2b3a3c67001f77990607a8257f2e7def_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b3a3c67001f77990607a8257f2e7def_JaffaCakes118
Size

402KB
MD5

2b3a3c67001f77990607a8257f2e7def
SHA1

06dd56607ea7c675e0fbfb695134f136aca0cd1a
SHA256

cbab9a5d7637d79e1d145892a4a5cd57995d9343d5b69db4f6db1bb387a975a3
SHA512

597ceabcb032f19896e7dec6f262668eb8f38c394c8bd2dec6070b5293ae53e81992392ce1ff9ba94610fb296e9ea7250951f424aba2bb157910cb6eb7b4e7b9
SSDEEP

6144:wN3OhniU9sm9Ve85y8eBivV/FVRWw+wCatToB8KG7FESPhd1Noq7qRRuD9tNpHM2:wUiosmTqiV/F/XChWKGptZxxS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b3a3c67001f77990607a8257f2e7def_JaffaCakes118

Files

2b3a3c67001f77990607a8257f2e7def_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5fd6878c451189de59a02630422429e3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

atmlib

ATMInstallSubstFontW
ATMRemoveFontW
ATMRemoveSubstFontA
ATMXYShowTextW
ATMFontStatusA
ATMGetFontPaths
ATMGetFontInfoA
ATMGetMenuNameA
ATMGetMenuNameW
ATMGetFontBBox
ATMSelectObject
ATMXYShowText
ATMFontStatusW
ATMInstallSubstFontA
ATMEnumFontsA
ATMFontSelected
ATMGetVersionExW
ATMMakePFMA
ATMForceFontChange
ATMMakePFMW
ATMAddFont
ATMMakePFM
ATMGetVersion
ATMGetNtmFieldsW
ATMProperlyLoaded
ATMGetBuildStrA
ATMFontAvailable
ATMBBoxBaseXYShowTextW
ATMAddFontW
ATMSelectEncoding
ATMGetOutlineW
ATMFinish

kernel32

HeapValidate
CreateTimerQueueTimer
WriteConsoleInputVDMA
WritePrivateProfileSectionW
FindFirstFileA
WriteConsoleInputA
UnmapViewOfFile
OpenJobObjectW
DnsHostnameToComputerNameW
GetCurrentConsoleFont
LocalAlloc
GetTickCount
FindResourceExA
PeekNamedPipe
GetLocaleInfoW
LoadLibraryA
GetConsoleCommandHistoryLengthW
GetStartupInfoW
GetCommMask
FreeEnvironmentStringsW
IsDBCSLeadByte
GetPrivateProfileStructA
WriteConsoleOutputA
SearchPathW
FreeLibrary
EnumSystemCodePagesA
QueryPerformanceCounter
GetThreadPriorityBoost
VirtualAlloc
GetTimeFormatA
TlsGetValue
DeleteFileA
CloseHandle
UnregisterWait
FillConsoleOutputCharacterA
GetProfileStringW
FindFirstVolumeW
GetSystemPowerStatus
WritePrivateProfileStructA
SetProcessAffinityMask
CreateToolhelp32Snapshot

msvcirt

?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
??1istream_withassign@@UAE@XZ
?fill@ios@@QAEDD@Z
?overflow@stdiobuf@@UAEHH@Z
??0fstream@@QAE@HPADH@Z
?get@istream@@QAEAAV1@AAC@Z
??1istream@@UAE@XZ
?is_open@filebuf@@QBEHXZ
?eatwhite@istream@@QAEXXZ
??5istream@@QAEAAV0@AAD@Z
??_Gostream_withassign@@UAEPAXI@Z
??_Gios@@UAEPAXI@Z
?cin@@3Vistream_withassign@@A
?lockc@ios@@KAXXZ
??0strstream@@QAE@PADHH@Z
??0Iostream_init@@QAE@XZ
?binary@filebuf@@2HB
?doallocate@strstreambuf@@MAEHXZ
??0ifstream@@QAE@H@Z
??1stdiobuf@@UAE@XZ
?open@filebuf@@QAEPAV1@PBDHH@Z
?out_waiting@streambuf@@QBEHXZ
??_Gstdiostream@@UAEPAXI@Z
??6ostream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
?write@ostream@@QAEAAV1@PBCH@Z
??0ofstream@@QAE@XZ
?unsetf@ios@@QAEJJ@Z
??0ifstream@@QAE@XZ

user32

CallWindowProcA
LoadLocalFonts
DdeEnableCallback
IsDialogMessageA
GetOpenClipboardWindow
GetDC
DdeSetQualityOfService
CopyRect
IsClipboardFormatAvailable
FindWindowExW
CreateIconIndirect
GetClipboardFormatNameW
DefMDIChildProcW
QuerySendMessage
IMPSetIMEA
GetKeyboardLayoutNameW
OpenClipboard
PrivateExtractIconExA
LoadBitmapW
ChildWindowFromPoint
GetRawInputDeviceInfoA
GetSystemMetrics
SetWindowContextHelpId
DefFrameProcA
GetClassLongA
AllowSetForegroundWindow
CloseWindow
SetShellWindow

advapi32

CancelOverlappedAccess
LsaEnumerateAccountRights
GetEventLogInformation
RegisterEventSourceW
GetExplicitEntriesFromAclA
FlushTraceW
LsaOpenSecret
OpenBackupEventLogA
SetNamedSecurityInfoExA
SaferiIsExecutableFileType
ChangeServiceConfigA
ElfBackupEventLogFileW
RegQueryValueA
CredWriteDomainCredentialsW
RegSaveKeyW
RegDeleteValueW
GetMultipleTrusteeA
LsaEnumeratePrivileges
LsaLookupPrivilegeName
SetNamedSecurityInfoA
BuildTrusteeWithObjectsAndSidW
AccessCheckAndAuditAlarmW
RegSaveKeyExW
RegLoadKeyW
WmiQueryAllDataMultipleA
CryptSetKeyParam
LsaSetSystemAccessAccount
RemoveUsersFromEncryptedFile
SystemFunction005
QueryTraceW
QueryServiceConfig2W
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitiateSystemShutdownW
AllocateAndInitializeSid
EnumServicesStatusW
WmiSetSingleItemA
SaferSetPolicyInformation
RegQueryValueExA
GetAuditedPermissionsFromAclW
WmiQueryGuidInformation
CryptGetProvParam
SystemFunction034

wininet

DeleteUrlCacheGroup
InternetOpenA
SetUrlCacheHeaderData
InternetShowSecurityInfoByURLW
FindNextUrlCacheContainerA
InternetOpenUrlA
CreateUrlCacheGroup
CreateUrlCacheEntryA
InternetCreateUrlW
GetUrlCacheHeaderData
InternetGetLastResponseInfoA
InternetQueryOptionA
FtpPutFileW
FindFirstUrlCacheEntryExW
ParseX509EncodedCertificateForListBoxEntry
HttpQueryInfoW
InternetQueryOptionW
InternetSetStatusCallbackW
InternetGoOnlineW
InternetTimeToSystemTimeA
RunOnceUrlCache
InternetCombineUrlW
InternetGetCookieW
InternetInitializeAutoProxyDll
InternetSetCookieExW
FtpCreateDirectoryW
SetUrlCacheGroupAttributeA
GopherCreateLocatorA
InternetHangUp
GopherFindFirstFileW
GetUrlCacheEntryInfoExA
FindCloseUrlCache

Sections

.text
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 536KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5fd6878c451189de59a02630422429e3

Headers

File Characteristics

Imports

atmlib

kernel32

msvcirt

user32

advapi32

wininet

Sections

.text Size: 269KB - Virtual size: 268KB

.rdata Size: 50KB - Virtual size: 50KB

.data Size: 62KB - Virtual size: 536KB

.rsrc Size: 19KB - Virtual size: 18KB

.text
Size: 269KB - Virtual size: 268KB

.rdata
Size: 50KB - Virtual size: 50KB

.data
Size: 62KB - Virtual size: 536KB

.rsrc
Size: 19KB - Virtual size: 18KB