36025ba42e04af91b88943f487965b73_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

36025ba42e04af91b88943f487965b73_JaffaCakes118
Size

273KB
MD5

36025ba42e04af91b88943f487965b73
SHA1

25828d7b1e1510d427b09824b5c4c5329dd83152
SHA256

47067c8e3fb4e07d8400c1be31870badb3339fe51c800e1acfee4ac229f7e3dd
SHA512

f88e46cf1aa801d42e44b085e05cb8955f74d84c051ac2c1b7c7855154eef4478a168e7fb696f504dcb716213aa6dbd023c59f09981d78d913cbdede98cba381
SSDEEP

6144:R338qD4emiJHqqjr28vZrVCI/TCLCZ9CQgKpzp+89u2:9sTifr28hrc6gUQ2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36025ba42e04af91b88943f487965b73_JaffaCakes118

Files

36025ba42e04af91b88943f487965b73_JaffaCakes118
.exe windows:5 windows x86 arch:x86

04b05249924826f416b3c6831f7a2226

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAConnect
WSAEnumNetworkEvents
WSAEventSelect
shutdown
closesocket
WSAStartup
gethostname
gethostbyname
inet_ntoa
WSACreateEvent
htons
ntohs
WSAGetLastError
WSASocketW
WSACloseEvent
WSACleanup

shlwapi

PathFileExistsW

oleacc

AccessibleChildren
GetRoleTextW
AccessibleObjectFromWindow
ObjectFromLresult

psapi

GetModuleFileNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

GetSystemTimeAsFileTime
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
Sleep
RaiseException
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
LocalAlloc
lstrlenW
FormatMessageW
InterlockedDecrement
GetLocalTime
GetComputerNameW
GetTickCount
WideCharToMultiByte
ResumeThread
SetPriorityClass
GetCurrentProcess
GetCurrentThread
SetThreadPriority
CreateProcessW
CloseHandle
WriteFile
lstrcpyW
GetShortPathNameW
GetModuleFileNameW
CreateFileW
GetTempFileNameW
GetTempPathW
MultiByteToWideChar
GetProcAddress
LoadLibraryW
LocalFree
GetLastError
DuplicateHandle
OpenProcess
TerminateProcess
GetExitCodeProcess
Module32NextW
lstrcmpiW
CreateToolhelp32Snapshot
Process32NextW
GetPriorityClass
Process32FirstW
GetCompressedFileSizeW
FindClose
FindNextFileW
FindFirstFileW
OutputDebugStringA
CreateDirectoryW
GetLongPathNameW
FileTimeToSystemTime
DeleteFileW
SetFileAttributesW
GetSystemTime
FreeLibrary
GlobalUnlock
lstrlenA
GlobalLock
GetModuleHandleW
GetVersionExW
CreateThread
CopyFileW
EnumResourceNamesW
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
GetSystemDirectoryW
GetTimeFormatA
GetDateFormatA
LoadLibraryA
CancelIo
GetOverlappedResult
WaitForSingleObject
ReadFile
CreateEventW
CreateFileA
SetFilePointer
GetFileSize
VirtualAlloc
VirtualFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
CreateSemaphoreW
ReleaseSemaphore
InitializeCriticalSection
HeapAlloc
GetProcessHeap
HeapFree
DeviceIoControl
CreateMutexW
InterlockedExchange
GetVersionExA
HeapSize
HeapReAlloc
HeapDestroy
MoveFileW
UnhandledExceptionFilter
Module32FirstW
ReleaseMutex
GetCurrentThreadId
GetCurrentProcessId

advapi32

OpenProcessToken
RegOpenKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
GetUserNameW
GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
SetEntriesInAclW
SetSecurityInfo

user32

TranslateMessage
GetMessageW
SetTimer
CreateWindowExW
IsCharAlphaNumericW
GetForegroundWindow
UnregisterClassA
DispatchMessageW
CharUpperBuffW
DefWindowProcW
PostQuitMessage
GetKeyState
GetKeyboardState
ToUnicode
GetKeyNameTextW
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
GetWindowThreadProcessId
SystemParametersInfoW
GetDC
GetClientRect
ReleaseDC
IsWindow
RegisterWindowMessageW
RegisterClassExW
GetParent
IsWindowEnabled
SendMessageW
SendMessageTimeoutW
IsWindowVisible
GetClassNameW
EnumChildWindows
FindWindowExW
GetWindowTextW
wsprintfW

ole32

CoInitialize
CoCreateInstance

oleaut32

GetErrorInfo
SysStringLen
SysFreeString
VariantClear
SysAllocString
VariantCopy
VariantInit

shell32

SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteW
SHGetSpecialFolderPathW
SHGetPathFromIDListW

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFindChainInStore
CertFreeCertificateContext
CertFindCertificateInStore
CertOpenSystemStoreA
CertCloseStore

msvcrt

ftell
wcsncpy
malloc
_mbscmp
strcpy
rand
_mbsrchr
_mbsspn
_mbscspn
_vscprintf
vsprintf
atoi
_mbsstr
_mbsinc
_ismbcspace
_mbslwr
strncpy
strstr
strcat
_beginthreadex
isalnum
_mbschr
??0exception@@QAE@XZ
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_callnewh
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
realloc
_errno
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_controlfp
srand
_except_handler3
__CxxFrameHandler
mktime
fgetpos
fread
wcscat
wcscpy
sprintf
strlen
abs
_wtoi
memset
swprintf
_wfopen
fseek
fclose
time
fwrite
wcslen
vswprintf
_vscwprintf
_wcsupr
wcschr
_wcsicmp
wcscmp
iswspace
free
memmove
memcpy
_wcslwr
wcsrchr
wcsstr
_CxxThrowException
printf
_CIacos
_ftol
_CIpow

winmm

waveInAddBuffer
waveInUnprepareHeader
waveInStop
waveInOpen
waveInClose
waveInStart
waveInPrepareHeader

gdi32

GetPixel

Sections

.text
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04b05249924826f416b3c6831f7a2226

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

shlwapi

oleacc

psapi

version

kernel32

advapi32

user32

ole32

oleaut32

shell32

crypt32

msvcrt

winmm

gdi32

Sections

.text Size: 215KB - Virtual size: 215KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 18KB - Virtual size: 83KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 215KB - Virtual size: 215KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 18KB - Virtual size: 83KB

.rsrc
Size: 5KB - Virtual size: 5KB