33e63d00c7897cba57dddc5ac294a25a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

33e63d00c7897cba57dddc5ac294a25a_JaffaCakes118
Size

6.9MB
MD5

33e63d00c7897cba57dddc5ac294a25a
SHA1

583224f4d420b68259528419fb313234ffe5719b
SHA256

8637fd8b44708a94877ca128ba7841e207118b5f8cf12cb226fb8f75d9d3de67
SHA512

c958fc30a92c29426bc5c539a0497876f82a990e00400e20ee1b4a26d75c8270c94a1153384246c9889012425159b2925a6b5faa1112c067dc1d57cf7ec2fa60
SSDEEP

98304:Bc7YbLbbWleswkwctTyGrpuyjTeNTcXCcIRVE:6YbbW0swbcpyGF1jTO8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33e63d00c7897cba57dddc5ac294a25a_JaffaCakes118

Files

33e63d00c7897cba57dddc5ac294a25a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8ac73523f504a88fc0c50b1c92861d65

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSizeEx
GetTickCount
RtlUnwind
GetSystemTimeAsFileTime
RaiseException
ExitThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteConsoleW
GetFileType
GetStdHandle
GetStartupInfoA
VirtualProtect
VirtualAlloc
GetSystemInfo
HeapReAlloc
ExitProcess
HeapSize
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapCreate
GetFileAttributesA
VirtualFree
LoadLibraryW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CompareStringW
SetEnvironmentVariableA
FileTimeToLocalFileTime
SetErrorMode
WritePrivateProfileStringA
FileTimeToSystemTime
GetModuleHandleW
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
GetFullPathNameA
FindFirstFileA
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
lstrcmpA
GetCurrentProcessId
GetThreadLocale
InterlockedIncrement
GetModuleFileNameW
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
LoadLibraryA
SetLastError
lstrcmpW
GetProcAddress
GetVersionExA
lstrcpynA
lstrlenW
HeapFree
GetProcessHeap
HeapAlloc
GetDriveTypeA
GetVolumeInformationA
GetWindowsDirectoryA
GetFileTime
SetFileTime
InterlockedDecrement
lstrcpyA
GetFileSize
FormatMessageA
GetTempFileNameA
VirtualQuery
ReleaseMutex
GetTempPathA
LocalFree
GetExitCodeProcess
GetSystemDirectoryA
MultiByteToWideChar
CreateThread
TerminateThread
GetCurrentThreadId
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
VirtualFreeEx
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
lstrcatA
CreatePipe
PeekNamedPipe
ReadFile
CreateFileA
WriteFile
CreateProcessA
CopyFileA
CreateDirectoryA
lstrcmpiA
DeleteFileA
OpenMutexA
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
GlobalFree
CreateRemoteThread
CreateToolhelp32Snapshot
Thread32First
OpenThread
ResumeThread
SuspendThread
Thread32Next
OpenProcess
ResetEvent
GetCurrentProcess
TerminateProcess
Sleep
CreateMutexA
GetCommandLineA
WaitForSingleObject
SetEvent
CloseHandle
CreateEventA
GetModuleFileNameA
lstrlenA
GetLastError
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
lstrcmpiW
GetModuleHandleA

user32

GetClassNameA
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
ScreenToClient
EqualRect
PtInRect
CallWindowProcA
GetMenu
SetWindowLongA
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
IsWindow
GetWindowLongA
GetDlgItem
GetNextDlgTabItem
EndDialog
DestroyIcon
RegisterClassA
IsWindowVisible
FindWindowExA
GetClassLongA
GetFocus
FindWindowA
WaitForInputIdle
GetMessageA
TranslateMessage
DispatchMessageA
GetPropA
IsWindowEnabled
EnumChildWindows
RemovePropA
SetPropA
GetDlgCtrlID
CallNextHookEx
SetWindowsHookExA
GetCapture
IsChild
SetWindowPos
SetWindowRgn
MoveWindow
SetForegroundWindow
SetFocus
OffsetRect
SetCursor
InvalidateRect
CopyRect
GetSysColor
SetRect
KillTimer
SetTimer
ShowCursor
LoadImageA
RedrawWindow
IsIconic
DrawIcon
MessageBoxA
wsprintfA
LoadIconA
SendMessageA
wsprintfW
DrawTextA
LoadCursorA
RegisterClassExA
GetSystemMetrics
CreateWindowExA
ShowWindow
UpdateWindow
BeginPaint
GetClientRect
EndPaint
DefWindowProcA
GetDesktopWindow
GetWindowRect
GetDC
FillRect
WinHelpA
SendDlgItemMessageA
RegisterWindowMessageA
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ReleaseDC
DestroyWindow
EnableWindow
IsDialogMessageA
SetWindowTextA
AttachThreadInput
PostMessageA
GetParent
PostThreadMessageA
RegisterClipboardFormatA
MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableA
UnregisterClassA
GetSysColorBrush
DestroyMenu
WindowFromPoint
CharUpperA
SetWindowContextHelpId
MapDialogRect
GetCursorPos
ValidateRect
PostQuitMessage
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
CharNextA
GetWindowThreadProcessId

gdi32

GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
ExtTextOutA
Escape
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateRectRgnIndirect
GetRgnBox
SetTextAlign
RestoreDC
SaveDC
GetTextColor
GetBkColor
GetClipBox
DPtoLP
GetMapMode
SetMapMode
CreateBitmap
ExtCreateRegion
Rectangle
GetObjectA
GetViewportOrgEx
SetViewportOrgEx
GetDeviceCaps
CreateFontA
CreateFontIndirectA
SetTextColor
SetBkMode
GetPixel
SetBkColor
TextOutA
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateSolidBrush
BitBlt
DeleteObject
DeleteDC

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

CryptReleaseContext
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegQueryValueExW
RegCreateKeyW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyA
RegSetValueA
RegQueryValueExA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
RegDeleteValueA
OpenSCManagerA
OpenServiceA
ControlService
ChangeServiceConfigA
CloseServiceHandle
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
SetNamedSecurityInfoA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
InitiateSystemShutdownA
RegOpenKeyExA
RegSetValueExA
GetUserNameA

shell32

ShellExecuteA
ShellExecuteExA
SHGetSpecialFolderPathA
Shell_NotifyIconA
SHFileOperationA

comctl32

_TrackMouseEvent
ord17

shlwapi

PathFindFileNameA
SHDeleteValueA
SHDeleteKeyA
SHRegGetUSValueA
SHRegSetUSValueA
PathIsDirectoryA
PathFindExtensionA
PathStripToRootA
PathIsUNCA

oledlg

ord8

ole32

CLSIDFromProgID
CoTaskMemAlloc
CLSIDFromString
CoTaskMemFree
CoCreateGuid
StringFromGUID2
CoCreateInstance
CreateStreamOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
CoInitialize
CoRegisterMessageFilter

oleaut32

OleLoadPicture
SysFreeString
VariantInit
VariantClear
SysAllocString
SysStringLen
SysAllocStringByteLen
OleCreateFontIndirect
VariantChangeType
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantCopy
SysAllocStringLen

urlmon

URLDownloadToCacheFileA

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetQueryOptionA
InternetReadFile

ws2_32

gethostname
gethostbyname
inet_ntoa
WSACleanup
WSAStartup

winmm

PlaySoundA

dnsapi

DnsQuery_A

psapi

GetModuleBaseNameA
EnumProcesses
EnumProcessModules
GetModuleFileNameExA

Sections

.text
Size: 453KB - Virtual size: 452KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ac73523f504a88fc0c50b1c92861d65

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

wininet

ws2_32

winmm

dnsapi

psapi

Sections

.text Size: 453KB - Virtual size: 452KB

.rdata Size: 104KB - Virtual size: 104KB

.data Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 4.5MB - Virtual size: 4.5MB

.text
Size: 453KB - Virtual size: 452KB

.rdata
Size: 104KB - Virtual size: 104KB

.data
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 4.5MB - Virtual size: 4.5MB