1abb10686c97595cfda98bda5493617c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1abb10686c97595cfda98bda5493617c_JaffaCakes118
Size

2.4MB
MD5

1abb10686c97595cfda98bda5493617c
SHA1

e786e78bc599e3b24c5f68128e36e9dfd8637461
SHA256

66bdff18d308074044748c7c02e8a8eb2da5ced0ee64c84d386285097011ca16
SHA512

a1235697f4ff4624d109b85e6412d674956729e8bfcb03040f9a4f9eb9637c3586aab6e5aa1d2f35352d864d4ccf697b884e2df2a0018cc539c75f294738e487
SSDEEP

49152:5qyIAVifKLmso79+L6LBaY/NFoPLJ/p/0S0KeQSdm0A:5JViiqsoh+L6LBaYVeoSr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1abb10686c97595cfda98bda5493617c_JaffaCakes118

Files

1abb10686c97595cfda98bda5493617c_JaffaCakes118
.exe .js windows:5 windows x86 arch:x86 polyglot

45b432b7c13abad81c37f13822cb0c4f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
GetPrivateProfileIntW
GetModuleHandleW
InterlockedIncrement
QueryPerformanceCounter
GetTempPathA
UnlockFile
LockFile
AreFileApisANSI
DeleteFileA
GetSystemTimeAsFileTime
FormatMessageA
GetFullPathNameW
GetFullPathNameA
GetFileAttributesA
LoadLibraryExW
DeviceIoControl
GetDriveTypeW
GetLogicalDriveStringsW
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
GlobalAlloc
CreateThread
ResumeThread
GetThreadPriority
HeapReAlloc
GlobalUnlock
GetComputerNameW
SystemTimeToTzSpecificLocalTime
GlobalLock
GetSystemTime
TerminateProcess
WaitForMultipleObjects
GetOverlappedResult
CancelIo
WaitNamedPipeW
CreateNamedPipeW
ConnectNamedPipe
DuplicateHandle
CreatePipe
GetStdHandle
ReleaseMutex
CreateMutexW
CreateProcessW
GetCommandLineW
CreateToolhelp32Snapshot
InitializeCriticalSection
Process32FirstW
HeapFree
GetEnvironmentVariableW
GetProcessHeap
Process32NextW
OpenProcess
HeapAlloc
lstrcpyW
ProcessIdToSessionId
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileAttributesW
ExitProcess
GetModuleFileNameW
VirtualQuery
GetVersionExW
SetUnhandledExceptionFilter
GetFileTime
SetEndOfFile
GetCurrentProcessId
CreateEventA
SetEnvironmentVariableW
GetTickCount
SetLastError
GetLastError
GetCurrentProcess
LocalFree
LocalAlloc
FlushFileBuffers
DisconnectNamedPipe
CreateFileA
WaitForSingleObject
GetStartupInfoW
SetThreadPriority
GetCurrentThread
SetFilePointer
GetCurrentDirectoryW
WriteFile
ReadFile
LoadResource
RemoveDirectoryW
LockResource
FindResourceW
SizeofResource
PeekNamedPipe
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetTimeZoneInformation
GetVersionExA
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
SetEvent
ResetEvent
FindFirstFileW
FindNextFileW
FindClose
EnterCriticalSection
GetTempFileNameW
MoveFileW
LoadLibraryW
GetCurrentThreadId
GetFileAttributesW
DeleteFileW
DeleteCriticalSection
FreeLibrary
GetTempPathW
GetProcAddress
CreateEventW
GetFileSize
CloseHandle
CreateFileW
CopyFileW
LeaveCriticalSection
Sleep
CreateDirectoryW
LockFileEx
InterlockedDecrement
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameA
GetLocaleInfoA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
RtlUnwind
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetStringTypeW
GetStringTypeA

advapi32

DuplicateTokenEx
OpenServiceW
CloseServiceHandle
OpenSCManagerW
ControlService
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
RegOpenKeyExW
RegDeleteKeyW
SetServiceStatus
RegCloseKey
RegQueryValueExW
AddAccessAllowedAce
InitializeSecurityDescriptor
RegSaveKeyW
RegSetKeySecurity
GetSidLengthRequired
RegRestoreKeyW
InitializeSid
SetSecurityDescriptorDacl
LookupPrivilegeValueW
GetAce
OpenProcessToken
InitializeAcl
AdjustTokenPrivileges
GetSidSubAuthority
RegCreateKeyExW
SetFileSecurityW
RegOpenKeyW
GetSecurityDescriptorDacl
GetSecurityDescriptorLength
IsValidSecurityDescriptor
AllocateAndInitializeSid
SetEntriesInAclW
RegEnumValueW
FreeSid
RegSetValueExW
RegDeleteValueW
GetUserNameW
GetSecurityInfo
LookupAccountNameW
StartServiceW
LsaClose
SetNamedSecurityInfoW
DeleteService
GetNamedSecurityInfoW
SetServiceObjectSecurity
CreateServiceW
ChangeServiceConfigW
RegEnumKeyExW
RegQueryInfoKeyW
ChangeServiceConfig2W
LsaAddAccountRights
EqualSid
LsaOpenPolicy
QueryServiceObjectSecurity
SetSecurityInfo
QueryServiceStatusEx

comctl32

ord17
ImageList_Destroy
_TrackMouseEvent
CreateToolbarEx
PropertySheetW

comdlg32

GetOpenFileNameW

gdi32

CreateDIBitmap
CreatePen
SelectObject
DeleteDC
DeleteObject
CreateSolidBrush
GetObjectW
CreateFontIndirectW
GetStockObject
TextOutW
SetTextColor
GetCurrentObject
GetTextExtentPoint32W
MoveToEx
LineTo
CreateCompatibleDC
SetBkMode
CreateCompatibleBitmap
BitBlt
CreateDIBSection
CreatePatternBrush
StretchBlt
CreateFontW

msacm32

acmStreamPrepareHeader
acmStreamSize
acmStreamClose
acmStreamUnprepareHeader
acmStreamConvert
acmStreamOpen

ole32

CoTaskMemFree
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoInitializeSecurity
CLSIDFromProgID
OleInitialize
OleUninitialize
CoInitialize

oleaut32

OleLoadPicture
OleLoadPicturePath
VariantClear
VariantInit
SysAllocString
SysFreeString

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderPathW
ShellExecuteExW
ShellExecuteW
SHChangeNotify
CommandLineToArgvW
ord680
Shell_NotifyIconW
SHGetMalloc

shlwapi

SHDeleteKeyW
SHDeleteEmptyKeyW

user32

DispatchMessageW
EnumWindows
WaitForInputIdle
GetPropW
SetPropW
LoadCursorW
OpenClipboard
RemovePropW
IsClipboardFormatAvailable
CallWindowProcW
DialogBoxParamW
CloseClipboard
GetClipboardData
MapDialogRect
ScreenToClient
GetMessageW
IsWindow
CreateDialogParamW
InvalidateRect
FrameRect
GetScrollInfo
FillRect
SetScrollPos
DrawIconEx
DrawTextW
GetDC
RegisterClassW
GetWindowLongW
DefWindowProcW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetDlgItemTextW
GetWindowTextW
EndDialog
DialogBoxIndirectParamW
InsertMenuW
EnableWindow
IsDialogMessageW
GetKeyState
MapVirtualKeyW
GetKeyNameTextW
SetCursor
GetDlgCtrlID
ClientToScreen
IsZoomed
RemoveMenu
InsertMenuItemW
FindWindowExW
FlashWindowEx
SetWindowPos
wsprintfW
SetWindowPlacement
PostQuitMessage
UpdateWindow
BeginPaint
SetMenuItemInfoW
GetSubMenu
EndPaint
GetWindowThreadProcessId
GetWindowPlacement
SetActiveWindow
GetSysColorBrush
GetScrollPos
IsIconic
EnableMenuItem
GetFocus
GetClassNameA
MsgWaitForMultipleObjects
LoadIconW
RegisterWindowMessageW
FindWindowW
SetFocus
DestroyIcon
GetCursor
LoadImageW
TranslateMessage
SendMessageTimeoutW
PeekMessageW
SetWindowLongW
SendDlgItemMessageW
AppendMenuW
SetForegroundWindow
GetDesktopWindow
MessageBoxW
MoveWindow
GetClientRect
DeleteMenu
GetCursorPos
IsWindowVisible
CreatePopupMenu
SetWindowTextW
SetMenuDefaultItem
GetMenu
KillTimer
SetTimer
CreateWindowExW
SetScrollInfo
DestroyMenu
GetWindowRect
GetWindowDC
CheckDlgButton
ReleaseDC
SetDlgItemTextW
SendMessageW
ShowWindow
GetDlgItem
IsDlgButtonChecked
PostMessageW
GetParent
GetSysColor
DestroyWindow
TrackPopupMenu

ws2_32

closesocket
WSACleanup
inet_addr
sendto
listen
select
__WSAFDIsSet
accept
WSAGetLastError
WSAEventSelect
send
ioctlsocket
connect
bind
socket
WSAStartup
gethostbyaddr
recv
gethostname
htons
gethostbyname

netapi32

NetQueryDisplayInformation
NetUserGetLocalGroups
NetUserGetInfo
NetApiBufferFree

msimg32

GradientFill

iphlpapi

GetAdaptersInfo
GetIpAddrTable
GetNetworkParams

Sections

.rdata
Size: 297KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 771KB - Virtual size: 786KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45b432b7c13abad81c37f13822cb0c4f

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

comdlg32

gdi32

msacm32

ole32

oleaut32

shell32

shlwapi

user32

ws2_32

netapi32

msimg32

iphlpapi

Sections

.rdata Size: 297KB - Virtual size: 297KB

.data Size: 771KB - Virtual size: 786KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 297KB - Virtual size: 297KB

.data
Size: 771KB - Virtual size: 786KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB