3561cc89ef006ad29dee14fe8bccbdac_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3561cc89ef006ad29dee14fe8bccbdac_JaffaCakes118
Size

855KB
MD5

3561cc89ef006ad29dee14fe8bccbdac
SHA1

e6104b63da60b8cd7f5b66d984788af07073b570
SHA256

1a01b078addaf5a11c3ccf4356194a208b2206bf3007c12f6e03927bbf3d7552
SHA512

54e0f65e46ad023bddd505ef97eea4ce525cd060467e77be02fca619994a40d60b5464d2b0a3b4ab41558e73c141078486e767eb03535fea27d9647daa18eb14
SSDEEP

24576:dpWWPDYNgmeAHoqwNszcs2iTgCHpq5gw9IAIbT5GG08DD5FFv45GY:ueAHA5g3AIbQkDVv4oY

Score

5^/10

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
sample	autoit_exe

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3561cc89ef006ad29dee14fe8bccbdac_JaffaCakes118

Files

3561cc89ef006ad29dee14fe8bccbdac_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a87158800697cdc11abed1062c712c95

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

__WSAFDIsSet
recv
send
socket
connect
closesocket
bind
select
accept
htons
sendto
recvfrom
ntohs
WSAGetLastError
ioctlsocket
WSACleanup
inet_addr
gethostbyname
WSAStartup
gethostname
listen

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

winmm

waveOutSetVolume
timeGetTime
mciSendStringA

comctl32

ImageList_EndDrag
ImageList_DragEnter
ImageList_BeginDrag
ImageList_SetDragCursorImage
ImageList_DragLeave
ImageList_DragMove
ImageList_ReplaceIcon
ImageList_Create
InitCommonControlsEx
ImageList_Remove
ImageList_Destroy

mpr

WNetCancelConnection2A
WNetGetConnectionA
WNetAddConnection2A
WNetUseConnectionA

kernel32

OpenProcess
CreateFileMappingA
MapViewOfFile
WriteProcessMemory
ReadProcessMemory
CreateFileA
ReadFile
SetFilePointer
FindClose
MultiByteToWideChar
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteFileA
FindNextFileA
lstrcmpiA
EnumResourceNamesA
MoveFileA
CopyFileA
CreateDirectoryA
RemoveDirectoryA
TerminateProcess
SetSystemPowerState
SetFileTime
GetFileAttributesA
FindFirstFileA
OutputDebugStringA
GetLocalTime
WideCharToMultiByte
CompareStringA
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
WriteFile
CreatePipe
GetStdHandle
InterlockedExchange
EnterCriticalSection
TerminateThread
LeaveCriticalSection
GetTempPathA
GetTempFileNameA
UnmapViewOfFile
FormatMessageA
GetExitCodeProcess
SetErrorMode
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileSectionA
SetFileAttributesA
WritePrivateProfileSectionA
GetShortPathNameA
GetPrivateProfileSectionNamesA
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeA
GetDiskFreeSpaceA
GetVolumeInformationA
SetVolumeLabelA
DeviceIoControl
SetProcessWorkingSetSize
GlobalMemoryStatus
Beep
GetEnvironmentVariableA
GetFileSize
SetEnvironmentVariableA
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
GetComputerNameA
GetWindowsDirectoryA
GetSystemDirectoryA
GetCurrentProcessId
GetCurrentThread
CreateProcessA
SetPriorityClass
VirtualAlloc
LoadLibraryExA
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleA
GetSystemInfo
GetVersionExA
GetCurrentThreadId
Sleep
WaitForSingleObject
CreateThread
DuplicateHandle
GetLastError
HeapAlloc
GetProcessHeap
HeapFree
CloseHandle
ExitProcess
ExitThread
GetSystemTimeAsFileTime
ResumeThread
GetCommandLineA
GetStartupInfoA
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
GetModuleFileNameA
GetFullPathNameA
SetCurrentDirectoryA
GetCurrentDirectoryA
FreeLibrary
InitializeCriticalSection
GetProcAddress
LoadLibraryA
HeapReAlloc
RtlUnwind
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
SetStdHandle
FlushFileBuffers
LCMapStringA
LCMapStringW
GetTimeZoneInformation
HeapSize
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
VirtualFree
CompareStringW

user32

GetMenuStringA
GetSubMenu
GetCaretPos
IsZoomed
SetWindowLongA
FlashWindow
GetSysColor
GetActiveWindow
InflateRect
CharNextA
wsprintfA
RedrawWindow
DrawFocusRect
DrawTextA
FrameRect
DrawFrameControl
FillRect
DrawMenuBar
DestroyMenu
PtInRect
CreateMenu
SetMenu
SetCursor
GetWindowTextLengthA
GetWindowDC
GetSystemMetrics
IsDialogMessageA
SetClassLongA
DefDlgProcA
ReleaseCapture
SetCapture
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
AdjustWindowRectEx
SetRect
ClientToScreen
RegisterHotKey
ReleaseDC
CharLowerBuffA
GetMessageA
LockWindowUpdate
DispatchMessageA
TranslateMessage
PeekMessageA
UnregisterHotKey
IsCharUpperA
ExitWindowsEx
SetActiveWindow
FindWindowExA
EnumThreadWindows
LoadImageA
CreateIconFromResourceEx
CheckMenuRadioItem
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoA
GetMenuItemInfoA
SetMenuDefaultItem
InsertMenuItemA
IsMenu
TrackPopupMenuEx
GetCursorPos
DeleteMenu
SetForegroundWindow
IsIconic
FindWindowA
SystemParametersInfoA
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
keybd_event
VkKeyScanA
GetKeyboardLayoutNameA
CharUpperA
LoadStringA
DialogBoxParamA
MessageBeep
SendDlgItemMessageA
GetDlgItem
SetWindowTextA
DestroyWindow
GetMenu
GetClientRect
CopyRect
EndPaint
BeginPaint
GetDesktopWindow
IsWindow
EnumWindows
IsWindowVisible
EnableWindow
IsCharLowerA
IsCharAlphaNumericA
IsCharAlphaA
GetCursor
GetDC
WindowFromPoint
SetClipboardData
EmptyClipboard
CountClipboardFormats
SetWindowPos
CopyImage
mouse_event
CloseClipboard
ScreenToClient
InvalidateRect
GetWindowLongA
IsWindowEnabled
AttachThreadInput
SendMessageTimeoutA
GetFocus
GetWindowTextA
EnumChildWindows
CharUpperBuffA
GetWindowThreadProcessId
GetClassNameA
GetParent
GetDlgCtrlID
SendMessageA
MapVirtualKeyA
PostMessageA
GetWindowRect
ShowWindow
CreateWindowExA
RegisterClassExA
LoadIconA
LoadCursorA
GetSysColorBrush
GetForegroundWindow
DefWindowProcA
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
MessageBoxA
RegisterWindowMessageA
SetTimer
DestroyIcon
EndDialog

gdi32

LineTo
CloseFigure
SetPixel
EndPath
StrokePath
SetBkColor
StrokeAndFillPath
ExtCreatePen
PolyBezierTo
AngleArc
DeleteObject
GetTextExtentPoint32A
DeleteDC
MoveToEx
Ellipse
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectA
SetBkMode
CreatePen
CreateSolidBrush
SetTextColor
GetDIBits
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
CreateFontA
GetDeviceCaps
GetTextFaceA
GetStockObject
CreateDCA
CreateCompatibleBitmap
GetPixel
RoundRect

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

LookupPrivilegeValueA
RegEnumValueA
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
GetUserNameA
RegEnumKeyExA
RegConnectRegistryA
AdjustTokenPrivileges
OpenProcessToken
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

DragQueryPoint
ShellExecuteExA
DragQueryFileA
SHBrowseForFolderA
SHFileOperationA
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetMalloc
ExtractIconExA
Shell_NotifyIconA
ShellExecuteA
DragFinish

ole32

OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
IIDFromString
StringFromIID
CLSIDFromString
OleInitialize
CreateBindCtx
CLSIDFromProgID
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket
StringFromCLSID
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree

oleaut32

VariantTimeToSystemTime
VarR8FromDec
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
LoadRegTypeLi
GetActiveObject
SysAllocString
SafeArrayAllocDescriptorEx
SafeArrayAllocData
VariantCopy
VariantInit
SafeArrayDestroyDescriptor
OleLoadPicture
SafeArrayDestroyData

Sections

.text
Size: 406KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a87158800697cdc11abed1062c712c95

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

version

winmm

comctl32

mpr

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 406KB - Virtual size: 406KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 10KB - Virtual size: 65KB

.rsrc Size: 29KB - Virtual size: 28KB

.text
Size: 406KB - Virtual size: 406KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 10KB - Virtual size: 65KB

.rsrc
Size: 29KB - Virtual size: 28KB