1a63dbd7585b9f9e675453572e892bb6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1a63dbd7585b9f9e675453572e892bb6_JaffaCakes118
Size

941KB
MD5

1a63dbd7585b9f9e675453572e892bb6
SHA1

726c0c53cbe85dbf2b94ad0b7415ba004796e0bb
SHA256

808fc2d73690e0f3b07d01ef39b424f8973d91471d5310427528b805e8be0827
SHA512

932b483fe78fdc962ee8ae8c47b4ef48455d5fd4ff2acbf104329f3406ed5a1a0600b14633a060cb005ddeebf662abed274eb008033ed26a5407b0c1f19f0f9a
SSDEEP

12288:6PlOLn9Mj8YUROTu/mSfYaAqrS31YUfMF4w7UY7n4cwVCrNeDfs7laFsB2f4:6PlO9Mj8kT16YMrO1XfMF4XTcwx0wg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a63dbd7585b9f9e675453572e892bb6_JaffaCakes118

Files

1a63dbd7585b9f9e675453572e892bb6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

69e51947d722f26be5dbaa85dd1ab4fb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

MessageBoxW
GetUpdateRect
GetClientRect
CreateWindowExW
GetWindowTextW
MoveWindow
MapWindowPoints
SetRect
RegisterClipboardFormatA
LoadIconA
wsprintfA
SetWindowTextW
BeginPaint
SetWindowLongA
GetSysColor
GetWindowLongA
CreateWindowExA
CallWindowProcA
LoadStringW
EnableWindow
EndPaint
SetDlgItemTextW
ReleaseCapture
DrawFocusRect
MapDialogRect
LoadCursorW
SystemParametersInfoA
PostMessageA
GetSysColorBrush
DestroyWindow
EndDialog
GetDialogBaseUnits
MonitorFromWindow
PostMessageW
MessageBoxExW
GetDlgItemTextW
ShowWindow
GetWindowLongW
LoadCursorA
SendMessageA
GetMonitorInfoW
IsDlgButtonChecked
SetWindowLongW
SendDlgItemMessageW
DrawIcon
DestroyIcon
GetDlgItemTextA
CheckRadioButton
CopyRect
InvalidateRect
GetFocus
SetCursor
DialogBoxParamW
IsWindowEnabled
GetDC
IsWindowVisible
SetDlgItemInt
DrawTextExW
ReleaseDC
PeekMessageA
LoadStringA
LoadBitmapW
GetParent
GetDesktopWindow
GetWindow
SendMessageW
SendDlgItemMessageA
SetWindowTextA
SetCapture
SetWindowPos
GetWindowRect
GetNextDlgTabItem
WinHelpW
GetWindowDC
FillRect
GetDlgItemInt
UpdateWindow
GetDlgItem
SetClassLongA
SetFocus

rpcrt4

RpcStringBindingComposeA
NdrClientCall2
UuidCreate
RpcNetworkIsProtseqValidA
UuidToStringA
RpcBindingFree
RpcStringBindingComposeW
RpcBindingFromStringBindingA
RpcStringFreeW

crypt32

CryptFindCertificateKeyProvInfo
CertGetCRLFromStore
PFXExportCertStore
CertCloseStore
CryptInitOIDFunctionSet
CertFreeCTLContext
CryptEncodeObject
CertFindCRLInStore
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CryptMsgOpenToDecode
CryptMsgUpdate
CryptBinaryToStringA
CryptMsgControl
CertSetCTLContextProperty
CertDuplicateCertificateContext
PFXImportCertStore
CertGetPublicKeyLength
CertGetValidUsages
CertDuplicateStore
CertSetEnhancedKeyUsage
CertAddCRLContextToStore
CertEnumSystemStore
CryptDecodeObjectEx
PFXExportCertStoreEx
CertGetEnhancedKeyUsage
CertAddCTLContextToStore
CryptDecodeObject
CertFreeCertificateChain
CryptFindOIDInfo
CertEnumPhysicalStore
CryptFreeOIDFunctionAddress
CryptMsgEncodeAndSignCTL
CryptEnumOIDInfo
CertFindCertificateInStore
CertGetSubjectCertificateFromStore
CertFreeCertificateChainEngine
CertSaveStore
CryptAcquireCertificatePrivateKey
CertCompareCertificate
CertFindCTLInStore
CertVerifyTimeValidity
CryptSIPRetrieveSubjectGuid
CertAddCertificateContextToStore
CertNameToStrW
CertGetCertificateChain
CertGetNameStringW
CryptQueryObject
CryptMsgDuplicate
CertCreateCertificateContext
CertFindAttribute
CertEnumCTLsInStore
CertFreeCertificateContext
CryptMsgClose
PFXVerifyPassword
CryptFindLocalizedName
CertDeleteCertificateFromStore
CryptMsgVerifyCountersignatureEncoded
CertFreeCRLContext
CryptGetDefaultOIDDllList
CryptMsgGetParam
CertCreateCTLContext
CertGetStoreProperty
CryptGetDefaultOIDFunctionAddress
CertOpenStore
CryptFormatObject
CertSetCertificateContextProperty
CertCreateCertificateChainEngine
CertGetCTLContextProperty
CertFindExtension

advapi32

EqualSid
CryptReleaseContext
UnlockServiceDatabase
RegQueryValueExW
LockServiceDatabase
RegQueryInfoKeyA
CryptAcquireContextA
OpenProcessToken
AllocateAndInitializeSid
GetUserNameW
RegEnumKeyExW
FreeSid
RegEnumKeyExA
StartServiceA
CryptGetProvParam
RegSetValueExA
RegOpenKeyExW
RegCloseKey
RegEnumValueW
CryptDestroyKey
OpenSCManagerW
CryptSetProvParam
QueryServiceConfigA
ChangeServiceConfigA
RegQueryValueExA
OpenThreadToken
CryptGetKeyParam
RegCreateKeyExW
DuplicateToken
RegSetValueExW
CloseServiceHandle
ControlService
RegEnumValueA
QueryServiceStatus
CryptGetUserKey
CryptAcquireContextW
RegOpenKeyExA
StartServiceW
GetTokenInformation
RegCreateKeyExA
GetSecurityDescriptorOwner

gdi32

GetObjectW
GetBkColor
SelectPalette
SetPixel
CreateFontIndirectW
DeleteObject
SetBkColor
CreateFontIndirectA
DeleteDC
CreateCompatibleBitmap
CreateDIBitmap
GetDeviceCaps
GetObjectA
CreateCompatibleDC
SelectObject
GetTextExtentPoint32W
RealizePalette
BitBlt
CreateBitmap
CreatePalette

netapi32

DsGetDcNameW
NetApiBufferFree
NetGetDCName

shlwapi

PathFindFileNameW
StrCmpNIW
PathUndecorateW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wintrust

WTHelperGetProvSignerFromChain
TrustIsCertificateSelfSigned
WintrustGetDefaultForUsage
WTHelperGetProvCertFromChain
WTHelperGetKnownUsages
WinVerifyTrustEx
WTHelperProvDataFromStateData

msvcrt

wcslen
_stricmp
_wcsnicmp
_purecall
_adjust_fdiv
memmove
_vsnwprintf
wcsrchr
_initterm
_ltow
_itow
_wcsicmp
wcscat
_wtol
strtok
malloc
swprintf
wcscmp
free
strtoul
wcsncpy
_except_handler3
wcscpy
iswspace
wcschr
iswprint

wininet

InternetCrackUrlW
InternetCanonicalizeUrlW

kernel32

GetStartupInfoA
GetDateFormatA
LocalReAlloc
CreateFileW
SetFilePointer
lstrcmpA
DeleteFileW
WideCharToMultiByte
GetSystemTimeAsFileTime
CloseHandle
OutputDebugStringA
GetCurrentThread
MultiByteToWideChar
GetLocalTime
UnmapViewOfFile
GetModuleHandleA
GetCurrentProcessId
EnterCriticalSection
FileTimeToSystemTime
LockResource
FindResourceA
GetModuleFileNameW
SetUnhandledExceptionFilter
SetEndOfFile
SystemTimeToFileTime
FreeResource
GetDateFormatW
MulDiv
SetLastError
UnhandledExceptionFilter
DelayLoadFailureHook
LocalAlloc
CompareStringW
GlobalLock
GetProcAddress
lstrlenW
GetTickCount
CreateFileA
DisableThreadLibraryCalls
LoadResource
ExpandEnvironmentStringsW
LoadLibraryW
GetCurrentDirectoryW
CompareStringA
GetComputerNameExW
Sleep
GetComputerNameW
GetUserDefaultLCID
CreateFileMappingA
ExpandEnvironmentStringsA
lstrlenA
FreeLibrary
GetFileSize
GetTimeFormatA
LoadLibraryA
LocalFree
InitializeCriticalSection
lstrcpyA
QueryPerformanceCounter
InterlockedCompareExchange
GetACP
TerminateProcess
GlobalUnlock
lstrcatA
GetCurrentProcess
GetModuleHandleW
GetVersionExA
DeleteCriticalSection
GetCurrentThreadId
GlobalAlloc
WriteFile
CompareFileTime
GlobalFree
GetTimeFormatW
FileTimeToLocalFileTime
LeaveCriticalSection
GetLastError
MapViewOfFile
FormatMessageW

ntdll

NtAllocateVirtualMemory
NtOpenDirectoryObject

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 12.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 800KB - Virtual size: 800KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

69e51947d722f26be5dbaa85dd1ab4fb

Headers

File Characteristics

Imports

user32

rpcrt4

crypt32

advapi32

gdi32

netapi32

shlwapi

version

wintrust

msvcrt

wininet

kernel32

ntdll

Sections

.text Size: 20KB - Virtual size: 19KB

.data Size: 109KB - Virtual size: 12.9MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 800KB - Virtual size: 800KB

.rdata Size: 9KB - Virtual size: 9KB

.text
Size: 20KB - Virtual size: 19KB

.data
Size: 109KB - Virtual size: 12.9MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 800KB - Virtual size: 800KB

.rdata
Size: 9KB - Virtual size: 9KB