37202b0aed196fe5656555785435952f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

37202b0aed196fe5656555785435952f_JaffaCakes118
Size

592KB
MD5

37202b0aed196fe5656555785435952f
SHA1

958b09b837a79871864a39eeae1daaea5c69a995
SHA256

35802b4bf6922f00d4c27e3762bc58f159c01f13419049cb7c7d3157e676dfbd
SHA512

3e30654834c9c451264187386d57c87dbaced9abd48b2e02a8e8364ffe6ca00df26e5bbdbdfcc985a92d386d24cbd2a69ef61568975fc33c0f847993439d46b9
SSDEEP

12288:x0hU9+aXNuQRdq96CtaIfiXXdSC3TxsjtvYCgczufJgQ58N5lNrWy:x3BJXdp3Txsjt9gcafG4Et

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37202b0aed196fe5656555785435952f_JaffaCakes118

Files

37202b0aed196fe5656555785435952f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

bdab7f9a82ed2dd50809e5755c56596d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetGetConnectedState
InternetOpenUrlA
InternetCloseHandle
HttpQueryInfoA
InternetReadFile
InternetOpenA
InternetCrackUrlA
InternetQueryOptionA
InternetConnectA
InternetSetOptionA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA

ws2_32

socket
WSALookupServiceEnd
htons
inet_addr
htonl
WSASocketA
WSAIoctl
closesocket
WSAStartup
inet_ntoa
gethostbyname
recv
WSACleanup
WSALookupServiceNextA
WSALookupServiceBeginA
WSAGetLastError
send
connect

mpr

WNetOpenEnumA
WNetCloseEnum
WNetEnumResourceA

wintrust

WinVerifyTrust

rpcrt4

UuidCreate

kernel32

ExitThread
CreateThread
GetTimeZoneInformation
HeapAlloc
GetCommandLineA
InterlockedIncrement
Sleep
FreeLibrary
GetLastError
LoadLibraryA
GetProcAddress
lstrcpyA
lstrcpynA
lstrlenA
lstrcmpiA
SetEvent
GetCurrentProcessId
CreateEventA
CloseHandle
OpenProcess
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
lstrcmpA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LocalFree
WaitForSingleObject
ReleaseMutex
ResetEvent
WaitForMultipleObjects
CreateMutexA
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetTickCount
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
GetCurrentThreadId
GetWindowsDirectoryA
GetModuleFileNameA
FindNextFileA
FindFirstFileA
SetFilePointer
CreateFileA
ReadFile
WriteFile
HeapReAlloc
_lclose
_lwrite
_lcreat
RemoveDirectoryA
FindClose
DeleteFileA
lstrcatA
MoveFileA
InterlockedDecrement
SetEnvironmentVariableA
GetEnvironmentVariableA
GetLongPathNameA
GetShortPathNameA
GetCurrentProcess
GetTempPathA
CopyFileA
GetFileTime
Process32Next
Process32First
CreateToolhelp32Snapshot
Module32Next
Module32First
SetEndOfFile
GetFileSize
MoveFileExA
GetCurrentThread
SetThreadPriority
CreateProcessA
EnumResourceNamesA
EnumResourceTypesA
WideCharToMultiByte
lstrlenW
GetSystemDirectoryA
SizeofResource
LockResource
LoadResource
FindResourceA
RaiseException
LocalAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
SetCurrentDirectoryA
GetCurrentDirectoryA
GlobalSize
GetSystemTimeAsFileTime
GetTempFileNameA
CompareFileTime
OpenMutexA
ExitProcess
IsDBCSLeadByteEx
RtlUnwind
HeapFree
LCMapStringA
LCMapStringW
GetCPInfo
SetLastError
SetUnhandledExceptionFilter
QueryPerformanceCounter
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
TerminateProcess
HeapSize
FlushFileBuffers
VirtualQuery
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
VirtualProtect
GetSystemInfo
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
GetOEMCP
SetStdHandle
GetLocaleInfoW
CompareStringA
CompareStringW
CreateDirectoryA

user32

FindWindowExA
PostMessageA
GetClientRect
GetWindowRect
InvalidateRect
ValidateRect
ReleaseDC
FillRect
IsWindowVisible
wsprintfA
SetClipboardData
CloseClipboard
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
GetSysColor
GetWindowTextA
SystemParametersInfoA
GetDC
SetTimer
KillTimer
FindWindowA
GetWindowThreadProcessId
GetForegroundWindow
MessageBoxA
GetParent
DefWindowProcA
CallWindowProcA
SetWindowTextA
UnhookWindowsHookEx
GetWindowTextW
SetFocus
GetFocus
SetWindowLongA
SendMessageA
ReleaseCapture
CallNextHookEx
SetWindowsHookExA
GetWindowLongA
EnumChildWindows
GetClassNameA
GetWindow
GetAsyncKeyState
DestroyWindow
GetClipboardData
OpenClipboard
GetKeyState
EmptyClipboard

gdi32

SelectObject
GetTextExtentPoint32A
GetPixel
SetTextColor
SetBkColor
GetTextAlign
SetTextAlign
GetTextExtentExPointA
CreateFontIndirectA
CreateSolidBrush
DeleteObject
TextOutA
GetDeviceCaps

advapi32

SetServiceStatus
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
RevertToSelf
FreeSid
ImpersonateSelf
OpenThreadToken
OpenProcessToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetSecurityDescriptorSacl
SetSecurityInfo
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
StartServiceCtrlDispatcherA
RegQueryValueExA
SetSecurityDescriptorDacl

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA

ole32

OleRun
CoCreateInstance
CoCreateGuid

oleaut32

VariantClear
VariantChangeType
GetErrorInfo
VariantInit
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantCopy

shlwapi

PathAddExtensionA
StrCSpnA
StrNCatA
UrlUnescapeA
StrTrimA
PathIsDirectoryA
StrStrIA
PathRemoveExtensionA
PathStripPathA
PathFileExistsA
PathCreateFromUrlA
StrChrA
StrStrA
UrlEscapeA
StrCmpNIA
PathCombineA
SHDeleteKeyA
PathRemoveFileSpecA
PathAppendA
StrCmpNA
wnsprintfA
PathIsRelativeA
StrRChrA

setupapi

SetupIterateCabinetA

crypt32

CryptQueryObject
CryptMsgGetParam
CryptMsgClose
CertVerifyTimeValidity
CertGetNameStringA
CertFindCertificateInStore
CertCloseStore

urlmon

CoInternetGetSession

Exports

Exports

Command
Install
Main
Service
Uninstall

Sections

.text
Size: 328KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 621B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bdab7f9a82ed2dd50809e5755c56596d

Headers

File Characteristics

Imports

wininet

ws2_32

mpr

wintrust

rpcrt4

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

setupapi

crypt32

urlmon

Exports

Exports

Sections

.text Size: 328KB - Virtual size: 326KB

.rdata Size: 60KB - Virtual size: 56KB

.data Size: 92KB - Virtual size: 106KB

.shared Size: 4KB - Virtual size: 621B

.rsrc Size: 72KB - Virtual size: 69KB

.reloc Size: 32KB - Virtual size: 28KB

.text
Size: 328KB - Virtual size: 326KB

.rdata
Size: 60KB - Virtual size: 56KB

.data
Size: 92KB - Virtual size: 106KB

.shared
Size: 4KB - Virtual size: 621B

.rsrc
Size: 72KB - Virtual size: 69KB

.reloc
Size: 32KB - Virtual size: 28KB