33f988c4a564cdd152e1fa08d96950e0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

33f988c4a564cdd152e1fa08d96950e0_JaffaCakes118
Size

927KB
MD5

33f988c4a564cdd152e1fa08d96950e0
SHA1

0ca4d9f91228fdd5d1ae6e2dbab53939c8e0344f
SHA256

662f8efcb0c32787d384159482e6f824dae2fbc788d624e66bf5e675e0b4bb17
SHA512

74c4c0511ffd2729c410dbf3a6ae0ece2bf8d4115897a927eb561932303423b4e5cf365ae1361cd4d1405515cbb015f5b5296127211ebf9d538ffe42da6addd6
SSDEEP

24576:B3HLGzeLDaVscRot+SccUTKBS7Hf96hZMTsBfGp2vXjOlSv04thQS/DRHupZZWau:BH4RBYccB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33f988c4a564cdd152e1fa08d96950e0_JaffaCakes118

Files

33f988c4a564cdd152e1fa08d96950e0_JaffaCakes118
.exe windows:4 windows x64 arch:x64

0e1a48e8e455d087d5166a007afc1d73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\sandbox\91159\Muroc\iWrapper\Release32E\iWrap.pdb

Imports

murocapi

ord16
ord139
ord27
ord1
ord18
ord90
ord224
ord39
ord153
ord127
ord148
ord76
ord29
ord77
ord111
ord51
ord132
ord107
ord130

psregapi

?SetValue@CRegApi@@QEAAJPEBDPEBEK@Z
?RestartDriver@CRegApi@@QEAAJPEBDK@Z
?SetValue@CRegApi@@QEAAJPEBDK0@Z
?DeleteKey@CRegApi@@QEAAJPEBD@Z
?OpenKey@CRegApi@@QEAAJPEAUHKEY__@@PEBDK@Z
?QueryValue@CRegApi@@QEAAJPEBDAEAJ@Z
??0CRegApi@@QEAA@XZ
?CreateKey@CRegApi@@QEAAJPEAUHKEY__@@PEBDKKAEAK@Z
?CloseKey@CRegApi@@QEAAJXZ
??1CRegApi@@UEAA@XZ
?QueryValue@CRegApi@@QEAAJPEBDAEAKPEAE1@Z
?QueryValue@CRegApi@@QEAAJPEBDPEADAEAK@Z
?SetValue@CRegApi@@QEAAJPEBDJ@Z

pfmgrapi

??1CProfileMgr@@QEAA@XZ
??0CProfileMgr@@QEAA@XZ
?Open@CProfileMgr@@QEAAJK@Z
?IsPasswordRequiredForImport@CProfileMgr@@QEAAHPEBD@Z
?Close@CProfileMgr@@QEAAJXZ
?Import@CProfileMgr@@QEAAJPEBD0AEAUINTEL_WLAN_PROFILE@@HH@Z
?ProfileExists@CProfileMgr@@QEAAJPEBDK@Z
?IsPasswordProtected@CProfileMgr@@QEAAHPEBDK@Z
?Save@CProfileMgr@@QEAAJAEAUINTEL_WLAN_PROFILE@@H@Z
?Delete@CProfileMgr@@QEAAJPEBDHK@Z

traceapi

RegisterEvTrace
UnRegisterEvTrace
EvTraceStart

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdA
SetupDiDestroyDeviceInfoList
SetupDiChangeState
SetupDiSetClassInstallParamsA
SetupDiGetClassDevsA

libeay32

ord267
ord268
ord265
ord266
ord264
ord2927
ord275
ord276
ord274
ord479
ord477
ord269
ord3106
ord3024
ord3171
ord2206
ord469
ord464
ord3315
ord962
ord333

kernel32

MapViewOfFile
CreateFileMappingA
GetFileSize
Sleep
lstrcpyA
WinExec
lstrlenA
lstrcatA
GetCurrentThreadId
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
lstrcpynA
SetLastError
MultiByteToWideChar
GetModuleHandleA
MulDiv
GlobalUnlock
GetModuleFileNameA
SetThreadPriority
ResumeThread
WaitForSingleObject
SetEvent
SuspendThread
FreeResource
LockResource
UnmapViewOfFile
FindResourceA
GlobalFree
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
GetPrivateProfileIntA
GetPrivateProfileStringA
GetCurrentDirectoryA
GlobalFlags
LocalAlloc
LeaveCriticalSection
GlobalReAlloc
GlobalHandle
EnterCriticalSection
TlsGetValue
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetProcessVersion
SizeofResource
GetThreadLocale
GetCPInfo
GetOEMCP
SetErrorMode
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
MoveFileA
GetStringTypeExA
GetShortPathNameA
DuplicateHandle
GetFullPathNameA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
lstrlenW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetTickCount
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFileAttributesA
GlobalSize
RtlLookupFunctionEntry
RtlMoveMemory
RtlUnwindEx
HeapFree
HeapAlloc
ExitProcess
RaiseException
RtlPcToFileHeader
GetProcessHeap
ExitThread
CreateThread
GetACP
HeapReAlloc
HeapSize
GetDateFormatA
GetTimeFormatA
HeapSetInformation
HeapCreate
HeapDestroy
GetStdHandle
FatalAppExitA
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetSystemTimeAsFileTime
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
QueryPerformanceCounter
GetCurrentProcessId
SetConsoleCtrlHandler
SetStdHandle
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteFile
GetCurrentThread
GetCurrentProcess
GetWindowsDirectoryA
FindNextFileA
RemoveDirectoryA
DeleteFileA
FindFirstFileA
FindClose
GetCommandLineA
OpenMutexA
CreateMutexA
CopyFileA
GetFileAttributesA
WritePrivateProfileStringA
GetLastError
FormatMessageA
LocalFree
GetVolumeInformationA
CreateFileA
ReadFile
CreateDirectoryA
GetSystemDirectoryA
GetStartupInfoA
CreateProcessA
CreateEventA
PulseEvent
CloseHandle
GetVersionExA
LoadLibraryA
FreeLibrary
GetProcAddress
WideCharToMultiByte
LoadResource

user32

ReuseDDElParam
UnpackDDElParam
CharUpperA
RegisterClipboardFormatA
RemoveMenu
PostThreadMessageA
DestroyIcon
GetScrollRange
SetScrollPos
GetScrollPos
GetForegroundWindow
SetForegroundWindow
ShowScrollBar
MapWindowPoints
GetMenu
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetScrollInfo
SetScrollInfo
wsprintfA
GetClassInfoA
RegisterClassA
SetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
SetFocus
LoadStringA
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
EndDialog
SetMenuItemBitmaps
GetNextDlgTabItem
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetActiveWindow
IsWindowVisible
GetMessageA
ScrollWindowEx
LoadMenuA
GetKeyState
ValidateRect
PeekMessageA
GetCursorPos
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
OemToCharA
PostQuitMessage
SetWindowsHookExA
CallNextHookEx
EnumChildWindows
CallWindowProcA
UnhookWindowsHookEx
GetClassNameA
GetWindowLongPtrA
SetProcessDefaultLayout
MessageBeep
SetWindowLongPtrA
GetSysColor
GetMessagePos
IsWindow
KillTimer
SetTimer
ReleaseDC
GetDC
ScreenToClient
LoadAcceleratorsA
SetRectEmpty
BringWindowToTop
SetMenu
TranslateAcceleratorA
GetNextDlgGroupItem
CopyAcceleratorTableA
CharNextA
GetWindowRect
PtInRect
LoadCursorA
SetCursor
GrayStringA
DrawTextA
TabbedTextOutA
InvalidateRect
UpdateWindow
FillRect
InflateRect
SetRect
CopyRect
DrawStateA
GetFocus
GetParent
PostMessageA
GetSystemMetrics
LoadIconA
EnableWindow
GetClientRect
IsIconic
GetSystemMenu
SendMessageA
AppendMenuA
GetDialogBaseUnits
GetSysColorBrush
IsDlgButtonChecked
SetDlgItemTextA
InsertMenuA
GetMenuStringA
DeleteMenu
WaitMessage
GetWindowThreadProcessId
DrawIcon
MessageBoxA
GetDesktopWindow
ReleaseCapture
SetCapture
WindowFromPoint
wvsprintfA
DestroyMenu
ShowWindow
MoveWindow
SetWindowTextA
DispatchMessageA
IsDialogMessageA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
RegisterWindowMessageA
GetCapture
WinHelpA
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
IsChild
GetMessageTime
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetTopWindow
TrackPopupMenu
TranslateMessage
SetScrollRange
CharToOemA
UnregisterClassA

gdi32

SetROP2
SetStretchBltMode
SetTextColor
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
MoveToEx
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
SetArcDirection
SetColorAdjustment
SelectClipRgn
GetClipRgn
CreateRectRgn
SelectClipPath
GetViewportExtEx
GetWindowExtEx
StartDocA
DeleteDC
SelectObject
SelectPalette
SetViewportOrgEx
OffsetViewportOrgEx
SetPolyFillMode
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetDeviceCaps
CreateDIBPatternBrushPt
ExtCreatePen
CreateHatchBrush
CreatePatternBrush
CreateBitmap
GetDCOrgEx
PatBlt
GetTextMetricsA
GetTextColor
CopyMetaFileA
CreateDCA
RestoreDC
SaveDC
SetBkMode
SetBkColor
DeleteObject
GetObjectA
CreateFontIndirectA
GetStockObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetTextExtentPoint32A
BitBlt
RoundRect
LPtoDP
DPtoLP
GetMapMode
GetBkColor
CreateCompatibleDC
CreateCompatibleBitmap
CreatePen
SetViewportExtEx
CreateSolidBrush
SetRectRgn
CreateRectRgnIndirect
CombineRgn

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

GetUserNameA
RegQueryValueExA
RegEnumKeyA
RegCreateKeyA
RegSetValueA
RegOpenKeyA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueA
OpenThreadToken
OpenProcessToken
RegSetValueExA
AllocateAndInitializeSid
LookupAccountSidA
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey

comctl32

_TrackMouseEvent
ord17

oledlg

ord8

ole32

OleDuplicateData
ReleaseStgMedium
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
OleInitialize
CreateBindCtx
OleUninitialize
OleRun
CoDisconnectObject
CoCreateInstance
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoTaskMemAlloc
CoGetClassObject
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoRegisterClassObject
CoRevokeClassObject
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CreateStreamOnHGlobal
CoFreeUnusedLibraries

oleaut32

SysStringByteLen
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SysFreeString
SysAllocStringLen
OleCreateFontIndirect
VariantClear
VariantTimeToSystemTime
SysAllocString
VariantCopy
VariantChangeType
SysReAllocStringLen
SafeArrayUnaccessData
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysAllocStringByteLen
VarCyFromStr
VarBstrFromCy
VarDateFromStr
VarBstrFromDate
SysStringLen
SafeArrayAccessData
LoadTypeLi
SafeArrayCopy

shlwapi

PathAppendA
SHDeleteKeyA
PathFileExistsA
PathRemoveBackslashA

shell32

SHGetFileInfoA
ExtractIconA
DragAcceptFiles
ShellExecuteA
DragQueryFileA
SHGetFolderPathA
DragFinish

secur32

GetUserNameExA

Sections

.text
Size: 650KB - Virtual size: 650KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�}
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e1a48e8e455d087d5166a007afc1d73

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

murocapi

psregapi

pfmgrapi

traceapi

setupapi

libeay32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

oledlg

ole32

oleaut32

shlwapi

shell32

secur32

Sections

.text Size: 650KB - Virtual size: 650KB

.rdata Size: 169KB - Virtual size: 168KB

.data Size: 14KB - Virtual size: 37KB

.pdata Size: 41KB - Virtual size: 40KB

.idata Size: 26KB - Virtual size: 25KB

�} Size: 19KB - Virtual size: 18KB

.text
Size: 650KB - Virtual size: 650KB

.rdata
Size: 169KB - Virtual size: 168KB

.data
Size: 14KB - Virtual size: 37KB

.pdata
Size: 41KB - Virtual size: 40KB

.idata
Size: 26KB - Virtual size: 25KB

�}
Size: 19KB - Virtual size: 18KB