2470c7bc1b797f7c70efec98d9480766_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2470c7bc1b797f7c70efec98d9480766_JaffaCakes118
Size

268KB
MD5

2470c7bc1b797f7c70efec98d9480766
SHA1

4cf4075b85857273c868e60bb261e3ee46b73fe1
SHA256

d0470805bb8e41fe51ae79167087292fe977a251f8a1501001860eadec50cb69
SHA512

d98ae0a9e511c67ab3a60fd0d667c7f4f71cec681a2b048758f1365a03b81e31dba792434d1714bfac522733357f073488cc2aeec90c2f6273d226846af01021
SSDEEP

3072:B9yyNqY7gFA9ULbhbVxs5weOEQK5a6PcMh3iSCU4jAoEaEOo:DVUY7gFAo1tEFPcMhTCLA7aEX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2470c7bc1b797f7c70efec98d9480766_JaffaCakes118

Files

2470c7bc1b797f7c70efec98d9480766_JaffaCakes118
.exe windows:5 windows x86 arch:x86

678306c76074de693194218989a705f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RtlUnwind
SetFilePointer
GetFileType
SetHandleCount
ReadFile
MultiByteToWideChar
CloseHandle
GetModuleFileNameA
GetStdHandle
WriteFile
Sleep
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
TerminateProcess
GetStartupInfoA
GetCommandLineA
HeapAlloc
HeapFree
GetLastError
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreateFileA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetProcessHeap
LCMapStringA
LCMapStringW
GetStringTypeW
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
SetStdHandle
GetModuleHandleW
SearchPathA
GetModuleHandleA
LoadLibraryA
lstrcmpA
lstrlenA
lstrcmpiA
EnterCriticalSection
LeaveCriticalSection
lstrcpynA
DeleteCriticalSection
GetProcAddress
LoadLibraryW
GetStringTypeA
ExitProcess

comsvcs

MTSCreateActivity

crypt32

CertCreateCRLContext
CryptRegisterDefaultOIDFunction
CertDuplicateCertificateChain
CertEnumPhysicalStore
CertGetValidUsages
CryptMsgClose
CertCompareIntegerBlob
CertVerifyCertificateChainPolicy
CertRemoveEnhancedKeyUsageIdentifier
CertCompareCertificateName
CertOpenSystemStoreA
CryptCreateAsyncHandle
CertFreeCTLContext
CryptFindCertificateKeyProvInfo
CertSetCTLContextProperty
CertOIDToAlgId
CryptEnumOIDFunction
CryptRegisterOIDFunction
CryptVerifyMessageHash
CryptMsgGetParam
CertFindSubjectInSortedCTL
CertAddStoreToCollection
CryptGetMessageSignerCount
CryptMsgControl
CertCompareCertificate
CertAddEncodedCTLToStore
CryptVerifyCertificateSignature
CryptFreeOIDFunctionAddress
CryptExportPublicKeyInfo
CertDeleteCertificateFromStore
CertEnumCTLsInStore
CertFindAttribute
CryptSignMessageWithKey
CertEnumCertificateContextProperties
CryptImportPublicKeyInfoEx
CryptEnumOIDInfo
CertFreeCRLContext
CertAddCTLLinkToStore
CertRegisterPhysicalStore
CertEnumCRLContextProperties
CertSerializeCTLStoreElement
CertFindRDNAttr
CryptInitOIDFunctionSet
CertSerializeCRLStoreElement
CryptHashPublicKeyInfo
CryptCloseAsyncHandle
CertVerifyRevocation
CertComparePublicKeyInfo
CertAddEncodedCertificateToSystemStoreW
CryptGetAsyncParam
CertCreateSelfSignCertificate
CertGetCertificateContextProperty
CryptGetDefaultOIDDllList
CryptMsgSignCTL
CryptHashCertificate
CertIsRDNAttrsInCertificateName
CertFindCTLInStore
CertVerifySubjectCertificateContext
CertRegisterSystemStore
CertFindCertificateInStore
CryptMsgOpenToEncode
CertNameToStrW
CertFindChainInStore
CertAlgIdToOID
CertEnumSubjectInSortedCTL
CryptMsgCountersignEncoded
CryptGetKeyIdentifierProperty
CryptFindOIDInfo
CertDuplicateStore
CertEnumSystemStore
CertOpenStore
CertGetIntendedKeyUsage
CertResyncCertificateChainEngine
CertEnumCertificatesInStore
CertNameToStrA
CertGetSubjectCertificateFromStore
CertUnregisterSystemStore
CertCreateCTLEntryFromCertificateContextProperties
CryptGetDefaultOIDFunctionAddress
CertFreeCertificateChainEngine
CertEnumSystemStoreLocation
CryptStringToBinaryW
CryptImportPublicKeyInfo
PFXExportCertStore
CertAddEncodedCertificateToStore
CertGetNameStringA
CertAddEncodedCertificateToSystemStoreA

iphlpapi

GetPerAdapterInfo
GetIpStatistics
GetIpForwardTable
SetIfEntry
NotifyAddrChange
GetAdapterOrderMap
GetInterfaceInfo
GetFriendlyIfIndex
IpReleaseAddress
GetIpStatisticsEx
GetTcpTable

msi

ord70
ord254
ord90
ord243
ord5
ord230
ord157
ord112
ord36
ord268
ord274
ord210
ord7
ord14
ord208
ord216
ord241
ord177
ord227
ord269
ord10
ord81
ord84
ord276
ord192
ord190
ord154
ord56
ord204
ord228
ord237
ord195
ord273
ord67
ord272
ord270
ord267
ord232
ord255
ord108
ord8
ord249
ord180
ord281
ord252
ord181
ord94
ord72
ord213
ord225
ord137
ord231
ord215
ord43
ord82
ord264
ord109
ord45
ord101
ord262
ord238
ord69
ord271
ord251
ord11
ord131
ord245
ord223
ord89
ord60
ord55
ord239
ord244
ord66
ord9
ord173
ord155
ord16
ord102
ord110
ord242
ord42
ord214
ord130
ord261
ord65
ord212
ord107
ord93
ord266
ord95

msimg32

AlphaBlend
TransparentBlt
GradientFill

comctl32

ord336
ImageList_LoadImageA
ImageList_SetOverlayImage
ord332
InitializeFlatSB
ord17
ord2
ImageList_Read
FlatSB_SetScrollInfo
ImageList_EndDrag
ord16
ImageList_AddMasked
ImageList_GetBkColor
ImageList_Create
ord324
ImageList_Draw
ImageList_DragMove
ord15
ImageList_BeginDrag
ord236
FlatSB_EnableScrollBar
ImageList_DragShowNolock
ImageList_ReplaceIcon
_TrackMouseEvent
CreatePropertySheetPageW
ord334
DrawStatusTextW
ord329
InitCommonControlsEx
FlatSB_GetScrollPos
FlatSB_GetScrollProp
PropertySheetA
ord413
ord4
ImageList_GetIconSize
ImageList_Merge
ord320
FlatSB_GetScrollInfo
ord337
ord323
ord13
ImageList_Duplicate
DestroyPropertySheetPage
ord6
ImageList_SetBkColor
ImageList_GetImageInfo
ord335
CreatePropertySheetPageA
ord328
FlatSB_SetScrollPos
ord8
PropertySheetW
ImageList_SetIconSize
GetMUILanguage
FlatSB_SetScrollProp

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 191KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

678306c76074de693194218989a705f5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comsvcs

crypt32

iphlpapi

msi

msimg32

comctl32

Sections

.text Size: 57KB - Virtual size: 56KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 191KB - Virtual size: 198KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 57KB - Virtual size: 56KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 191KB - Virtual size: 198KB

.reloc
Size: 5KB - Virtual size: 5KB