2728712277e9afa2a8e80dd40b2da445_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2728712277e9afa2a8e80dd40b2da445_JaffaCakes118
Size

3.8MB
MD5

2728712277e9afa2a8e80dd40b2da445
SHA1

1357a8e929dbe35fdd07bef8d58764f24536f37a
SHA256

e779247900f26dbe3db158d0d9fd77590b4b65e5e9c5706b2aba6efe1cc328af
SHA512

1044d20e9cec4e00c84cafc828bd34aec0b685362eaf6f833e5ebd4d15bd299106e3950e9ad977b6041527d1abcc88e358ee1a3e0ca25211abd922a6a077735d
SSDEEP

49152:iMbvNNlh1Apbs0pAZjcxTL7d7e2QFeYqxX8gfSHMf:iMbVNX1Aa1ZgJd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2728712277e9afa2a8e80dd40b2da445_JaffaCakes118

Files

2728712277e9afa2a8e80dd40b2da445_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e73a8c65435c40f50e37a7c5aad2c032

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx
ord17

ws2_32

recvfrom
WSAStartup
WSACleanup
getsockname
ntohl
getpeername
recv
ioctlsocket
select
send
shutdown
setsockopt
closesocket
getsockopt
socket
ntohs
WSACloseEvent
htonl
WSACreateEvent
WSAEventSelect
WSAIoctl
accept
__WSAFDIsSet
listen
bind
gethostname
inet_ntoa
sendto
gethostbyname
inet_addr
WSAGetLastError
connect
htons
WSASetLastError

winmm

timeKillEvent
timeSetEvent
timeGetDevCaps
PlaySoundA

kernel32

CreateEventW
FindNextFileW
GetCurrentProcess
GetCommandLineW
GetCurrentProcessId
ExpandEnvironmentStringsW
GetStartupInfoA
GetModuleFileNameA
CreateProcessA
SetCurrentDirectoryA
OpenFile
CreateMutexA
CreateEventA
OpenProcess
GetLocalTime
LocalFree
SetEndOfFile
WritePrivateProfileSectionA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetLogicalDriveStringsA
GetFileAttributesA
SetFileAttributesA
TerminateProcess
CopyFileW
GetEnvironmentVariableW
GetSystemTime
GetDateFormatA
GetTimeFormatA
FindResourceW
LoadResource
SizeofResource
LockResource
ResetEvent
GetFileAttributesW
GetSystemInfo
GetCurrentThread
DeviceIoControl
GetPriorityClass
GetProcessTimes
CompareFileTime
ReadProcessMemory
LocalAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
GetFileTime
SetFileAttributesW
GetLogicalDrives
DeleteFileW
RemoveDirectoryW
CreateFileW
GetCurrentDirectoryA
VirtualQuery
FileTimeToLocalFileTime
FileTimeToSystemTime
SetThreadPriority
WaitForMultipleObjects
OutputDebugStringW
OutputDebugStringA
ReleaseMutex
GetComputerNameA
VirtualAllocEx
VirtualFreeEx
WriteProcessMemory
GetOverlappedResult
FlushFileBuffers
lstrcpyW
SetEvent
CreateDirectoryA
GetThreadContext
SuspendThread
GetEnvironmentVariableA
GetSystemDirectoryA
GetVersionExA
GetTempPathA
GetTempFileNameA
MapViewOfFile
UnmapViewOfFile
GetUserDefaultLangID
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetTimeZoneInformation
DuplicateHandle
CreateRemoteThread
LoadLibraryW
GetVersionExW
lstrlenW
ResumeThread
InterlockedExchange
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
RaiseException
LoadLibraryExW
GetFileInformationByHandle
GlobalLock
GlobalAlloc
GlobalUnlock
FreeConsole
SetConsoleCtrlHandler
CreateMutexW
OpenFileMappingW
OpenFileMappingA
CreateFileMappingW
CreateFileMappingA
GlobalSize
GetStdHandle
GetCommTimeouts
SetCommTimeouts
GetCommState
SetCommState
PurgeComm
GlobalMemoryStatus
GetFileType
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
GetStartupInfoW
ExitProcess
CreateThread
ExitThread
MultiByteToWideChar
HeapSize
WideCharToMultiByte
IsDebuggerPresent
UnhandledExceptionFilter
HeapReAlloc
FreeLibrary
MulDiv
LoadLibraryA
GetCurrentThreadId
GlobalFree
TerminateThread
InterlockedDecrement
InterlockedIncrement
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
GetTickCount
GetExitCodeProcess
DeleteCriticalSection
InitializeCriticalSection
SetFileTime
SetLastError
GetLastError
SetErrorMode
Sleep
WriteFile
GetWindowsDirectoryA
GetFullPathNameA
GetProcessHeap
HeapFree
HeapAlloc
lstrcpynA
lstrlenA
SetFilePointer
lstrcmpA
GetFileSize
CreateFileA
DeleteFileA
GetVersion
CloseHandle
GetModuleHandleA
FindNextFileA
FindClose
RemoveDirectoryA
GetProcAddress
FindFirstFileA
GetShortPathNameA
lstrcatA
ReadFile
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
SetHandleCount
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetConsoleCP
GetConsoleMode
SetStdHandle
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushConsoleInputBuffer
GetDriveTypeA
ReadConsoleInputA
SetConsoleMode
SetUnhandledExceptionFilter

user32

GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
keybd_event
mouse_event
GetKeyboardLayout
CloseWindowStation
SetProcessWindowStation
OpenWindowStationW
SetThreadDesktop
OpenInputDesktop
GetThreadDesktop
ChangeClipboardChain
MessageBeep
SystemParametersInfoW
SetClipboardViewer
CloseDesktop
EnumDesktopWindows
GetMenu
UnionRect
GetWindowRgn
GetClientRect
PostQuitMessage
DestroyIcon
LoadIconW
DrawTextW
CallWindowProcW
SetWindowRgn
DrawIconEx
LoadImageA
ReleaseDC
GetDC
FillRect
SetRect
CharNextExA
ExitWindowsEx
SystemParametersInfoA
wsprintfW
RegisterWindowMessageW
SetCursorPos
GetKeyboardState
GetPriorityClipboardFormat
GetSysColor
GetCursor
MoveWindow
EnumChildWindows
SetWindowPlacement
EndPaint
ShowWindow
GetWindowPlacement
GetParent
GetWindowThreadProcessId
BeginPaint
GetForegroundWindow
CreatePopupMenu
IsWindowVisible
SetScrollPos
DestroyWindow
OffsetRect
GetScrollInfo
RedrawWindow
LoadCursorW
SetCursor
InvalidateRect
MapWindowPoints
TrackPopupMenu
SetWindowLongW
GetCursorPos
TrackMouseEvent
GetFocus
GetWindowLongW
GetKeyState
LoadCursorA
DestroyMenu
LoadIconA
SetActiveWindow
PostMessageW
LoadBitmapW
GetIconInfo
SetFocus
EndDialog
EnableWindow
SetTimer
KillTimer
GetWindowRect
GetSystemMetrics
SetWindowPos
GetDlgItem
UnhookWindowsHookEx
CallNextHookEx
UpdateWindow
SetWindowTextW
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
OpenClipboard
IntersectRect
GetDesktopWindow
FindWindowW
RegisterWindowMessageA
SetKeyboardState
AttachThreadInput
SetForegroundWindow
IsWindowEnabled

gdi32

CreateDCA
GetDIBits
SetDIBColorTable
CreateDIBSection
GetRegionData
OffsetRgn
GetBitmapBits
GetSystemPaletteEntries
SetRectRgn
CreateDCW
CreateRoundRectRgn
CombineRgn
CreateRectRgn
LineTo
MoveToEx
CreatePen
GetObjectA
CreateCompatibleBitmap
DeleteObject
StretchBlt
BitBlt
CreateSolidBrush
RoundRect
SetDIBitsToDevice
SetTextColor
SetBkMode
ExtTextOutW
SetBkColor
SetPixel
GetPixel
DeleteDC
GetDeviceCaps
CreateCompatibleDC
GetStockObject
SelectObject
ExcludeClipRect
ExtEscape
SelectClipRgn

advapi32

RegQueryValueExA
RegCloseKey
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAce
InitializeAcl
AllocateAndInitializeSid
SetNamedSecurityInfoA
SetNamedSecurityInfoW
GetLengthSid
IsValidSid
CloseEventLog
RegOpenKeyExW
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
EqualSid
RegQueryValueExW
LookupAccountSidW
RevertToSelf
ImpersonateLoggedOnUser
LookupAccountNameW
RegOpenKeyExA

shell32

SHChangeNotify

ole32

GetRunningObjectTable
CoRegisterClassObject
CoCreateInstance
CoRevokeClassObject
CreateFileMoniker
CreateBindCtx
CoTaskMemFree
CoUninitialize
CoInitialize
CoInitializeEx
CoInitializeSecurity

oleaut32

RegisterTypeLi
LoadTypeLi
SafeArrayDestroy
SafeArrayCreateVector
SafeArrayGetDim
SafeArrayRedim
SafeArrayUnaccessData
SafeArrayAccessData
UnRegisterTypeLi

version

GetFileVersionInfoA
VerQueryValueA

wininet

DetectAutoProxyUrl
InternetQueryOptionA

urlmon

URLDownloadToFileA

Sections

.text
Size: 1001KB - Virtual size: 1001KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 370KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e73a8c65435c40f50e37a7c5aad2c032

Headers

File Characteristics

Imports

comctl32

ws2_32

winmm

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

version

wininet

urlmon

Sections

.text Size: 1001KB - Virtual size: 1001KB

.rdata Size: 238KB - Virtual size: 238KB

.data Size: 2.2MB - Virtual size: 2.2MB

.tls Size: 1KB - Virtual size: 1KB

.rsrc Size: 370KB - Virtual size: 370KB

.text
Size: 1001KB - Virtual size: 1001KB

.rdata
Size: 238KB - Virtual size: 238KB

.data
Size: 2.2MB - Virtual size: 2.2MB

.tls
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 370KB - Virtual size: 370KB