15dbb995a35a62c734770886d1b0765c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

15dbb995a35a62c734770886d1b0765c_JaffaCakes118
Size

861KB
MD5

15dbb995a35a62c734770886d1b0765c
SHA1

e4d2543378c1687cb218d41904fc80a8f758a060
SHA256

307458fb14de770f0c98d3c54193a1132ad11dc8ebfa9c68ac1b7d535305cb48
SHA512

95c471b1df0c618bdd88887136b72966ddd201e2710ca2f90ead7f3c4803ba33bd410d1e148e62d65f5170ad892c673dc1bb4c8d39ba93aa81198650657da75d
SSDEEP

24576:WbxPJMedRaY11MKjs1kP3GTWe/3SOEdT6bb4NqQh:cxPJRTaY11jsuvJOFMsQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15dbb995a35a62c734770886d1b0765c_JaffaCakes118

Files

15dbb995a35a62c734770886d1b0765c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b344ff77071dab9e405262ea2642c7fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryW
UnhandledExceptionFilter
GlobalUnlock
GlobalFree
GetCurrentThread
GetComputerNameW
IsValidCodePage
SystemTimeToFileTime
QueryPerformanceCounter
ResumeThread
CreateFileA
GetProcAddress
SetErrorMode
SetEnvironmentVariableW
Process32FirstW
GetExitCodeProcess
GetDateFormatA
GetShortPathNameW
LeaveCriticalSection
EnumResourceNamesW
VirtualFree
SetPriorityClass
InterlockedIncrement
GetConsoleMode
GetCurrentThreadId
DeviceIoControl
FileTimeToSystemTime
GetPrivateProfileStringW
SetVolumeLabelW
HeapFree
GetCurrentProcessId
GetTimeFormatA
HeapSize
GetStartupInfoA
RtlUnwind
LCMapStringW
CloseHandle
LocalFileTimeToFileTime
CopyFileW
GetCPInfo
WriteConsoleA
WriteProcessMemory
GetDiskFreeSpaceW
HeapCreate
GetSystemDirectoryW
GetFileAttributesW
SetFilePointer
GetFileSize
GetSystemTimeAsFileTime
GetVersionExW
SetCurrentDirectoryW
GetTempPathW
GetACP
SetHandleCount
GetProcessIoCounters
VirtualFreeEx
CompareStringW
TlsFree
GetStdHandle
CreateHardLinkW
GetModuleFileNameA
GetOEMCP
GetConsoleOutputCP
GetProcessHeap
GetLocalTime
FindClose
WriteFile
SetFileTime
TerminateProcess
HeapAlloc
OutputDebugStringW
DeleteCriticalSection
SetEvent
LoadLibraryA
GetDiskFreeSpaceExW
VirtualProtectEx
GetTempFileNameW
MoveFileW
MultiByteToWideChar
VirtualAlloc
GetStringTypeA
GetCommandLineW
InterlockedDecrement
IsDebuggerPresent
Process32NextW
RemoveDirectoryW
GetModuleFileNameW
CreateThread
FindNextFileW
GetModuleHandleA
GetLastError
WideCharToMultiByte
WritePrivateProfileStringW
SetSystemPowerState
WaitForSingleObject
CreateEventW
LockResource
GetDriveTypeW
GlobalMemoryStatusEx
SetEndOfFile
GetTimeZoneInformation
CreateFileW
lstrcmpiW
RaiseException
CreateToolhelp32Snapshot
GetLocaleInfoA
GetStartupInfoW
GetFileType
SetEnvironmentVariableA
GlobalLock
SetLastError
GetStringTypeW
LCMapStringA
FlushFileBuffers
FreeLibrary
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetTickCount
GlobalAlloc
GetSystemInfo
VirtualAllocEx
ReadProcessMemory
FindResourceW
EnterCriticalSection
ExitProcess
GetEnvironmentVariableW
LoadResource
WriteConsoleW
OpenProcess
GetConsoleCP
LoadLibraryW
DeleteFileW
SizeofResource
Sleep
GetCurrentProcess
WritePrivateProfileSectionW
SetStdHandle
GetPrivateProfileSectionW
SetUnhandledExceptionFilter
Beep
MulDiv
GetFullPathNameW
CreateProcessW
GetWindowsDirectoryW
GetVolumeInformationW
TlsGetValue
TlsAlloc
CompareStringA
TerminateThread
FindFirstFileW
FreeEnvironmentStringsW
TlsSetValue
SetFilePointerEx
DuplicateHandle
FormatMessageW
GetModuleHandleW
ExitThread
CreateDirectoryW
SetFileAttributesW
HeapReAlloc
FileTimeToLocalFileTime
GetPrivateProfileSectionNamesW
LoadLibraryExW
QueryPerformanceFrequency
CreatePipe
InterlockedExchange
ReadFile

user32

IsWindowVisible
FrameRect
GetWindowRect
OpenDesktopW
OpenClipboard
SetTimer
IsClipboardFormatAvailable
SetLayeredWindowAttributes
TranslateAcceleratorW
GetWindowDC
GetKeyboardState
SetWindowPos
CharUpperBuffW
GetCursorInfo
BlockInput
EndDialog
DestroyAcceleratorTable
ClientToScreen
GetMenuItemID
IsZoomed
SendInput
DestroyWindow
FillRect
RegisterHotKey
CopyRect
ScreenToClient
GetFocus
GetClientRect
EnumThreadWindows
IsWindowEnabled
SetClipboardData
UnregisterHotKey
GetUserObjectSecurity
SetKeyboardState
GetSysColorBrush
GetWindowTextW
InflateRect
CountClipboardFormats
GetClassLongW
IsWindow
PtInRect
KillTimer
SystemParametersInfoW
DestroyMenu
SetMenu
CreatePopupMenu
PostMessageW
InvalidateRect
WindowFromPoint
ReleaseCapture
SetCursor
AttachThreadInput
GetMenuItemCount
DrawMenuBar
wsprintfW
GetKeyState
DestroyIcon
BeginPaint
ExitWindowsEx
RegisterClassExW
LoadIconW
GetClipboardData
ReleaseDC
IsCharUpperW
FindWindowExW
GetSubMenu
SetProcessWindowStation
IsCharAlphaW
GetParent
GetWindowThreadProcessId
SetCapture
LoadStringW
GetWindowLongW
GetDC
CharLowerBuffW
OpenWindowStationW
MonitorFromRect
GetSystemMetrics
GetCursorPos
TranslateMessage
GetMenuItemInfoW
CharNextW
CopyImage
LockWindowUpdate
MessageBeep
GetKeyboardLayoutNameW
DefWindowProcW
DialogBoxParamW
GetDesktopWindow
PeekMessageW
CloseClipboard
EndPaint
MessageBoxW
GetWindowTextLengthW
AdjustWindowRectEx
GetMessageW
SetUserObjectSecurity
EnableWindow
CreateAcceleratorTableW
GetDlgCtrlID
EmptyClipboard
SetMenuDefaultItem
InsertMenuItemW
RedrawWindow
TrackPopupMenuEx
GetAsyncKeyState
DrawFrameControl
IsMenu
MoveWindow
GetClassNameW
LoadImageW
LoadCursorW
DrawFocusRect
CheckMenuRadioItem
GetActiveWindow
SendDlgItemMessageW
keybd_event
SetMenuItemInfoW
SetWindowLongW
EnumChildWindows
CloseDesktop
MonitorFromPoint
SendMessageTimeoutW
SetForegroundWindow
VkKeyScanW
GetDlgItem
CreateIconFromResourceEx
SetWindowTextW
GetCaretPos
SetRect
DrawTextW
MessageBoxA
DefDlgProcW
GetSysColor
RegisterWindowMessageW
CreateWindowExW
IsIconic
PostQuitMessage
GetForegroundWindow
GetMonitorInfoW
MapVirtualKeyW
SendMessageW
EnumWindows
IsDlgButtonChecked
GetMenuStringW
FindWindowW
DeleteMenu
ShowWindow
SetActiveWindow
IsCharAlphaNumericW
CloseWindowStation
DispatchMessageW
mouse_event
CreateMenu
SetFocus
FlashWindow
GetProcessWindowStation
IsDialogMessageW
IsCharLowerW
GetMenu

gdi32

CloseFigure
GetObjectW
StretchBlt
CreateCompatibleBitmap
GetDIBits
GetPixel
StrokePath
SetViewportOrgEx
CreateSolidBrush
Ellipse
SelectObject
SetPixel
ExtCreatePen
CreatePen
Rectangle
DeleteObject
BeginPath
GetStockObject
StrokeAndFillPath
LineTo
CreateDCW
SetBkMode
EndPath
GetTextExtentPoint32W
SetTextColor
AngleArc
SetBkColor
MoveToEx
DeleteDC
GetDeviceCaps
PolyDraw
RoundRect
CreateCompatibleDC
CreateFontW
GetTextFaceW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegCloseKey
OpenProcessToken
GetTokenInformation
LogonUserW
AddAce
RegOpenKeyExW
CopySid
SetSecurityDescriptorDacl
RegEnumValueW
OpenSCManagerW
CreateProcessWithLogonW
GetLengthSid
InitializeAcl
RegDeleteValueW
RegDeleteKeyW
GetAclInformation
RegConnectRegistryW
RegCreateKeyExW
RegQueryValueExW
UnlockServiceDatabase
AdjustTokenPrivileges
LockServiceDatabase
GetAce
OpenThreadToken
CloseServiceHandle
RegEnumKeyExW
CreateProcessAsUserW
GetUserNameW
RegSetValueExW
LookupPrivilegeValueW
InitiateSystemShutdownExW
DuplicateTokenEx
GetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

ShellExecuteExW
DragFinish
SHGetSpecialFolderLocation
SHIsFileAvailableOffline
ExtractIconExW
SHGetPathFromIDListW
DragQueryFileW
SHEmptyRecycleBinW
Shell_NotifyIconW
SHGetFolderPathW
SHBrowseForFolderW
SHGetMalloc
ShellExecuteW
DragQueryPoint
SHFileOperationW
SHGetDesktopFolder

ole32

CoCreateInstance
StringFromCLSID
CreateStreamOnHGlobal
CoTaskMemFree
MkParseDisplayName
CoTaskMemAlloc
OleSetContainedObject
CLSIDFromProgID
OleSetMenuDescriptor
OleUninitialize
CoInitializeSecurity
CreateBindCtx
CLSIDFromString
StringFromIID
CoUninitialize
CoCreateInstanceEx
CoSetProxyBlanket
IIDFromString
CoInitialize
OleInitialize

oleaut32

OACreateTypeLib2
LoadRegTypeLi
SafeArrayDestroyDescriptor
SafeArrayAllocDescriptorEx
VarR8FromDec
SafeArrayAccessData
OleLoadPicture
SafeArrayAllocData
VariantInit
VariantCopy
SafeArrayUnaccessData
VariantTimeToSystemTime
VariantClear
SysAllocString
SafeArrayGetVartype
GetActiveObject

comctl32

ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_DragLeave
ImageList_EndDrag
ImageList_Destroy
ImageList_Create
ImageList_Remove
ImageList_BeginDrag
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragEnter

shlwapi

SHDeleteEmptyKeyA

winmm

timeGetTime
mciSendStringW
waveOutSetVolume

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

InternetQueryOptionW
HttpOpenRequestW
HttpSendRequestW
InternetOpenUrlW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
InternetConnectW
FtpGetFileSize
InternetCrackUrlW
InternetSetOptionW
InternetQueryDataAvailable
FtpOpenFileW
InternetOpenW

wsock32

WSAGetLastError
send
select
recvfrom
socket
setsockopt
ioctlsocket
recv
WSAStartup
WSACleanup
accept
__WSAFDIsSet
htons
closesocket
listen
gethostbyname
ntohs
sendto
inet_addr
connect
bind
gethostname

mpr

WNetUseConnectionW
WNetCancelConnection2W
WNetAddConnection2W
WNetGetConnectionW

psapi

EnumProcessModules
GetModuleBaseNameW
GetProcessMemoryInfo
EnumProcesses

userenv

DestroyEnvironmentBlock
LoadUserProfileW
UnloadUserProfile
CreateEnvironmentBlock

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ryuw
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kyup
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kyupl
Size: 512B - Virtual size: 387B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kuyul
Size: 483KB - Virtual size: 483KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b344ff77071dab9e405262ea2642c7fb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

winmm

version

wininet

wsock32

mpr

psapi

userenv

Sections

.text Size: 24KB - Virtual size: 24KB

.ryuw Size: 12KB - Virtual size: 11KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 171KB

.kyup Size: 320KB - Virtual size: 319KB

.kyupl Size: 512B - Virtual size: 387B

.kuyul Size: 483KB - Virtual size: 483KB

.rsrc Size: 1024B - Virtual size: 696B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 24KB

.ryuw
Size: 12KB - Virtual size: 11KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 171KB

.kyup
Size: 320KB - Virtual size: 319KB

.kyupl
Size: 512B - Virtual size: 387B

.kuyul
Size: 483KB - Virtual size: 483KB

.rsrc
Size: 1024B - Virtual size: 696B

.reloc
Size: 5KB - Virtual size: 4KB