2c20e30aac7ef79e7c72dfa289df3621_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2c20e30aac7ef79e7c72dfa289df3621_JaffaCakes118
Size

3.2MB
MD5

2c20e30aac7ef79e7c72dfa289df3621
SHA1

72fa1a4dd695d81ed55421895eb2a57dae90e88c
SHA256

d3d115ab5e262403be8b7e9fbb4e09e2fd7376fef9d9a404f20d11a1ed7b659e
SHA512

3a0966a304c784d1053b565d2327ff86b2b6f8218e763b216d46a047c0eed12c2238dc6e73e0a4f21fd1d889920b53e9b9e01ee2d03bb0633fa376cd4978defc
SSDEEP

98304:b+fP8DPj9tlpz57nDNFwlKYQxX2KPeQZar:brj9nnDNFwlKYQh8Br

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c20e30aac7ef79e7c72dfa289df3621_JaffaCakes118

Files

2c20e30aac7ef79e7c72dfa289df3621_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e5a46b6d854ac7e2079d34c30e85b51d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptGetHashParam
CryptDeriveKey
CryptDecrypt
CryptImportKey
CryptCreateHash
CryptHashData
CryptVerifySignatureA
CryptDestroyHash
CryptDestroyKey
CryptAcquireContextA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyA
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyA
RegCloseKey

dsound

ord2
ord11

gdi32

SetMapMode
ExtTextOutA
GetTextExtentPoint32A
SetDIBitsToDevice
GetObjectA
CreateFontA
GetStockObject
GetDeviceCaps
CreateICA
DeleteObject
CreateFontIndirectA
DeleteDC
SelectObject
SetTextColor
SetBkColor
SetBkMode
CreateCompatibleDC
CreateDIBSection
SetTextAlign

imm32

ImmSetCompositionWindow
ImmGetStatusWindowPos
ImmSetStatusWindowPos
ImmSetConversionStatus
ImmSetOpenStatus
ImmGetDefaultIMEWnd
ImmGetContext
ImmNotifyIME
ImmReleaseContext
ImmSetCompositionStringA
ImmGetCandidateListA
ImmGetCandidateWindow
ImmSetCandidateWindow
ImmGetCompositionStringA
ImmGetCompositionWindow

kernel32

LocalFree
GetCurrentThread
GetCurrentProcess
SetFilePointer
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
GetCommandLineA
lstrlenW
CreateDirectoryA
GetUserDefaultLangID
FindNextFileA
FreeConsole
SetConsoleTitleA
AllocConsole
LeaveCriticalSection
GetCurrentThreadId
GetCurrentProcessId
EnterCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
LoadLibraryExA
MapViewOfFile
CreateFileMappingA
CreateFileW
UnmapViewOfFile
HeapFree
GetProcessHeap
LockResource
LoadResource
SizeofResource
FindResourceA
IsProcessorFeaturePresent
WriteFile
IsBadStringPtrA
GetLocaleInfoW
SetEnvironmentVariableA
IsBadCodePtr
CompareStringW
VirtualQuery
DebugBreak
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetModuleFileNameA
IsBadWritePtr
HeapCreate
HeapDestroy
GetOEMCP
HeapSize
GetFileType
SetHandleCount
GetTimeZoneInformation
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCPInfo
LCMapStringW
LCMapStringA
GetDateFormatA
GetTimeFormatA
FileTimeToSystemTime
MoveFileA
ExitThread
GetFileAttributesA
TerminateProcess
GetStartupInfoA
GetModuleHandleA
FormatMessageA
SetUnhandledExceptionFilter
CreateFileA
GetFileSize
ReadFile
CloseHandle
OutputDebugStringA
GlobalFree
GetCurrentDirectoryA
GetFullPathNameA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalUnlock
FreeLibrary
LoadLibraryA
GetProcAddress
GetTickCount
GetLocalTime
GetSystemTimeAsFileTime
HeapReAlloc
GetVolumeInformationA
SetEvent
SetEndOfFile
ResumeThread
RtlUnwind
InterlockedIncrement
InterlockedDecrement
GetPrivateProfileIntA
GetPrivateProfileStringA
MulDiv
ReleaseSemaphore
CreateSemaphoreA
lstrcpyA
FlushFileBuffers
PeekNamedPipe
GetStdHandle
CreatePipe
SetStdHandle
DuplicateHandle
HeapAlloc
DeleteFileA
GetDriveTypeA
GetDiskFreeSpaceExA
GlobalMemoryStatus
lstrcmpiA
VirtualProtect
VirtualFree
VirtualAlloc
GetSystemDirectoryA
IsBadReadPtr
ExitProcess
ReleaseMutex
CreateMutexA
TerminateThread
Sleep
GetSystemInfo
CompareStringA
CreateThread
OpenMutexA
lstrcatA
OpenEventA
WaitForSingleObject
CreateEventA
CreateProcessA
WaitForMultipleObjects
GetExitCodeProcess
ResetEvent
InterlockedCompareExchange

oleaut32

SysAllocStringLen
SysFreeString
VariantInit

shell32

ShellExecuteA

shlwapi

PathFindExtensionA
PathFileExistsA

user32

GetMessageA
PeekMessageA
FindWindowA
TranslateMessage
SetCursorPos
DrawTextA
DrawTextW
DispatchMessageA
LoadCursorA
RegisterClassA
SetTimer
wsprintfA
PostMessageA
GetKeyState
GetCursorPos
GetWindowRect
GetClientRect
SetRect
CharNextA
CharPrevA
SendMessageA
ReleaseDC
GetDC
GetKeyboardLayout
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
IsClipboardFormatAvailable
GetAsyncKeyState
GetFocus
GetSysColor
IntersectRect
MessageBoxA
SetWindowTextA
SetFocus
CallWindowProcA
SetWindowLongA
CreateWindowExA
DestroyWindow
ShowCursor
ChangeDisplaySettingsA
EnumDisplaySettingsA
PostQuitMessage
DefWindowProcA
SetCursor

winmm

timeGetTime
waveOutGetDevCapsA
waveOutGetNumDevs
mmioAscend
mmioRead
mmioDescend
mmioOpenA
mmioGetInfo
mmioCreateChunk
mmioSeek
mmioSetInfo
mmioAdvance
mmioWrite
mmioClose

ws2_32

WSACreateEvent
ntohs
WSASendTo
WSARecvFrom
setsockopt
bind
WSARecv
WSASocketA
WSAEventSelect
connect
WSACloseEvent
closesocket
shutdown
gethostbyname
gethostname
getsockname
send
WSASend
WSAGetLastError
WSAEnumNetworkEvents
WSACleanup
WSAStartup
htons
inet_addr
htonl
inet_ntoa

d3d8

Direct3DCreate8

dbghelp

SymGetModuleInfo
SymSetOptions
SymInitialize
SymGetSymFromAddr
SymFromAddr
SymGetLineFromAddr
StackWalk
SymFunctionTableAccess
SymCleanup
SymSetContext
SymEnumSymbols
SymGetModuleBase
SymGetTypeInfo

ijl15

ord2
ord5
ord3

ole32

CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 271KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 119KB - Virtual size: 13.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pseudo
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.LibHook
Size: 573B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e5a46b6d854ac7e2079d34c30e85b51d

Headers

File Characteristics

Imports

advapi32

dsound

gdi32

imm32

kernel32

oleaut32

shell32

shlwapi

user32

winmm

ws2_32

d3d8

dbghelp

ijl15

ole32

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.data Size: 271KB - Virtual size: 272KB

Size: 119KB - Virtual size: 13.8MB

Size: 2KB - Virtual size: 4KB

.rsrc Size: 19KB - Virtual size: 20KB

.idata Size: 7KB - Virtual size: 8KB

.pseudo Size: 5KB - Virtual size: 8KB

.LibHook Size: 573B - Virtual size: 4KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.data
Size: 271KB - Virtual size: 272KB

.rsrc
Size: 19KB - Virtual size: 20KB

.idata
Size: 7KB - Virtual size: 8KB

.pseudo
Size: 5KB - Virtual size: 8KB

.LibHook
Size: 573B - Virtual size: 4KB