalAlloc
GetModuleFileNameW
DeleteFileW
MapViewOfFile
GetCurrentDirectoryW
WriteFile
GetUserDefaultLCID
EnterCriticalSection
FileTimeToLocalFileTime
ExpandEnvironmentStringsW
OutputDebugStringA
SetEndOfFile
GetModuleHandleW
InterlockedCompareExchange
DelayLoadFailureHook
CompareFileTime
LocalFree
FreeResource
LoadLibraryA
GetTimeFormatA
LocalReAlloc
GlobalFree
CompareStringA
GetComputerNameExW
lstrcatA
FormatMessageW
LoadLibraryExA
GetLastError
CreateFileA
CompareStringW
GlobalUnlock
lstrcmpA
GetTickCount
SetUnhandledExceptionFilter
TerminateProcess
GetACP
GetCurrentThreadId
SetFilePointer
GetDateFormatA
GetVersionExA
QueryPerformanceCounter
lstrlenW
lstrlenA
SetLastError
LeaveCriticalSection
GetCurrentProcessId
WideCharToMultiByte
GetComputerNameW
GetLocalTime
DeleteCriticalSection
DisableThreadLibraryCalls
FreeLibrary
LocalAlloc
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryW
FindResourceA
FileTimeToSystemTime
UnhandledExceptionFilter

wininet

InternetCanonicalizeUrlW
InternetCrackUrlW

advapi32

RegEnumValueW
CryptGetKeyParam
RegQueryInfoKeyA
RegSetValueExA
OpenThreadToken
GetSecurityDescriptorOwner
CryptAcquireContextA
StartServiceA
DuplicateToken
CloseServiceHandle
CryptSetProvParam
QueryServiceStatus
RegQueryValueExA
OpenSCManagerW
GetUserNameW
RegEnumKeyExW
GetTokenInformation
CryptGetProvParam
RegQueryValueExW
StartServiceW
RegCreateKeyExW
LockServiceDatabase
OpenProcessToken
RegEnumValueA
CryptReleaseContext
QueryServiceConfigA
UnlockServiceDatabase
AllocateAndInitializeSid
CryptAcquireContextW
CryptDestroyKey
CryptGetUserKey
EqualSid
FreeSid
OpenServiceW
RegSetValueExW
ControlService
RegCloseKey
ChangeServiceConfigA
RegOpenKeyExW
RegEnumKeyExA
RegCreateKeyExA

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

070655e6fbe293f803b9bb756527bf0b

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

netapi32

gdi32

msvcrt

user32

shlwapi

ntdll

rpcrt4

wintrust

version

kernel32

wininet

advapi32

Sections

.text Size: 15KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 352KB

.rsrc Size: 20KB - Virtual size: 19KB

.rdata Size: 117KB - Virtual size: 116KB

.reloc Size: 512B - Virtual size: 32B

.text
Size: 15KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 352KB

.rsrc
Size: 20KB - Virtual size: 19KB

.rdata
Size: 117KB - Virtual size: 116KB

.reloc
Size: 512B - Virtual size: 32B