1810747d5861b524cb82b7ad843b4857_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1810747d5861b524cb82b7ad843b4857_JaffaCakes118
Size

183KB
MD5

1810747d5861b524cb82b7ad843b4857
SHA1

938aa923e7d597a617ae6bc5ebf5e910f2eeb899
SHA256

ac42f8e3e7b670385e69d945a2e22b7d2f412741b1e6997d3b88b030a851221b
SHA512

bb0188796783061a83e16993ebffe013ba6d7eccff9e114b6cc1be9d20e725c1d47860baf0423694fdc0c8d169dc4788a835f8c05d8ca06dc6fbf125f5666387
SSDEEP

3072:lRG1WOMqKUhjhoo7MQW1QRVtaz+ReskAFN6LPN/CTn5HatMUC1:7GgOMqKUhjWl1QRVtR3kAKN6T56tMUC1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1810747d5861b524cb82b7ad843b4857_JaffaCakes118

Files

1810747d5861b524cb82b7ad843b4857_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f6a985405556b98acbdb7255917b9fb5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SystemTimeToFileTime
WideCharToMultiByte
MultiByteToWideChar
FormatMessageW
OpenProcess
CreateProcessW
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileInformationByHandle
GetVolumeNameForVolumeMountPointW
GetOverlappedResult
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
SetEndOfFile
GetEnvironmentVariableW
DuplicateHandle
CreateEventW
GetModuleFileNameW
SetErrorMode
GetVersionExW
GetCurrentProcessId
GetFileAttributesExW
SetEvent
OpenEventW
lstrcpyW
ExitProcess
MulDiv
InitializeCriticalSection
FlushFileBuffers
GetThreadContext
GetProcessId
LeaveCriticalSection
EnterCriticalSection
CreateRemoteThread
Process32NextW
Process32FirstW
DeleteCriticalSection
GetLocalTime
GetPrivateProfileStringW
GetPrivateProfileIntW
GetNativeSystemInfo
GetUserDefaultUILanguage
MoveFileExW
GlobalUnlock
GlobalLock
GetCurrentThreadId
TlsGetValue
TlsSetValue
TerminateProcess
ResetEvent
MapViewOfFile
CreateFileMappingW
TlsAlloc
UnmapViewOfFile
TlsFree
WaitForMultipleObjects
SetLastError
ExpandEnvironmentStringsW
GetFileAttributesW
CreateDirectoryW
GetFileTime
SetFileTime
GetTempPathW
GetTempFileNameW
SetFileAttributesW
LoadLibraryA
ReadFile
DeleteFileW
SetFilePointerEx
GetFileSizeEx
VirtualAlloc
VirtualFree
CreateFileW
SetFilePointer
WriteFile
VirtualFreeEx
IsBadReadPtr
VirtualAllocEx
VirtualProtectEx
ReadProcessMemory
WriteProcessMemory
SetThreadContext
VirtualQueryEx
OpenMutexW
ReleaseMutex
CreateMutexW
LocalFree
LoadLibraryW
FreeLibrary
CreateThread
GetModuleHandleW
GetProcAddress
GetLastError
CreateToolhelp32Snapshot
Thread32First
Thread32Next
CloseHandle
lstrcmpiW
Sleep
GetTickCount
GetTimeZoneInformation
HeapFree
HeapAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetProcessHeap
GetSystemTime
lstrcmpiA
GetCurrentThread
SetThreadPriority
GetCommandLineW
WaitForSingleObject

user32

RegisterClassA
RegisterClassExW
RegisterClassExA
CreateWindowStationW
OpenWindowStationW
SetProcessWindowStation
GetProcessWindowStation
CreateDesktopW
SetThreadDesktop
CloseWindowStation
CloseDesktop
GetUpdateRgn
GetUpdateRect
GetWindowDC
GetDCEx
EndPaint
BeginPaint
IntersectRect
EqualRect
CallWindowProcW
PrintWindow
PeekMessageA
GetMessageA
GetMessageW
GetCapture
ReleaseCapture
SetCapture
SetCursorPos
GetCursorPos
GetMessagePos
GetWindowInfo
GetAncestor
RegisterClassW
GetClassLongW
GetWindowRect
IsRectEmpty
GetParent
MapWindowPoints
SetWindowPos
IsWindow
DefMDIChildProcA
DefMDIChildProcW
DefFrameProcA
DefFrameProcW
DefDlgProcA
DefDlgProcW
DefWindowProcA
SwitchDesktop
OpenDesktopW
OpenInputDesktop
GetMenu
GetMenuItemCount
GetMenuState
HiliteMenuItem
MenuItemFromPoint
EndMenu
GetSubMenu
GetMenuItemRect
TrackPopupMenuEx
FillRect
GetMenuItemID
SetKeyboardState
GetShellWindow
SystemParametersInfoW
DrawEdge
GetUserObjectInformationW
GetWindowThreadProcessId
CallWindowProcA
RegisterWindowMessageW
GetClassNameW
PostThreadMessageW
DefWindowProcW
CharLowerBuffA
CharLowerW
CharLowerA
SendMessageW
MapVirtualKeyW
PostMessageW
GetSystemMetrics
GetClipboardData
GetKeyboardState
ToUnicode
ExitWindowsEx
CharToOemW
GetDC
ReleaseDC
LoadImageW
GetWindowTextLengthW
GetWindowTextW
WindowFromPoint
SendMessageTimeoutW
GetWindowLongW
SetWindowLongW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
CharUpperW
GetWindow
GetTopWindow
GetThreadDesktop

advapi32

CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetNamedSecurityInfoW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
CreateProcessAsUserW
GetLengthSid
ConvertSidToStringSidW
InitiateSystemShutdownExW

shlwapi

PathIsURLW
PathQuoteSpacesW
PathRenameExtensionW
PathIsDirectoryW
PathMatchSpecW
UrlUnescapeA
PathAddBackslashW
PathRemoveBackslashW
PathRemoveFileSpecW
PathAddExtensionW
PathFindFileNameW
wvnsprintfA
wvnsprintfW
PathCombineW
PathUnquoteSpacesW
PathSkipRootW
StrCmpNIA
SHDeleteValueW
SHDeleteKeyW
PathIsRelativeW
StrCmpNIW

shell32

ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW

secur32

GetUserNameExW

psapi

EnumProcessModules
GetModuleBaseNameW
GetModuleFileNameExW

ole32

CLSIDFromString
StringFromGUID2

gdi32

RestoreDC
SetViewportOrgEx
SaveDC
GdiFlush
CreateCompatibleDC
SetRectRgn
SelectObject
CreateCompatibleBitmap
DeleteObject
CreateDIBSection
GetObjectW
GetDIBits
DeleteDC
CreateFontIndirectW
GetDeviceCaps

comctl32

InitCommonControlsEx

ws2_32

select
send
WSACleanup
WSAStartup
closesocket
connect
recvfrom
sendto
WSASend
getpeername
WSAStringToAddressW
WSAAddressToStringW
getsockname
WSAGetLastError
setsockopt
WSAIoctl
shutdown
accept
WSASetLastError
bind
listen
getaddrinfo
freeaddrinfo
recv
socket

crypt32

CertDuplicateCertificateContext
CertDeleteCertificateFromStore
CertOpenSystemStoreW
CertEnumCertificatesInStore
PFXExportCertStoreEx
CertCloseStore
PFXImportCertStore

wininet

GetUrlCacheEntryInfoW
HttpAddRequestHeadersW
HttpSendRequestW
HttpSendRequestExW
HttpSendRequestExA
InternetReadFileExA
InternetQueryDataAvailable
HttpAddRequestHeadersA
InternetCrackUrlA
InternetReadFile
InternetQueryOptionW
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetQueryOptionA
InternetOpenA
InternetSetOptionA
InternetConnectA
InternetCloseHandle
InternetSetStatusCallbackW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

code
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6a985405556b98acbdb7255917b9fb5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

psapi

ole32

gdi32

comctl32

ws2_32

crypt32

wininet

comdlg32

Sections

.text Size: 136KB - Virtual size: 135KB

code Size: 13KB - Virtual size: 13KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 1KB - Virtual size: 10KB

.idata Size: 12KB - Virtual size: 11KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 136KB - Virtual size: 135KB

code
Size: 13KB - Virtual size: 13KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 1KB - Virtual size: 10KB

.idata
Size: 12KB - Virtual size: 11KB

.reloc
Size: 6KB - Virtual size: 5KB