3656d35d9aa9deaae18208f008ed3b00_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3656d35d9aa9deaae18208f008ed3b00_JaffaCakes118
Size

1.2MB
MD5

3656d35d9aa9deaae18208f008ed3b00
SHA1

ce0c73b9485334bcf8db046a30a5040567cd8339
SHA256

76ded62c498c87d0cbea562372e1fb15bb44e6a2dd8bd77deb137e5be9bce17c
SHA512

bb1d21c6dba286a393e45d91dd6592310df56f2471c6e7b974863f12c660f518aaff93935a9142f96cc23e6ca4f0e66e736d53532c62c3c9caece10ff0365473
SSDEEP

24576:uBrfPeuwhqertp4qwB2uDndkUjmgLor3IV4RB2B:u1dcaqs2uDPmxr3IV4RIB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3656d35d9aa9deaae18208f008ed3b00_JaffaCakes118

Files

3656d35d9aa9deaae18208f008ed3b00_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f0d9f56470b34f8a36837348e9e2b2e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetEnvironmentVariableA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProfileStringA
GetTimeZoneInformation
GetFileType
SetStdHandle
GetACP
HeapSize
TerminateProcess
ExitThread
RaiseException
GetCommandLineA
HeapReAlloc
RtlUnwind
HeapAlloc
HeapFree
GetTickCount
SetErrorMode
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileTime
GetOEMCP
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GlobalFlags
GetCurrentThread
GetThreadLocale
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
DuplicateHandle
LocalAlloc
GetLastError
GlobalFree
lstrcmpA
CreateEventA
SetThreadPriority
SetEvent
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FormatMessageA
LocalFree
GlobalLock
GlobalUnlock
MulDiv
SetLastError
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
SuspendThread
ResumeThread
DeleteCriticalSection
GetCurrentThreadId
GetFileSize
ReadFile
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
lstrcpynA
InitializeCriticalSection
GetStartupInfoA
GetModuleFileNameA
lstrcpyA
lstrcatA
WinExec
ExitProcess
GetSystemDirectoryA
GetCurrentProcess
SizeofResource
GlobalAlloc
LoadLibraryA
GetProcAddress
FreeLibrary
DeleteFileA
Sleep
WritePrivateProfileStringA
GetPrivateProfileStringA
GetFileAttributesA
GetWindowsDirectoryA
CreateFileA
WriteFile
CloseHandle
GetCurrentDirectoryA
WaitForSingleObject
GetExitCodeThread
TerminateThread
CreateThread
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetCPInfo
lstrlenW
lstrlenA
GetVersion
GetStringTypeA
GetVersionExA

user32

SetCapture
CharNextA
CopyAcceleratorTableA
GetNextDlgGroupItem
MessageBeep
GetDCEx
LockWindowUpdate
RegisterClipboardFormatA
SetParent
PostThreadMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
DispatchMessageA
SetActiveWindow
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
IsWindowVisible
GetScrollInfo
SetScrollInfo
GetTopWindow
MessageBoxA
IsChild
GetParent
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
TrackPopupMenu
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
GetKeyState
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
SetForegroundWindow
GetWindowLongA
SetWindowLongA
RegisterWindowMessageA
OffsetRect
GetWindowPlacement
InflateRect
GetClassNameA
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
DestroyMenu
CloseWindowStation
CloseDesktop
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
SetProcessWindowStation
OpenDesktopA
SetThreadDesktop
LoadMenuA
IsWindow
InvalidateRect
RedrawWindow
LoadImageA
SetWindowRgn
LoadCursorA
RegisterClassExA
GetFocus
BringWindowToTop
GetWindow
IntersectRect
GetDlgCtrlID
SetWindowPos
IsIconic
DrawIcon
GetWindowRect
ExitWindowsEx
GetClientRect
GetCursorPos
EnableMenuItem
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
GetMenuItemInfoA
LoadIconA
EnableWindow
SendMessageA
GetSubMenu
GrayStringA
TabbedTextOutA
LoadBitmapA
GetSysColorBrush
GetMenuStringA
CreateMenu
CreatePopupMenu
GetMenuItemID
GetMenuState
ModifyMenuA
ReleaseCapture
GetForegroundWindow
GetMenuItemCount
AppendMenuA
GetSystemMetrics
GetDesktopWindow
GetDC
DrawTextA
ReleaseDC
DrawIconEx
DestroyIcon
SystemParametersInfoA
GetSysColor
CopyRect
FillRect
DrawEdge
SetRect
WindowFromPoint
KillTimer
SetTimer
LoadStringA
MapDialogRect
SetWindowContextHelpId
SetCursor
PostQuitMessage
CharUpperA
PostMessageA
EndDialog
CreateDialogIndirectParamA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
GetNextDlgTabItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
PtInRect
SetRectEmpty
GetMessageA
TranslateMessage
GetActiveWindow
EndPaint
ValidateRect
wvsprintfA

gdi32

CreateRectRgnIndirect
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
CreateDIBitmap
GetViewportExtEx
GetWindowExtEx
CreatePatternBrush
GetMapMode
CreateBitmap
SetRectRgn
DPtoLP
StretchDIBits
GetCharWidthA
CreateFontA
GetTextMetricsA
GetTextColor
GetBkColor
LPtoDP
CreateDCA
CreateRectRgn
CombineRgn
GetStockObject
Escape
ExtTextOutA
TextOutA
PatBlt
RectVisible
PtVisible
GetObjectA
GetPixel
SetPixel
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
CreatePen
GetBkMode
GetTextExtentPointA
GetDeviceCaps

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

SHGetFileInfoA
ShellExecuteA

comctl32

ImageList_Draw
ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA
ord17

oledlg

ord8

ole32

CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CLSIDFromString
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CLSIDFromProgID

olepro32

ord253

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
VariantTimeToSystemTime
VariantCopy
VariantChangeType
SysAllocString
SysAllocStringByteLen
SysStringLen

ws2_32

accept
listen
bind
htonl
htons
setsockopt
gethostname
send
recv
shutdown
closesocket
ntohs
inet_ntoa
WSAStartup
socket
gethostbyname

wininet

InternetSetStatusCallback
InternetOpenUrlA
InternetCloseHandle
InternetGetLastResponseInfoA
FtpPutFileA
InternetConnectA
InternetQueryDataAvailable
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetOpenA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA

Sections

.text
Size: 276KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 660KB - Virtual size: 657KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0d9f56470b34f8a36837348e9e2b2e0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

ws2_32

wininet

Sections

.text Size: 276KB - Virtual size: 274KB

.rdata Size: 64KB - Virtual size: 62KB

.data Size: 24KB - Virtual size: 38KB

.rsrc Size: 660KB - Virtual size: 657KB

.vmp0 Size: 184KB - Virtual size: 183KB

.reloc Size: 4KB - Virtual size: 536B

.text
Size: 276KB - Virtual size: 274KB

.rdata
Size: 64KB - Virtual size: 62KB

.data
Size: 24KB - Virtual size: 38KB

.rsrc
Size: 660KB - Virtual size: 657KB

.vmp0
Size: 184KB - Virtual size: 183KB

.reloc
Size: 4KB - Virtual size: 536B