3b22129a94c7213da0ad50c0ff0f638f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3b22129a94c7213da0ad50c0ff0f638f_JaffaCakes118
Size

902KB
MD5

3b22129a94c7213da0ad50c0ff0f638f
SHA1

ae882e8a90725fcd2d182dad4212ced7e4240396
SHA256

95c03f62de0597b0e7c5051d7db8d69f78eeb66b4581b33a58772af98f001401
SHA512

e5401974eb349a8bb82a136a589291e511f7c86c359f81723e19da251caa03baefd9368e21e61b05f143a380c1ccbe3c50a522febb6b55833dc9c62c6c81abeb
SSDEEP

24576:wBRWq/opIR4+i1vrPLxY1t4n1t9U9UnxlO:Rq/opK4+i1vrPIm1t9H/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b22129a94c7213da0ad50c0ff0f638f_JaffaCakes118

Files

3b22129a94c7213da0ad50c0ff0f638f_JaffaCakes118
.exe windows:6 windows x86 arch:x86

8b33bc81db9966697cb5a7f40ad720d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

WMPNetwk.pdb

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
RegOpenKeyExW
QueryServiceStatusEx
ControlService
SetServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
DeleteService
ChangeServiceConfig2W
CreateServiceW
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
GetSecurityDescriptorControl
MakeAbsoluteSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
GetLengthSid
IsValidSid
CopySid
AddAce
InitializeAcl
GetAclInformation
SetSecurityDescriptorDacl
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSidToSidW
RegSetKeySecurity
ConvertStringSecurityDescriptorToSecurityDescriptorW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
FreeSid
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
GetNamedSecurityInfoW
ChangeServiceConfigW
StartServiceW
RegDeleteKeyW
SetSecurityInfo
RegEnumKeyExW
GetAce
GetSecurityInfo
EqualSid
SetSecurityDescriptorControl
RegGetKeySecurity
RegQueryInfoKeyW
LookupAccountNameW
ConvertSidToStringSidW
LookupAccountSidW
TraceEvent
GetTokenInformation
OpenProcessToken
RevertToSelf
ImpersonateLoggedOnUser
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA

kernel32

WriteFile
CreateFileW
CompareStringA
MulDiv
GetLongPathNameW
GetFullPathNameW
GetFileAttributesW
RemoveDirectoryW
UnregisterWaitEx
InterlockedCompareExchange
DeleteFileW
RegisterWaitForSingleObject
QueueUserWorkItem
FormatMessageW
CreateThread
WaitForMultipleObjects
GetStringTypeExW
DebugBreak
lstrcmpiW
GetComputerNameW
WideCharToMultiByte
lstrlenA
GetVersionExW
GetTempPathW
GetProcAddress
FreeLibrary
LoadLibraryA
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
CreateEventW
SetLastError
WaitForSingleObject
Sleep
GetTickCount
GetLastError
CompareStringW
OpenEventW
SetEvent
InterlockedDecrement
InterlockedIncrement
lstrlenW
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetCommandLineW
GetStartupInfoW
GetLocalTime
MultiByteToWideChar
GetDiskFreeSpaceA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
DeviceIoControl
GetModuleHandleA
OpenMutexW
CreateMutexW
ReleaseMutex
GetCurrentThread
GetThreadPriority
SetThreadPriority
FileTimeToSystemTime
FileTimeToDosDateTime
GetTempFileNameW
GlobalFree
GetModuleHandleW
ExpandEnvironmentStringsW
CreateDirectoryW
GetFileSizeEx
SetFilePointerEx
OpenFileMappingW
VirtualAlloc
VirtualFree
GetFileAttributesExW
CompareFileTime
FindFirstFileW
FindNextFileW
FindClose
FreeLibraryAndExitThread
GetFileSize
ReadFile
DuplicateHandle
InitializeCriticalSectionAndSpinCount
CreateFileMappingW
MapViewOfFile
GetSystemTime
SystemTimeToFileTime
UnmapViewOfFile
LocalAlloc
ResetEvent
LoadLibraryW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
ExitProcess
ChangeTimerQueueTimer
CreateTimerQueueTimer
CreateTimerQueue
DeleteTimerQueueTimer
DeleteTimerQueueEx
InterlockedExchange
SetThreadExecutionState
GetCurrentProcess
IsWow64Process
GlobalMemoryStatus
DelayLoadFailureHook
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetVersion
QueryPerformanceCounter
LocalFree

msvcrt

??1type_info@@UAE@XZ
realloc
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_callnewh
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
__CxxFrameHandler
_time64
strncmp
_ultoa
_strlwr
_wtol
_wcsicmp
wcsstr
iswdigit
wcstol
_wcsnicmp
wcsncmp
_wcslwr
_wcstoui64
_errno
wcstoul
towupper
_CxxThrowException
memset
calloc
malloc
_purecall
free
_wputenv
memmove
memcpy
_vsnwprintf
ceil
_vsnprintf
wcschr
bsearch
towlower
_CIsqrt
_ftol
_CIpow
_cexit
_initterm
__set_app_type
??0exception@@QAE@ABV0@@Z

user32

UnregisterClassA
MsgWaitForMultipleObjects
wvsprintfA
CharUpperBuffW
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
CharUpperW
wvsprintfW
TranslateMessage

oleaut32

VariantTimeToSystemTime
CreateErrorInfo
SetErrorInfo
SysStringByteLen
SysAllocStringByteLen
VariantInit
SafeArrayCopy
SystemTimeToVariantTime
VariantChangeType
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
VariantClear
SysAllocStringLen
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysAllocString
SysFreeString

ole32

CoMarshalInterface
CreateStreamOnHGlobal
CoReleaseMarshalData
CoUnmarshalInterface
IIDFromString
CoUninitialize
PropVariantClear
StringFromGUID2
CoTaskMemFree
CoCreateGuid
CoInitializeEx
CoInitializeSecurity
CoTaskMemAlloc
CoCreateInstance

winhttp

WinHttpWriteData
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpCrackUrl
WinHttpSetCredentials
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpSetOption
WinHttpTimeFromSystemTime
WinHttpQueryDataAvailable
WinHttpCloseHandle
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpen
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpOpenRequest

wsock32

WSAGetLastError

shell32

SHGetFolderPathW
SHCreateDirectoryExW
SHGetFolderPathAndSubDirW

iphlpapi

NotifyAddrChange
GetBestInterfaceEx
GetAdaptersAddresses
SendARP
CancelIPChangeNotify
GetIpAddrTable

httpapi

HttpInitialize
HttpTerminate
HttpSetServiceConfiguration
HttpDeleteServiceConfiguration

ws2_32

GetAddrInfoW
getnameinfo
FreeAddrInfoW

shlwapi

StrCmpNW
PathFindFileNameW
ord437
StrStrIW
PathFileExistsW
PathAppendW

ntdll

strchr
RtlUnwind

wmpmde

MFCreateNetVRoot
MFCreateWMPMDEOpCenter

mfplat

MFShutdown
MFStartup
MFInvokeCallback
MFCreateAsyncResult
CreatePropertyStore

userenv

UnregisterGPNotification
RegisterGPNotification

faultrep

ReportFault

Sections

.text
Size: 710KB - Virtual size: 710KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

yqrhbik
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8b33bc81db9966697cb5a7f40ad720d4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

user32

oleaut32

ole32

winhttp

wsock32

shell32

iphlpapi

httpapi

ws2_32

shlwapi

ntdll

wmpmde

mfplat

userenv

faultrep

Sections

.text Size: 710KB - Virtual size: 710KB

.data Size: 14KB - Virtual size: 20KB

.rsrc Size: 99KB - Virtual size: 100KB

.reloc Size: 77KB - Virtual size: 78KB

yqrhbik Size: - Virtual size: 4KB

.text
Size: 710KB - Virtual size: 710KB

.data
Size: 14KB - Virtual size: 20KB

.rsrc
Size: 99KB - Virtual size: 100KB

.reloc
Size: 77KB - Virtual size: 78KB

yqrhbik
Size: - Virtual size: 4KB