3417db1159f79c6b3814b7caeec2c1de_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3417db1159f79c6b3814b7caeec2c1de_JaffaCakes118
Size

220KB
MD5

3417db1159f79c6b3814b7caeec2c1de
SHA1

8f8030890e8aa86bb60609ea81967ac7be8f919d
SHA256

58566d005e1372d704e915c5ae8688803fe27dce54e3b20d0be0d18401cc7d32
SHA512

afb697104458c294e63637f4c5ec37a60ad093bb4603cfe782a58370d89218666a1497966c47f6ceae237d00d239b4ad64aad4a9ace144fc4363d359517527b7
SSDEEP

6144:gNNObeW3P9l607NKD81XWZuLIVjKuqIc:g6607P1XWvO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3417db1159f79c6b3814b7caeec2c1de_JaffaCakes118

Files

3417db1159f79c6b3814b7caeec2c1de_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cbc1e0817df1e6b45ca44614e19d3758

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

FindFirstUrlCacheEntryA
InternetCrackUrlW
InternetSetOptionW
InternetQueryOptionW
FtpCommandW
InternetGetLastResponseInfoW
InternetWriteFile
FtpOpenFileW
DeleteUrlCacheEntryA
InternetReadFile
InternetReadFileExA
InternetCloseHandle
InternetSetStatusCallbackW
InternetSetOptionA
InternetConnectW
InternetOpenW
HttpSendRequestExW
UnlockUrlCacheEntryFileA
FindNextUrlCacheEntryA
HttpEndRequestW
HttpQueryInfoW
HttpOpenRequestW
FtpGetFileSize
FindCloseUrlCache
CommitUrlCacheEntryA
HttpOpenRequestA
CommitUrlCacheEntryW
CreateUrlCacheEntryW
GetUrlCacheEntryInfoW

urlmon

CoInternetCombineUrl
ObtainUserAgentString

wintrust

CryptCATAdminEnumCatalogFromHash
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

UrlEscapeW
SHDeleteValueW
PathFindExtensionW
SHGetValueW
PathIsRootW
PathCombineW
PathFindFileNameA
PathFindFileNameW
PathGetDriveNumberW
UrlIsOpaqueW
UrlGetPartW
SHSetValueW
StrStrIW
PathFileExistsW

kernel32

GetThreadContext
SetThreadContext
SuspendThread
SetLastError
GetStartupInfoW
ResumeThread
InterlockedCompareExchange
VirtualProtect
GetCurrentProcess
LoadLibraryW
GetLongPathNameW
GetModuleFileNameW
GetLastError
TerminateProcess
CloseHandle
GetCommandLineW
OpenProcess
GetCurrentProcessId
GetCurrentThreadId
Sleep
WaitForSingleObject
OpenThread
SetEvent
CopyFileW
DeleteFileW
GetPrivateProfileStringW
FindClose
FindNextFileW
FindFirstFileW
GetTickCount
CreateProcessW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
ReadFile
CreateFileW
CreateEventW
TlsSetValue
IsBadWritePtr
IsBadReadPtr
CancelWaitableTimer
WaitForMultipleObjects
ResetEvent
GetTempFileNameW
GetTempPathW
SetWaitableTimer
CreateWaitableTimerW
SystemTimeToFileTime
SetEndOfFile
SetFilePointer
GetDiskFreeSpaceExW
SetFileTime
WriteFile
TlsFree
TlsAlloc
GetVersionExW
VirtualQuery
SetUnhandledExceptionFilter
SetErrorMode
VirtualFree
VirtualAlloc
FreeLibrary
GetProcAddress
GetShortPathNameW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
CreateDirectoryW
CreateThread
ExpandEnvironmentStringsW
HeapFree
HeapAlloc
HeapCreate
GetModuleHandleW
GetCurrentThread
GetSystemTime
GlobalFree
GlobalUnlock
FreeResource
LockResource
GlobalLock
GlobalAlloc
SizeofResource
LoadResource
FindResourceW
LocalAlloc
LocalFree
MoveFileW
MoveFileExW
GetProcessHeap
GetVersion
FlushInstructionCache

user32

KillTimer
SetTimer
CreateWindowExW
EnumChildWindows
InsertMenuW
CreatePopupMenu
RegisterClassExW
OpenClipboard
CloseClipboard
CheckDlgButton
IsDlgButtonChecked
FindWindowW
SetParent
GetWindowPlacement
SystemParametersInfoW
SetWindowPlacement
LoadStringW
RemovePropW
GetCursorPos
PtInRect
LoadCursorW
SetCursor
TrackMouseEvent
GetWindowTextW
ClientToScreen
ScreenToClient
GetDC
DrawTextW
ReleaseDC
SetWindowLongW
UpdateWindow
GetWindowLongW
GetParent
GetSystemMetrics
LoadImageW
EnableWindow
ShowWindow
LoadIconW
DestroyIcon
SetDlgItemTextW
GetMessagePos
MapWindowPoints
FillRect
EndPaint
EndDialog
GetDlgItem
GetDesktopWindow
DialogBoxParamW
GetMenuItemCount
DestroyAcceleratorTable
TranslateAcceleratorW
LoadAcceleratorsW
SetWindowPos
EqualRect
WindowFromPoint
ReleaseCapture
SetCapture
GetMenu
MenuItemFromPoint
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetWindowDC
InvalidateRect
DefWindowProcW
GetClientRect
SetFocus
SendMessageW
SetWindowTextW
GetPropW
FindWindowExW
IsWindow
IsChild
PostMessageW
CopyRect
PeekMessageW
SetPropW
GetAncestor
MessageBoxW
PostQuitMessage
GetWindowRect
IsZoomed
InflateRect
IsIconic
OffsetRect
IsWindowVisible
GetWindowThreadProcessId
EnumWindows
GetMessageW
TranslateMessage
DispatchMessageW
GetClassNameW
GetKeyState
CallWindowProcW
SetMenuInfo
SetMenuItemInfoW
TrackPopupMenuEx
TrackPopupMenu
SetRectEmpty
DestroyMenu
GetSysColor
DrawIconEx
RegisterClipboardFormatW
SetClipboardData
EmptyClipboard
BeginPaint
GetMenuItemInfoW

gdi32

Rectangle
CreatePen
FillRgn
CombineRgn
CreateRectRgnIndirect
GetTextMetricsW
MoveToEx
DeleteDC
CreateSolidBrush
SetTextColor
GetObjectW
CreateFontIndirectW
LineTo
EnumFontsW
BitBlt
CreateCompatibleBitmap
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteObject
GetStockObject
SetBkMode

comdlg32

GetSaveFileNameW

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

ShellExecuteW
SHGetSpecialFolderPathW
ExtractIconExW
SHFileOperationW
DragQueryFileW
SHGetFolderPathW

ole32

RegisterDragDrop
DoDragDrop
OleInitialize
CoCreateInstance
OleSetContainedObject
OleCreate
RevokeDragDrop
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
ReleaseStgMedium
OleDuplicateData

oleaut32

SysAllocString
SysFreeString
SysAllocStringLen
SysStringLen
VariantClear
VariantChangeType

msvcrt

wcsrchr
wcscpy
wcsncpy
_wcsicmp
wcslen
_except_handler3
_controlfp
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_wtoi64
fclose
fread
ftell
fseek
fopen
_snprintf
_wcsnicmp
wcscat
fwrite
_wfopen
memmove
fwprintf
iswspace
_snwprintf
??2@YAPAXI@Z
wcsncmp
__CxxFrameHandler
_beginthreadex
wcscmp
wcsncat
_initterm
wcspbrk
_wtoi
wcschr
_wtol
swscanf
wcsstr
free
malloc
wcstok
swprintf
realloc
_purecall
_ismbslead
memset
memcpy
_CxxThrowException
__dllonexit
_ui64tow
time
_onexit
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_ftol

gdiplus

GdipCreateFromHDC
GdiplusStartup
GdipFree
GdipAlloc
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromStream
GdipSetInterpolationMode
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipDisposeImage
GdipCloneImage

comctl32

ImageList_Draw
InitCommonControlsEx

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cbc1e0817df1e6b45ca44614e19d3758

Headers

File Characteristics

Imports

wininet

urlmon

wintrust

version

shlwapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

msvcrt

gdiplus

comctl32

Sections

.text Size: 132KB - Virtual size: 131KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 12KB - Virtual size: 444KB

.rsrc Size: 40KB - Virtual size: 36KB

.text Size: 12KB - Virtual size: 9KB

.text
Size: 132KB - Virtual size: 131KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 12KB - Virtual size: 444KB

.rsrc
Size: 40KB - Virtual size: 36KB

.text
Size: 12KB - Virtual size: 9KB