1a61d05e0d6e807bca828c6bad0bef40_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1a61d05e0d6e807bca828c6bad0bef40_JaffaCakes118
Size

141KB
MD5

1a61d05e0d6e807bca828c6bad0bef40
SHA1

2a20b1043351604ce7613e1d7a45e93ad91de4ae
SHA256

80e429c5c905f57a2694e42c1afca29dfd4203b6656b0389b192235e13e0ec9f
SHA512

fc944f7548119ad7ceb67ea377123cb6bd2022068f1390cbec1d00679f786d95aeab8f2567a21970c7823c876e2e92c6f964e19cb17da90434a8a8ad236ca7df
SSDEEP

3072:2m60T7oweqm0jbQvXxwEqKn2OOLfm5ji9sS3Tdg7QInCB2wsv/eGQea7T:2D27CtgbQvBtn2OAO5xShg7VuGQB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a61d05e0d6e807bca828c6bad0bef40_JaffaCakes118

Files

1a61d05e0d6e807bca828c6bad0bef40_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b39bb0f9379d0d0d1ddee1b8a79f6194

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenMutexW
GetLastError
SetLastError
VirtualProtectEx
VirtualAllocEx
FindClose
RemoveDirectoryW
FindNextFileW
VirtualProtect
CreateToolhelp32Snapshot
GetFileTime
ReleaseMutex
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
LocalFree
WriteProcessMemory
SetFileAttributesW
CreateThread
ExpandEnvironmentStringsW
MapViewOfFile
UnmapViewOfFile
SetEvent
SetThreadPriority
SystemTimeToFileTime
GetCurrentThreadId
GetFileSizeEx
TlsFree
MoveFileExW
GetModuleFileNameW
GetUserDefaultUILanguage
ResetEvent
GetNativeSystemInfo
GetVersionExW
ExitProcess
GetCommandLineW
SetErrorMode
GetComputerNameW
OpenEventW
DuplicateHandle
GetCurrentProcessId
GetLocalTime
lstrcmpiA
TlsGetValue
TlsSetValue
TerminateProcess
WTSGetActiveConsoleSessionId
CreateRemoteThread
Process32FirstW
Process32NextW
HeapAlloc
CreateProcessW
GetTempPathW
MultiByteToWideChar
GetTimeZoneInformation
ReadFile
Thread32Next
HeapCreate
HeapDestroy
SetEndOfFile
FindFirstFileW
ReadProcessMemory
LoadLibraryW
WideCharToMultiByte
Thread32First
OpenProcess
VirtualQueryEx
SetFileTime
IsBadReadPtr
GetProcessHeap
VirtualFree
GetCurrentThread
CreateDirectoryW
HeapFree
TlsAlloc
SetFilePointerEx
CreateMutexW
HeapReAlloc
GetTempFileNameW
FileTimeToDosDateTime
GetEnvironmentVariableW
GetProcessId
VirtualAlloc
VirtualFreeEx
SetThreadContext
GetThreadContext
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
CloseHandle
GetPrivateProfileIntW
FlushFileBuffers
CreateFileW
GetFileAttributesW
WriteFile
GetPrivateProfileStringW
GetFileAttributesExW
Sleep
GetModuleHandleW
GetSystemTime
lstrcmpiW
LoadLibraryA
GetProcAddress
FreeLibrary
EnterCriticalSection
GlobalUnlock
LeaveCriticalSection
InitializeCriticalSection
GetTickCount
CreateFileMappingW
GlobalLock

user32

EndMenu
GetWindowThreadProcessId
GetShellWindow
MapVirtualKeyW
PostMessageW
GetTopWindow
LoadImageW
MsgWaitForMultipleObjects
WindowFromPoint
CharToOemW
GetWindowLongW
CharLowerA
CharUpperW
SetWindowLongW
SendMessageTimeoutW
SendMessageW
DispatchMessageW
EndPaint
GetMessageA
GetUpdateRgn
GetMessageW
RegisterClassExA
GetWindowDC
IsWindow
DefDlgProcW
DefFrameProcA
OpenInputDesktop
BeginPaint
GetUpdateRect
GetUserObjectInformationW
HiliteMenuItem
PostThreadMessageW
SetWindowPos
GetSystemMetrics
FillRect
DrawEdge
IntersectRect
EqualRect
PrintWindow
CharLowerBuffA
CreateDesktopW
SetProcessWindowStation
CloseWindowStation
CreateWindowStationW
GetProcessWindowStation
CloseDesktop
SetThreadDesktop
OpenWindowStationW
GetWindowRect
GetParent
GetWindowInfo
GetClassLongW
MapWindowPoints
IsRectEmpty
GetMenuState
ExitWindowsEx
GetAncestor
GetWindow
RegisterWindowMessageW
GetThreadDesktop
GetMenuItemID
GetMenuItemCount
ToUnicode
GetClipboardData
GetSubMenu
OpenDesktopW
MenuItemFromPoint
GetMenu
GetDC
GetCapture
RegisterClassExW
SetCursorPos
PeekMessageW
GetDCEx
PeekMessageA
ReleaseDC
DefWindowProcA
DefMDIChildProcW
SwitchDesktop
DefDlgProcA
DefMDIChildProcA
ReleaseCapture
RegisterClassW
CallWindowProcA
CallWindowProcW
DefWindowProcW
GetMenuItemRect
TrackPopupMenuEx
SystemParametersInfoW
GetClassNameW
SetCapture
GetKeyboardState
TranslateMessage
GetCursorPos
GetIconInfo
DrawIcon
CharLowerW
RegisterClassA
DefFrameProcW
GetMessagePos
SetKeyboardState

advapi32

CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
RegQueryValueExW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
AllocateAndInitializeSid
CryptCreateHash
ConvertStringSecurityDescriptorToSecurityDescriptorW
FreeSid
RegOpenKeyExW
GetSecurityDescriptorSacl
CheckTokenMembership
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegCloseKey
RegSetValueExW
CryptHashData
InitiateSystemShutdownExW
ConvertSidToStringSidW
IsWellKnownSid
GetLengthSid
EqualSid
RegEnumKeyExW

shlwapi

wvnsprintfW
StrStrIW
StrStrIA
StrCmpNIW
PathQuoteSpacesW
PathIsURLW
PathRenameExtensionW
wvnsprintfA
StrCmpNIA
PathMatchSpecW
PathRemoveBackslashW
PathUnquoteSpacesW
PathAddExtensionW
PathCombineW
SHDeleteKeyW
PathSkipRootW
SHDeleteValueW
PathAddBackslashW
PathRemoveFileSpecW
PathFindFileNameW
PathIsDirectoryW
UrlUnescapeA

shell32

ShellExecuteW
SHGetFolderPathW
CommandLineToArgvW

secur32

GetUserNameExW

ole32

StringFromGUID2
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitializeEx

gdi32

RestoreDC
SaveDC
DeleteDC
GdiFlush
SetViewportOrgEx
SelectObject
CreateCompatibleDC
CreateDIBSection
GetDeviceCaps
GetDIBits
DeleteObject
SetRectRgn
CreateCompatibleBitmap

ws2_32

WSAEventSelect
listen
WSASetLastError
freeaddrinfo
socket
bind
recv
getpeername
recvfrom
sendto
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
getaddrinfo
select
WSAGetLastError
shutdown
getsockname
accept
WSASend
closesocket
send
setsockopt

crypt32

PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
CryptUnprotectData

wininet

HttpAddRequestHeadersA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
InternetQueryOptionA
InternetOpenA
HttpOpenRequestA
InternetSetOptionA
InternetCrackUrlA
InternetQueryOptionW
InternetConnectA
InternetCloseHandle
HttpSendRequestA
HttpSendRequestW
InternetReadFile
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpQueryInfoA
HttpSendRequestExA

oleaut32

VariantInit
SysAllocString
VariantClear
SysFreeString

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetInfo

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b39bb0f9379d0d0d1ddee1b8a79f6194

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

Sections

.text Size: 132KB - Virtual size: 132KB

.data Size: 1024B - Virtual size: 8KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 132KB - Virtual size: 132KB

.data
Size: 1024B - Virtual size: 8KB

.reloc
Size: 6KB - Virtual size: 5KB