2e729d0894b44f96f068a541cddd0fa2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2e729d0894b44f96f068a541cddd0fa2_JaffaCakes118
Size

641KB
MD5

2e729d0894b44f96f068a541cddd0fa2
SHA1

ff73cdd1679474162f6e2e554ab0409d87f4f5ef
SHA256

bd3367e320d24b429a5c38ca6301656ef3958dbd3abfadfb1f8e0baf155fafdc
SHA512

bdffc301f3ab6318f7b1ca5e717c50eebf061cec8cc6cb94fc8ccc1e650ab928da37ba5ced8ea3187f1d750e89c9b01497b853d2e7f81ebafee3901dff689a7b
SSDEEP

12288:UZINmuLc3LntwuB6SvC75iQh8IppMJ6wsqgMVWIsf16Tk:Br0LntwuE75iQhW6wsfM0IG15

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e729d0894b44f96f068a541cddd0fa2_JaffaCakes118

Files

2e729d0894b44f96f068a541cddd0fa2_JaffaCakes118
.dll windows:5 windows x86 arch:x86

b9075a73c1c0af544022cb1b875f75b0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wininet.pdb

Imports

advapi32

RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegCreateKeyA
RegOpenKeyA
RegEnumKeyA
CryptGetProvParam
CryptSetProvParam
CryptAcquireContextA
CryptReleaseContext
RegDeleteValueA
OpenThreadToken
OpenProcessToken
GetTokenInformation
RegOpenKeyExW
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA
OpenSCManagerA
EnumServicesStatusA
CloseServiceHandle
RegCreateKeyExW

crypt32

CertGetNameStringW
CryptDecodeObject
CertFindRDNAttr
CertRDNValueToStrA
CertControlStore
CertNameToStrA
CertCreateCertificateContext
CertGetCertificateContextProperty
CertFindCertificateInStore
CertSetCertificateContextProperty
CertOpenSystemStoreA
CertCloseStore
CertFindExtension
CertGetIntendedKeyUsage
CertDuplicateCertificateContext
CertFreeCertificateContext
CryptUnprotectData

kernel32

ExitThread
ExpandEnvironmentStringsA
SuspendThread
TerminateThread
GetACP
RtlMoveMemory
ResetEvent
CreateThread
Sleep
SetErrorMode
FormatMessageA
lstrcatA
SystemTimeToFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
TlsGetValue
TlsAlloc
GetCurrentThreadId
TlsFree
TlsSetValue
WaitForMultipleObjects
GetTimeFormatA
lstrcpyA
InterlockedCompareExchange
GetCurrentThread
GetCurrentProcess
IsDBCSLeadByte
IsBadReadPtr
GlobalAlloc
GlobalFree
IsBadStringPtrW
DeleteFileA
IsBadCodePtr
IsBadWritePtr
SleepEx
GetModuleFileNameA
GetSystemTime
WritePrivateProfileStringA
WriteFile
SetFilePointer
ReadFile
FileTimeToSystemTime
LocalReAlloc
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LocalAlloc
GetFileTime
ReleaseSemaphore
CreateSemaphoreA
LocalFileTimeToFileTime
MoveFileA
MoveFileExA
GetVersion
CompareStringA
GetFileAttributesA
GetEnvironmentVariableA
GetWindowsDirectoryA
RemoveDirectoryA
GetShortPathNameA
FileTimeToDosDateTime
SetFileAttributesA
GetPrivateProfileStringA
SetFileTime
CreateDirectoryA
CopyFileA
DeviceIoControl
GetDiskFreeSpaceA
FindClose
FindNextFileA
FindFirstFileA
DosDateTimeToFileTime
FlushViewOfFile
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingA
OpenFileMappingA
SetEndOfFile
LoadLibraryExA
GetUserDefaultLCID
HeapFree
HeapAlloc
GetProcessHeap
GetComputerNameA
LoadLibraryW
GlobalUnlock
GlobalLock
GlobalSize
lstrcpynW
InitializeCriticalSectionAndSpinCount
GetDateFormatA
WaitForSingleObject
GetProcAddress
LoadLibraryA
lstrcmpiA
GetLastError
FreeLibrary
lstrcpynA
lstrlenA
WideCharToMultiByte
InterlockedExchange
CloseHandle
OpenEventA
LeaveCriticalSection
EnterCriticalSection
SetLastError
LocalFree
GetVersionExA
GetFileSize
CreateFileA
GetSystemDirectoryA
lstrlenW
MultiByteToWideChar
GetModuleHandleA
OpenMutexA
CreateMutexA
ReleaseMutex
RaiseException
lstrcmpA
SetEvent
CreateEventA
IsBadStringPtrA

msvcrt

isdigit
strpbrk
isspace
isalnum
time
strtoul
_vsnprintf
_ftol
ispunct
iscntrl
isalpha
_purecall
_CxxThrowException
wcsncpy
wcscat
wcsstr
srand
rand
wcslen
_wtoi
wcscpy
_wcsnicmp
wcstok
_wcsicmp
wcscmp
malloc
free
realloc
_initterm
_adjust_fdiv
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
sprintf
memchr
isxdigit
_except_handler3

oleaut32

SysStringByteLen
SysAllocStringLen
VariantClear
VariantInit
SysFreeString

shlwapi

PathRemoveFileSpecW
PathRemoveBackslashA
PathRemoveFileSpecA
StrNCatA
ord419
PathRenameExtensionA
ord215
SHDeleteKeyA
StrCmpNIW
ord342
wvnsprintfA
ord52
ord57
ord308
ord260
StrCmpNIA
StrStrA
ord151
StrChrW
StrChrA
ord154
ord217
UrlCombineW
UrlCanonicalizeW
ord340
UrlCombineA
UrlCanonicalizeA
ord153
PathCreateFromUrlA
UrlUnescapeA
StrNCatW
StrToIntW
StrCpyW
ord68
ord95
ord136
StrStrIA
StrCmpW
SHRegGetUSValueA
StrCmpNA
StrToIntA
StrCatBuffA
StrRChrA
StrCmpIW
ord59
ord107
SHSetValueW
ord563
ord437
ord309
StrStrIW
SHGetValueW
SHSetValueA
SHGetValueA
wnsprintfA
wnsprintfW
StrCpyNW
PathFindFileNameW
ord158
ord125
SHRegGetValueW
ord80
ord97
ord83
ord138
StrCatBuffW
ord310
ord311
ord143
ord128

user32

IsWindow
IntersectRect
EqualRect
wsprintfW
LoadIconA
LoadImageA
DestroyIcon
SetForegroundWindow
EnumChildWindows
SetWindowTextA
GetParent
GetWindowRect
ScreenToClient
SendMessageA
PostMessageA
FindWindowA
LoadStringA
ShowWindow
GetDesktopWindow
wsprintfA
CharLowerA
DestroyWindow
IsDlgButtonChecked
EnableWindow
SetFocus
GetDlgItem
EndDialog
CheckDlgButton
CreateWindowExA
RegisterWindowMessageA
KillTimer
SetTimer
DefWindowProcA
SetWindowLongA
GetWindowLongA
RegisterClassA
CharNextA
CharToOemA
CharUpperA
CharLowerW
IsCharAlphaNumericA
SetWindowPos
CharNextExA
WinHelpA
SendDlgItemMessageA

Exports

Exports

CommitUrlCacheEntryA
CommitUrlCacheEntryW
CreateMD5SSOHash
CreateUrlCacheContainerA
CreateUrlCacheContainerW
CreateUrlCacheEntryA
CreateUrlCacheEntryW
CreateUrlCacheGroup
DeleteIE3Cache
DeleteUrlCacheContainerA
DeleteUrlCacheContainerW
DeleteUrlCacheEntry
DeleteUrlCacheEntryA
DeleteUrlCacheEntryW
DeleteUrlCacheGroup
DetectAutoProxyUrl
DllInstall
FindCloseUrlCache
FindFirstUrlCacheContainerA
FindFirstUrlCacheContainerW
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryExA
FindFirstUrlCacheEntryExW
FindFirstUrlCacheEntryW
FindFirstUrlCacheGroup
FindNextUrlCacheContainerA
FindNextUrlCacheContainerW
FindNextUrlCacheEntryA
FindNextUrlCacheEntryExA
FindNextUrlCacheEntryExW
FindNextUrlCacheEntryW
FindNextUrlCacheGroup
ForceNexusLookup
ForceNexusLookupExW
FreeUrlCacheSpaceA
FreeUrlCacheSpaceW
FtpCommandA
FtpCommandW
FtpCreateDirectoryA
FtpCreateDirectoryW
FtpDeleteFileA
FtpDeleteFileW
FtpFindFirstFileA
FtpFindFirstFileW
FtpGetCurrentDirectoryA
FtpGetCurrentDirectoryW
FtpGetFileA
FtpGetFileEx
FtpGetFileSize
FtpGetFileW
FtpOpenFileA
FtpOpenFileW
FtpPutFileA
FtpPutFileEx
FtpPutFileW
FtpRemoveDirectoryA
FtpRemoveDirectoryW
FtpRenameFileA
FtpRenameFileW
FtpSetCurrentDirectoryA
FtpSetCurrentDirectoryW
GetUrlCacheConfigInfoA
GetUrlCacheConfigInfoW
GetUrlCacheEntryInfoA
GetUrlCacheEntryInfoExA
GetUrlCacheEntryInfoExW
GetUrlCacheEntryInfoW
GetUrlCacheGroupAttributeA
GetUrlCacheGroupAttributeW
GetUrlCacheHeaderData
GopherCreateLocatorA
GopherCreateLocatorW
GopherFindFirstFileA
GopherFindFirstFileW
GopherGetAttributeA
GopherGetAttributeW
GopherGetLocatorTypeA
GopherGetLocatorTypeW
GopherOpenFileA
GopherOpenFileW
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpCheckDavCompliance
HttpEndRequestA
HttpEndRequestW
HttpOpenRequestA
HttpOpenRequestW
HttpQueryInfoA
HttpQueryInfoW
HttpSendRequestA
HttpSendRequestExA
HttpSendRequestExW
HttpSendRequestW
IncrementUrlCacheHeaderData
InternetAlgIdToStringA
InternetAlgIdToStringW
InternetAttemptConnect
InternetAutodial
InternetAutodialCallback
InternetAutodialHangup
InternetCanonicalizeUrlA
InternetCanonicalizeUrlW
InternetCheckConnectionA
InternetCheckConnectionW
InternetClearAllPerSiteCookieDecisions
InternetCloseHandle
InternetCombineUrlA
InternetCombineUrlW
InternetConfirmZoneCrossing
InternetConfirmZoneCrossingA
InternetConfirmZoneCrossingW
InternetConnectA
InternetConnectW
InternetCrackUrlA
InternetCrackUrlW
InternetCreateUrlA
InternetCreateUrlW
InternetDial
InternetDialA
InternetDialW
InternetEnumPerSiteCookieDecisionA
InternetEnumPerSiteCookieDecisionW
InternetErrorDlg
InternetFindNextFileA
InternetFindNextFileW
InternetFortezzaCommand
InternetGetCertByURL
InternetGetCertByURLA
InternetGetConnectedState
InternetGetConnectedStateEx
InternetGetConnectedStateExA
InternetGetConnectedStateExW
InternetGetCookieA
InternetGetCookieExA
InternetGetCookieExW
InternetGetCookieW
InternetGetLastResponseInfoA
InternetGetLastResponseInfoW
InternetGetPerSiteCookieDecisionA
InternetGetPerSiteCookieDecisionW
InternetGoOnline
InternetGoOnlineA
InternetGoOnlineW
InternetHangUp
InternetInitializeAutoProxyDll
InternetLockRequestFile
InternetOpenA
InternetOpenUrlA
InternetOpenUrlW
InternetOpenW
InternetQueryDataAvailable
InternetQueryFortezzaStatus
InternetQueryOptionA
InternetQueryOptionW
InternetReadFile
InternetReadFileExA
InternetReadFileExW
InternetSecurityProtocolToStringA
InternetSecurityProtocolToStringW
InternetSetCookieA
InternetSetCookieExA
InternetSetCookieExW
InternetSetCookieW
InternetSetDialState
InternetSetDialStateA
InternetSetDialStateW
InternetSetFilePointer
InternetSetOptionA
InternetSetOptionExA
InternetSetOptionExW
InternetSetOptionW
InternetSetPerSiteCookieDecisionA
InternetSetPerSiteCookieDecisionW
InternetSetStatusCallback
InternetSetStatusCallbackA
InternetSetStatusCallbackW
InternetShowSecurityInfoByURL
InternetShowSecurityInfoByURLA
InternetShowSecurityInfoByURLW
InternetTimeFromSystemTime
InternetTimeFromSystemTimeA
InternetTimeFromSystemTimeW
InternetTimeToSystemTime
InternetTimeToSystemTimeA
InternetTimeToSystemTimeW
InternetUnlockRequestFile
InternetWriteFile
InternetWriteFileExA
InternetWriteFileExW
IsHostInProxyBypassList
IsUrlCacheEntryExpiredA
IsUrlCacheEntryExpiredW
LoadUrlCacheContent
ParseX509EncodedCertificateForListBoxEntry
PrivacyGetZonePreferenceW
PrivacySetZonePreferenceW
ReadUrlCacheEntryStream
RegisterUrlCacheNotification
ResumeSuspendedDownload
RetrieveUrlCacheEntryFileA
RetrieveUrlCacheEntryFileW
RetrieveUrlCacheEntryStreamA
RetrieveUrlCacheEntryStreamW
RunOnceUrlCache
SetUrlCacheConfigInfoA
SetUrlCacheConfigInfoW
SetUrlCacheEntryGroup
SetUrlCacheEntryGroupA
SetUrlCacheEntryGroupW
SetUrlCacheEntryInfoA
SetUrlCacheEntryInfoW
SetUrlCacheGroupAttributeA
SetUrlCacheGroupAttributeW
SetUrlCacheHeaderData
ShowCertificate
ShowClientAuthCerts
ShowSecurityInfo
ShowX509EncodedCertificate
UnlockUrlCacheEntryFile
UnlockUrlCacheEntryFileA
UnlockUrlCacheEntryFileW
UnlockUrlCacheEntryStream
UpdateUrlCacheContentPath
UrlZonesDetach
_GetFileExtensionFromUrl

Sections

.text
Size: 541KB - Virtual size: 541KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9075a73c1c0af544022cb1b875f75b0

Headers

File Characteristics

PDB Paths

Imports

advapi32

crypt32

kernel32

msvcrt

oleaut32

shlwapi

user32

Exports

Exports

Sections

.text Size: 541KB - Virtual size: 541KB

.data Size: 8KB - Virtual size: 23KB

.rsrc Size: 70KB - Virtual size: 70KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 541KB - Virtual size: 541KB

.data
Size: 8KB - Virtual size: 23KB

.rsrc
Size: 70KB - Virtual size: 70KB

.reloc
Size: 20KB - Virtual size: 19KB