1789c64094726e8f8f9afed22d86292b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1789c64094726e8f8f9afed22d86292b_JaffaCakes118
Size

280KB
MD5

1789c64094726e8f8f9afed22d86292b
SHA1

3bd29b625c39c17735e7954927f0bd0c21b375d4
SHA256

c0e95da4b32095371db5a286d69313500d55afd5f61e9998d4d55ab552d5fc2b
SHA512

2d25e94e1d3edc0164dd57ab5970682089cdfa4c90042e514d019d34d56f07353ab4e791e6818e2cd7ae822f6883f13bf35fc1684a50f3d43bb53836cc5dcbc4
SSDEEP

6144:0tuO4ecuZ1Xei9yzbGSYendq/YQuzcQZiDY:jO1cuH6bLjndqH0cmc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1789c64094726e8f8f9afed22d86292b_JaffaCakes118

Files

1789c64094726e8f8f9afed22d86292b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

beb3a68c49d4db81f38b3aa284f3a27d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mixerGetDevCapsA
mixerOpen
mixerGetNumDevs
mixerClose
mixerGetLineControlsA
mixerGetLineInfoA
mixerGetControlDetailsA
mixerSetControlDetails

ws2_32

WSAGetLastError
send
recv
connect
recvfrom
htonl
bind
WSAAsyncSelect
ioctlsocket
WSASocketA
WSAIoctl
gethostname
gethostbyname
inet_ntoa
sendto
shutdown
WSAStartup
WSACleanup
setsockopt
closesocket
htons
socket
inet_addr

snmpapi

SnmpUtilOidCpy
SnmpUtilOidNCmp
SnmpUtilVarBindFree

hook

SetHook
RemoveHook
RemoveHook_App
SetHook_App

user32

ShowWindow
InvalidateRect
PostMessageA
LoadImageA
GetSysColor
GetWindowRect
GetDlgItem
SetWindowLongA
GetFocus
CallWindowProcA
InflateRect
SetRect
DestroyMenu
GetMenuItemID
SendMessageA
DialogBoxParamA
DefWindowProcA
SetMenuDefaultItem
TrackPopupMenu
CreateDialogParamA
PostQuitMessage
LoadIconA
GetDlgItemTextA
EndDialog
BeginPaint
EndPaint
GetClientRect
DrawTextA
SetTimer
KillTimer
IsWindowVisible
GetForegroundWindow
GetCursorPos
SetCursorPos
DestroyWindow
EnumWindows
SetWindowPos
SetActiveWindow
SetForegroundWindow
SetFocus
GetDesktopWindow
CreateWindowExA
UpdateWindow
RegisterClassExA
MessageBoxA
LoadStringA
LoadMenuA
GetSubMenu
LoadCursorA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
DestroyCursor
wsprintfA
PeekMessageA
TranslateMessage
DispatchMessageA
SystemParametersInfoA
GetWindowThreadProcessId
GetClassNameA
GetWindowTextA
FindWindowExA
ExitWindowsEx
GetSystemMetrics
FindWindowA
CharUpperBuffA
IsIconic
GetWindowLongA
IsWindow

gdi32

LineTo
GetCurrentObject
ExtCreateRegion
CombineRgn
GetClipBox
CreateCompatibleBitmap
SetWindowOrgEx
CreateFontIndirectA
SetBkMode
SetTextColor
CreateDCA
GetDeviceCaps
CreateCompatibleDC
DeleteDC
CreateDIBSection
BitBlt
GetDIBColorTable
CreatePen
GetStockObject
Rectangle
CreateBrushIndirect
SelectObject
PatBlt
GetObjectA
DeleteObject
MoveToEx

advapi32

RegCreateKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegDeleteValueA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA

shell32

Shell_NotifyIconA

ole32

CoUninitialize
CoInitialize
CreateStreamOnHGlobal

oleaut32

OleLoadPicture

kernel32

HeapSize
HeapAlloc
HeapReAlloc
ExitProcess
GetCommandLineA
GetStartupInfoA
RaiseException
HeapFree
InterlockedIncrement
InterlockedDecrement
RtlUnwind
FreeResource
GetFullPathNameA
GlobalLock
GlobalUnlock
GlobalReAlloc
SetEndOfFile
SetFilePointer
TerminateThread
TerminateProcess
GetExitCodeProcess
CreateProcessA
CreatePipe
GetVersion
GetSystemTime
TlsGetValue
TlsAlloc
GetCurrentThread
DuplicateHandle
GetCurrentThreadId
TlsSetValue
CreateSemaphoreA
ReleaseSemaphore
FlushFileBuffers
DeleteCriticalSection
InitializeCriticalSection
WaitForMultipleObjects
SetEvent
GetTickCount
MulDiv
FindFirstFileA
FindClose
GetFileAttributesA
SetFileAttributesA
GetModuleFileNameA
GetComputerNameA
CreateMutexA
GetLastError
ReleaseMutex
GetVersionExA
GetCurrentProcess
GetCurrentProcessId
GlobalMemoryStatus
GetModuleHandleA
GlobalAlloc
GlobalFree
CreateThread
SetThreadPriority
ResumeThread
CreateEventA
WaitForSingleObject
ExitThread
LoadLibraryA
GetLogicalDrives
GetDriveTypeA
GetProcAddress
GetDiskFreeSpaceA
SetLastError
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
LeaveCriticalSection
SetStdHandle
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetACP
GetOEMCP
GetLocaleInfoW
InterlockedExchange
EnterCriticalSection
FreeLibrary
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
WinExec
GetWindowsDirectoryA
CopyFileA
DeleteFileA
ReadFile
WriteFile
GetFileSize
CloseHandle
CreateFileA
SetSystemTime

Sections

.text
Size: 192KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 24KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

beb3a68c49d4db81f38b3aa284f3a27d

Headers

File Characteristics

Imports

winmm

ws2_32

snmpapi

hook

user32

gdi32

advapi32

shell32

ole32

oleaut32

kernel32

Sections

.text Size: 192KB - Virtual size: 189KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 24KB - Virtual size: 33KB

.rsrc Size: 36KB - Virtual size: 35KB

.text
Size: 192KB - Virtual size: 189KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 24KB - Virtual size: 33KB

.rsrc
Size: 36KB - Virtual size: 35KB