19cc4ad13c44953006720a5920e8d048_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

19cc4ad13c44953006720a5920e8d048_JaffaCakes118
Size

172KB
MD5

19cc4ad13c44953006720a5920e8d048
SHA1

de4aab529e0a71aa2a36b176643c62a872e0c27b
SHA256

64127d089c5803137f15b9b8798fc9be3e66f5fedfa2798224257be7f69f9ad2
SHA512

061c2da5c864858993700b28d6af8b0d6d3c85f3917687e9f38cae25684e0057b2f26016fde6d660b9c73d3075b08512b72fe515bce531080fcf9055776eb60a
SSDEEP

3072:AJvwONRxZiwOSUD4uIfRxIOevCtay8GKR8tI7YYncCxuFkk0fll+P4OvnX4EH9B:cI6HZi8UD4DJhKRV7YErhtl+P4Ov7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19cc4ad13c44953006720a5920e8d048_JaffaCakes118

Files

19cc4ad13c44953006720a5920e8d048_JaffaCakes118
.exe windows:5 windows x86 arch:x86

301a1cc3083fe949684f4a85cd7bce28

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_ismbcalpha
_adj_fprem1
__p__pctype
_aligned_realloc
sinh
_safe_fprem
_telli64
_ftime
_mbsncmp
fputwc
_mbsrchr
__dllonexit
_wcmdln
__setusermatherr
_spawnvp
_fmode
memcpy
_rotr
_stat
_getdllprocaddr
_wexecle
_ltow
??1exception@@UAE@XZ
_mbcjistojms
??_Ebad_cast@@UAEPAXI@Z
_unlink
__pioinfo
_lseeki64
_mbsspnp
_daylight
_ctype
_cputws
?terminate@@YAXXZ
strtod
__getmainargs
??4bad_cast@@QAEAAV0@ABV0@@Z
_CIacos
_adj_fdiv_r
_environ
ldiv
__p__daylight
__badioinfo
_chgsign
_wexecl
_beep

wininet

InternetTimeFromSystemTimeW
SetUrlCacheHeaderData
UnlockUrlCacheEntryFile
GetUrlCacheEntryInfoExA
GetUrlCacheHeaderData
InternetGetConnectedState
InternetUnlockRequestFile
FtpGetCurrentDirectoryW
GopherOpenFileW
CreateMD5SSOHash
GetUrlCacheEntryInfoA
InternetGetLastResponseInfoW
CreateUrlCacheGroup
HttpCheckDavCompliance
FindFirstUrlCacheEntryExW
InternetCanonicalizeUrlW
CommitUrlCacheEntryW
InternetQueryFortezzaStatus
GopherFindFirstFileA
PrivacySetZonePreferenceW
IsHostInProxyBypassList
InternetShowSecurityInfoByURLA
FtpGetFileSize
DetectAutoProxyUrl
SetUrlCacheEntryInfoW
CreateUrlCacheEntryA
GopherGetAttributeW
HttpOpenRequestA
FindNextUrlCacheEntryA
InternetCrackUrlA
HttpQueryInfoA
FindFirstUrlCacheGroup
FtpGetFileA
InternetGetLastResponseInfoA
UrlZonesDetach
InternetSetOptionExA
SetUrlCacheGroupAttributeW
InternetSetDialStateA
FtpFindFirstFileW
RetrieveUrlCacheEntryFileA
DllInstall
InternetConfirmZoneCrossingW

kernel32

InitializeSListHead
SetWaitableTimer
LoadLibraryA
OpenFileMappingW
EnumCalendarInfoW
WaitForDebugEvent
FindFirstVolumeMountPointA
GetCommModemStatus
TlsAlloc
EnumerateLocalComputerNamesW
GetProcessTimes
BuildCommDCBA
UpdateResourceW
SetConsoleWindowInfo
BuildCommDCBAndTimeoutsW
GetCurrentThread
GetShortPathNameA
GetFirmwareEnvironmentVariableA
GetConsoleKeyboardLayoutNameW
SetupComm
GetNamedPipeHandleStateA
GetFileAttributesExA
GetVolumeInformationW
GetModuleHandleW
GetModuleHandleA
ScrollConsoleScreenBufferA
GetCPInfoExW
GlobalAlloc
SizeofResource
SetLastError
DeleteFileA
SetConsoleMenuClose
WriteProfileSectionW
HeapCompact
SwitchToThread
GetConsoleAliasExesLengthW
SetConsoleDisplayMode
lstrcpynA
VirtualAlloc
SuspendThread
GetDateFormatA

winmm

joyGetPosEx
mmioClose
midiOutGetErrorTextW
mmTaskYield
midiInClose
mmioGetInfo
sndPlaySoundA
mmioInstallIOProcW
mmTaskCreate
midiOutGetDevCapsA
mxd32Message
timeGetDevCaps
joyGetNumDevs
DefDriverProc
midiStreamClose
waveOutGetPitch
waveOutSetPlaybackRate
waveInGetID
waveInGetDevCapsA
mmGetCurrentTask
mixerClose
waveInPrepareHeader
mciDriverNotify
midiOutGetID
midiStreamRestart
timeKillEvent
mixerGetLineControlsA
mciFreeCommandResource
midiInStart
PlaySoundW
wid32Message
midiInGetErrorTextW
mmioAscend
WOWAppExit
mmioRead
mmioWrite
auxGetDevCapsA
midiOutGetVolume
waveOutSetPitch
mixerGetLineInfoW
NotifyCallbackData

msi

MsiOpenPackageExA
MsiAdvertiseProductW
MsiFormatRecordW
MsiSetFeatureStateA
MsiGetFeatureInfoA
MsiGetUserInfoA
MsiCreateAndVerifyInstallerDirectory
MsiProvideQualifiedComponentExW
MsiUseFeatureExW
MsiRecordClearData
MsiGetProductInfoFromScriptW
MsiLoadStringA
MsiEnumPatchesA
MsiEvaluateConditionA
MsiProcessAdvertiseScriptW
MsiPreviewBillboardW
MsiDatabaseExportA
MsiPreviewDialogW
MsiSourceListAddSourceA
MsiEnumProductsW
MsiQueryProductStateA
MsiLoadStringW
MsiReinstallProductA
MsiLocateComponentA
MsiQueryFeatureStateA
MsiEnumClientsA
MsiDatabaseMergeW
MsiViewGetErrorA
MsiReinstallFeatureA
MsiGetSummaryInformationW
MsiFormatRecordA
MsiEnumClientsW

wmi

UnregisterTraceGuids
WmiFreeBuffer
WmiSetSingleInstanceA
OpenTraceW
WmiMofEnumerateResourcesW
WmiCloseBlock
WmiExecuteMethodW
WmiDevInstToInstanceNameW
WmiExecuteMethodA
WmiOpenBlock
WmiQueryAllDataA
TraceEvent
GetTraceLoggerHandle
StartTraceA
WmiSetSingleItemA
WmiDevInstToInstanceNameA
GetTraceEnableFlags
ProcessTrace
WmiFileHandleToInstanceNameW
SetTraceCallback
WmiEnumerateGuids
WmiSetSingleInstanceW
WmiMofEnumerateResourcesA
TraceEventInstance
WmiQueryGuidInformation
WmiSetSingleItemW
OpenTraceA
WmiQuerySingleInstanceA
QueryAllTracesA
ControlTraceA
WmiQuerySingleInstanceW
CloseTrace
RegisterTraceGuidsW
ControlTraceW
StartTraceW
RegisterTraceGuidsA
WmiNotificationRegistrationA
RemoveTraceCallback
CreateTraceInstanceId
WmiNotificationRegistrationW

advapi32

IsValidSid
SetSecurityDescriptorRMControl
CreateProcessAsUserW
SaferiRecordEventLogEntry
UpdateTraceA
AddAccessDeniedObjectAce
UpdateTraceW
CredMarshalCredentialA
ConvertStringSDToSDRootDomainA
CryptSignHashW
WmiOpenBlock
GetInheritanceSourceW
DecryptFileW
GetTraceLoggerHandle
SystemFunction011
IsValidSecurityDescriptor
SetSecurityDescriptorGroup
GetSidLengthRequired
MD5Init
SetServiceBits
SystemFunction020
EnumServicesStatusExA
LsaCreateAccount
CredGetTargetInfoA
SystemFunction015
GetLengthSid
LsaQueryInformationPolicy
StartServiceCtrlDispatcherW

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

301a1cc3083fe949684f4a85cd7bce28

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

wininet

kernel32

winmm

msi

wmi

advapi32

Sections

.text Size: 59KB - Virtual size: 58KB

.rdata Size: 65KB - Virtual size: 64KB

.data Size: 512B - Virtual size: 240KB

.rsrc Size: 45KB - Virtual size: 45KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 59KB - Virtual size: 58KB

.rdata
Size: 65KB - Virtual size: 64KB

.data
Size: 512B - Virtual size: 240KB

.rsrc
Size: 45KB - Virtual size: 45KB

.reloc
Size: 1KB - Virtual size: 1KB