372fed0e1e9371ca7a69e53c1344608b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

372fed0e1e9371ca7a69e53c1344608b_JaffaCakes118
Size

206KB
MD5

372fed0e1e9371ca7a69e53c1344608b
SHA1

6b19d94d79644372e3eaf49bbba4f2ed148eb6d0
SHA256

417926c2feb12e84107cdfaae80140492ce9febc86f5a246dfd3033bf4192b29
SHA512

37d628a2a749d10110bbcb1b2afcc3c39910f3f178efe4f2cdd3dcd2acec77947f6e34f899ad4c28c1c80edd68d06fb0ada697311731f2b3df15f89d1fcc7435
SSDEEP

6144:/umNZqXvzWve8uqCUxGJdETBfbUooqibLQctQ3JrT:JL8WWFqCUxGJdETVUULcMp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
372fed0e1e9371ca7a69e53c1344608b_JaffaCakes118

Files

372fed0e1e9371ca7a69e53c1344608b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0d1ce4ca7855f14b6c538ac0ccafe293

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
VirtualQueryEx
Thread32First
WideCharToMultiByte
ReadProcessMemory
HeapDestroy
HeapCreate
lstrcpynW
Thread32Next
GetTimeZoneInformation
MultiByteToWideChar
lstrlenW
GetTempPathW
GetFileSizeEx
OpenMutexW
GetLastError
SetLastError
VirtualProtectEx
VirtualAllocEx
FindClose
LoadLibraryA
RemoveDirectoryW
QueryDosDeviceW
FindNextFileW
VirtualProtect
GetFileTime
DeleteFileW
GetVolumeNameForVolumeMountPointW
GetFileInformationByHandle
WriteProcessMemory
IsBadReadPtr
CreateThread
TlsGetValue
TlsSetValue
ResetEvent
lstrcmpiA
GetNativeSystemInfo
GetVersionExW
GlobalLock
GlobalUnlock
ExitProcess
GetCommandLineW
SetErrorMode
GetComputerNameW
CreateEventA
GetModuleHandleA
GetFileAttributesExW
OpenEventW
DuplicateHandle
GetCurrentProcessId
GetThreadContext
SetThreadContext
GetProcessId
WTSGetActiveConsoleSessionId
TerminateProcess
ReleaseMutex
CreatePipe
ReadFile
SetHandleInformation
CreateProcessW
TlsFree
TlsAlloc
CreateFileMappingW
GetProcessHeap
CreateDirectoryW
HeapFree
GetLogicalDriveStringsW
SetFilePointerEx
GetCurrentProcess
SystemTimeToFileTime
HeapAlloc
SetEndOfFile
FindFirstFileW
HeapReAlloc
GetTempFileNameW
FileTimeToDosDateTime
GetEnvironmentVariableW
SetFileAttributesW
GetSystemTime
SetEvent
UnmapViewOfFile
MapViewOfFile
CreateMutexW
ExpandEnvironmentStringsW
LoadLibraryW
FreeLibrary
SetThreadPriority
GetCurrentThread
GetProcAddress
GetPrivateProfileIntW
FlushFileBuffers
CreateFileW
WriteFile
GetPrivateProfileStringW
GetModuleHandleW
EnterCriticalSection
VirtualAlloc
LeaveCriticalSection
MoveFileExW
InitializeCriticalSection
VirtualFree
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
VirtualFreeEx
OpenProcess
CreateRemoteThread
LocalFree
GetCurrentThreadId
CloseHandle
WaitForMultipleObjects
CreateEventW
GetLocalTime
ExitThread
GetUserDefaultUILanguage
lstrcmpiW
GetModuleFileNameW
GetFileAttributesW
Sleep
GetTickCount
WaitForSingleObject
FileTimeToLocalFileTime

user32

WindowFromPoint
CharToOemW
TranslateMessage
GetWindowLongW
CharLowerA
PeekMessageW
CharUpperW
SetWindowLongW
SendMessageTimeoutW
GetWindow
DispatchMessageW
CharLowerW
ExitWindowsEx
GetSystemMetrics
CharLowerBuffA
MsgWaitForMultipleObjects
GetMenuItemID
SetKeyboardState
GetSubMenu
DefDlgProcW
DefFrameProcA
OpenInputDesktop
MenuItemFromPoint
GetDC
GetMenu
FillRect
GetMenuItemRect
TrackPopupMenuEx
SystemParametersInfoW
GetClassNameW
ReleaseDC
GetMenuState
LoadImageW
GetTopWindow
IsRectEmpty
PrintWindow
DrawIcon
GetIconInfo
GetWindowRect
GetParent
GetClassLongW
GetAncestor
SetWindowPos
IsWindow
MapWindowPoints
GetMessageA
SetCapture
GetCapture
SetCursorPos
PeekMessageA
GetCursorPos
ReleaseCapture
GetMessagePos
MessageBoxA
GetKeyboardLayoutList
GetKeyboardState
GetClipboardData
ToUnicode
EndPaint
MapVirtualKeyW
GetUpdateRgn
GetMessageW
RegisterClassExA
GetWindowDC
DefWindowProcA
DefMDIChildProcW
SwitchDesktop
PostMessageW
GetWindowInfo
DrawEdge
BeginPaint
GetUpdateRect
IntersectRect
GetMenuItemCount
DefDlgProcA
PostThreadMessageW
DefMDIChildProcA
HiliteMenuItem
RegisterClassW
SendMessageW
CallWindowProcA
EndMenu
CallWindowProcW
DefWindowProcW
DefFrameProcW
GetWindowThreadProcessId
RegisterClassA
GetShellWindow
CreateDesktopW
SetProcessWindowStation
GetThreadDesktop
GetDCEx
RegisterClassExW
EqualRect
CloseWindowStation
CreateWindowStationW
GetProcessWindowStation
OpenDesktopW
CloseDesktop
SetThreadDesktop
GetUserObjectInformationW
OpenWindowStationW
RegisterWindowMessageW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSecurityDescriptorSacl
GetLengthSid
RegCreateKeyW
RegEnumKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
InitiateSystemShutdownExW
RegDeleteValueW
RegEnumValueW
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptCreateHash
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegSetValueExW
CryptHashData
ConvertSidToStringSidW
IsWellKnownSid
CreateProcessAsUserA
EqualSid

shlwapi

SHDeleteValueW
StrCmpNIW
wvnsprintfA
StrCmpNIA
PathMatchSpecW
PathAddExtensionW
PathCombineW
SHDeleteKeyW
PathSkipRootW
PathRemoveFileSpecW
PathAddBackslashW
PathFindFileNameW
PathIsDirectoryW
wvnsprintfW
UrlUnescapeA
PathRemoveBackslashW
PathUnquoteSpacesW
PathIsURLW
StrStrIW
StrStrIA
PathQuoteSpacesW
PathRenameExtensionW

shell32

CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW

secur32

GetUserNameExW

ole32

CoSetProxyBlanket
CoUninitialize
CLSIDFromString
StringFromGUID2
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoCreateInstance

gdi32

CreateCompatibleBitmap
SelectObject
DeleteObject
GetDeviceCaps
DeleteDC
GetDIBits
CreateDIBSection
RestoreDC
SaveDC
SetRectRgn
GdiFlush
SetViewportOrgEx
CreateCompatibleDC

ws2_32

WSAGetLastError
send
gethostbyname
closesocket
WSASend
getaddrinfo
inet_addr
getpeername
recvfrom
sendto
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
select
WSAEventSelect
getsockname
accept
WSASetLastError
freeaddrinfo
socket
bind
recv
setsockopt
shutdown
listen

crypt32

PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
CryptUnprotectData

wininet

InternetCrackUrlA
InternetReadFile
InternetSetOptionA
HttpOpenRequestA
InternetQueryOptionA
InternetSetStatusCallbackA
HttpAddRequestHeadersA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpEndRequestW
HttpEndRequestA
InternetSetFilePointer
HttpOpenRequestW
HttpSendRequestW
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpSendRequestExA
InternetQueryOptionW
InternetOpenA
InternetCloseHandle
HttpQueryInfoA
InternetConnectA
HttpSendRequestA

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

waveOutGetVolume
PlaySoundA
PlaySoundW
waveOutSetVolume

Sections

.text
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d1ce4ca7855f14b6c538ac0ccafe293

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

version

winmm

Sections

.text Size: 193KB - Virtual size: 193KB

.data Size: 2KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 193KB - Virtual size: 193KB

.data
Size: 2KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 8KB