3905820af61af12d052c131dd11c2817_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3905820af61af12d052c131dd11c2817_JaffaCakes118
Size

380KB
MD5

3905820af61af12d052c131dd11c2817
SHA1

adbead716617a11b2fd622abb4b374e9a74ecdd3
SHA256

a5e40f82ed32eac247d04c5eebf7eb28d06480ef785bca28b8d7076b923780b5
SHA512

97958fb9077286e69d4c0583fe4a04e72b2f5b285ee20807bb429f070840efc18946e409394d9ad072b53a667b5b9e7841b679e31a5e79176ab2a6b13a97d9f1
SSDEEP

6144:hrg3ZuseLyi0GA+G/GJT0TBX0Y2j31S+Prkk/l:heZpp1GykY2bjIkt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3905820af61af12d052c131dd11c2817_JaffaCakes118

Files

3905820af61af12d052c131dd11c2817_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d944563247c3a744c84a2f882d869798

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
FindNextFileA
FindFirstFileA
CopyFileA
SetFileAttributesA
GetFileAttributesA
CreateDirectoryA
CreateProcessA
GetPrivateProfileStringA
CloseHandle
ReadFile
GetFileSize
CreateFileA
WriteFile
GetWindowsDirectoryA
GetCurrentProcess
FindClose
GetLastError
Sleep
GetTempPathA
InterlockedDecrement
GetVolumeInformationA
GetVersionExA
MoveFileExA
SetCurrentDirectoryA
LoadLibraryA
GetPrivateProfileIntA
GetProcAddress
GetTempFileNameA
RemoveDirectoryA
WritePrivateProfileStringA
LocalFree
FreeLibrary
FormatMessageA
LCMapStringW
HeapAlloc
HeapFree
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
InterlockedIncrement
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
lstrcpynA
GetModuleFileNameA
LocalAlloc
TlsAlloc
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GetVersion
GetCurrentThreadId
GetModuleHandleA
lstrcpyA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
lstrcatA
HeapCreate
GetProcessVersion
lstrcmpA
GlobalFlags
GetCPInfo
GetOEMCP
SetFilePointer
FlushFileBuffers
IsBadWritePtr
MoveFileA
RtlUnwind
RaiseException
GetLocalTime
GetStartupInfoA
GetCommandLineA
ExitProcess
VirtualAlloc
VirtualFree
HeapSize
HeapReAlloc
TerminateProcess
GetACP
SetUnhandledExceptionFilter
LCMapStringA
DeleteFileA
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy

user32

GetClassInfoA
WinHelpA
GetCapture
RegisterClassA
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
LoadIconA
SetWindowTextA
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
GetClassNameA
PtInRect
ClientToScreen
PostQuitMessage
GetSubMenu
GetMenuItemCount
GetMenu
DefWindowProcA
GrayStringA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
EnableMenuItem
GetFocus
GetDlgItem
GetNextDlgTabItem
DispatchMessageA
GetKeyState
CallNextHookEx
PeekMessageA
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
GetWindowTextA
GetDlgCtrlID
GetMenuItemID
DestroyMenu
TabbedTextOutA
SendMessageA
MessageBoxA
EnableWindow
UnhookWindowsHookEx
LoadStringA
DrawTextA
CheckMenuItem
SetMenuItemBitmaps
SystemParametersInfoA
CharNextA
RegisterWindowMessageA
WaitForInputIdle
PostMessageA

advapi32

CryptAcquireContextA
CryptGenRandom
RegDeleteValueA
GetUserNameA
OpenThreadToken
OpenProcessToken
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
RegCreateKeyExA
CryptReleaseContext
CryptDecrypt
CryptEncrypt
CryptDestroyKey
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA

shell32

SHGetFolderPathA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantChangeType
VariantInit
VariantClear
SysAllocString
SysFreeString

traceapi

UnRegisterEvTrace
RegisterEvTrace
EvTraceString

secur32

GetUserNameExA

psregapi

?SetValue@CRegApi@@QAEJPBDK0@Z
?CreateKey@CRegApi@@QAEJPAUHKEY__@@PBDKKAAK@Z
??0CRegistryEx@@QAE@XZ
?OpenOnly@CRegistryEx@@QAEHPAUHKEY__@@PBDK@Z
?GetDWord@CRegistryEx@@QAEJPBDJ@Z
?Close@CRegistryEx@@UAEXXZ
??1CRegistryEx@@UAE@XZ
?QueryValue@CRegApi@@QAEJPBDPAEAAK@Z
??0CRegApi@@QAE@XZ
?OpenKey@CRegApi@@QAEJPAUHKEY__@@PBDK@Z
?QueryValue@CRegApi@@QAEJPBDPADAAK@Z
?CloseKey@CRegApi@@QAEJXZ
?QueryValue@CRegApi@@QAEJPBDAAKPAE1@Z
??1CRegApi@@UAE@XZ

shlwapi

PathFileExistsA
SHDeleteKeyA
PathAppendA

userenv

GetProfilesDirectoryA

pfmgrapi

?GetLifeTimeUTC@CPacData@@QAEKXZ
?GetPacKey@CPacData@@QAEHPAEAAI@Z
?GetNextTSListEntry@CProfileMgr@@QAEJPADI@Z
?GetFirstExcludeEntry@CProfileMgr@@QAEJPADI@Z
?GetFirstPac@CProfileMgr@@QAEJPAEAAIPADI2IW4INTEL_PAC_TYPE@@@Z
?GetIid@CPacData@@QAEHPADAAI@Z
?GetAidInfo@CPacData@@QAEHPADAAI@Z
?SetLifeTime@CPacData@@QAEXK@Z
?SetPacKey@CPacData@@QAEXPAEI@Z
?SetOpaque@CPacData@@QAEXPAEI@Z
?GetNextExcludeEntry@CProfileMgr@@QAEJPADI@Z
?GetPacCount@CProfileMgr@@QAEJPAHW4INTEL_PAC_TYPE@@@Z
??0CProfileMgr@@QAE@PBD0K@Z
?GetNextPac@CProfileMgr@@QAEJPAEAAIPADI2IW4INTEL_PAC_TYPE@@@Z
??0CPacData@@QAE@ABV0@@Z
?GetOpaque@CPacData@@QAEHPAEAAI@Z
?GetFirstPreferredProfile@CProfileMgr@@QAEJAAVCPreferredProfile@@K@Z
?GetAid@CPacData@@QAEHPAEAAI@Z
?GetNextPreferredProfile@CProfileMgr@@QAEJAAVCPreferredProfile@@K@Z
??0CProfileNameArray@@QAE@XZ
??1CProfileNameArray@@UAE@XZ
?GetFirstProfile@CProfileMgr@@QAEJPADIK@Z
?GetNextProfile@CProfileMgr@@QAEJPADIK@Z
?GetProfileToApply@CProfileMgr@@QAEJPBDAAUINTEL_WLAN_PROFILE@@K@Z
?Close@CProfileMgr@@QAEJXZ
??1CProfileMgr@@QAE@XZ
??0CPacData@@QAE@XZ
?SetAid@CPacData@@QAEXPAEI@Z
?SetAidInfo@CPacData@@QAEXPADI@Z
?SetIid@CPacData@@QAEXPADI@Z
??1CPacData@@QAE@XZ
??0CPreferredProfile@@QAE@XZ
?GetAt@CProfileNameArray@@QBEPBDI@Z
?GetFirstTSListEntry@CProfileMgr@@QAEJPADI@Z
?Open@CProfileMgr@@QAEJK@Z
?GetCount@CProfileMgr@@QAEJPAHK@Z
??1CPreferredProfile@@QAE@XZ
?Name@CPreferredProfile@@QAEPADXZ
?Add@CProfileNameArray@@QAE_NPBD@Z
??0CPreferredProfile@@QAE@PBD00HW4INTEL_OPMODE@@W4INTEL_ALGORITHM@@W4INTEL_AUTHMODE@@KHW4INTEL_DOT1X_PASSWORD_MODE@@W4INTEL_AUTH_ALG@@HH@Z
??ACProfileNameArray@@QAEPBDI@Z
?Size@CProfileNameArray@@QBEIXZ

intstngs

??1CUserSettings@@QAE@XZ
?SetChecksum@CUserSettings@@QAEHPBD@Z
??0CUserSettings@@QAE@KH@Z

comctl32

ord17

gdi32

CreateBitmap
GetClipBox
SetTextColor
SetBkColor
GetObjectA
GetDeviceCaps
DeleteObject
DeleteDC
Escape
ExtTextOutA
SaveDC
RestoreDC
SelectObject
GetStockObject
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
TextOutA
RectVisible
PtVisible

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

Exports

Exports

??0CEncrypter@@QAE@XZ
??1CEncrypter@@QAE@XZ
?DecryptString@CEncrypter@@QAEPBDPBD0H@Z
?DecryptValue@CEncrypter@@QAEPBDPBD0H@Z
?EncryptString@CEncrypter@@QAEPBDPBD@Z
?EncryptValue@CEncrypter@@QAEPBDPBD@Z

Sections

.text
Size: 224KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 40KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rrdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d944563247c3a744c84a2f882d869798

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

traceapi

secur32

psregapi

shlwapi

userenv

pfmgrapi

intstngs

comctl32

gdi32

winspool.drv

Exports

Exports

Sections

.text Size: 224KB - Virtual size: 221KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 40KB - Virtual size: 49KB

.rrdata Size: 68KB - Virtual size: 68KB

.text
Size: 224KB - Virtual size: 221KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 40KB - Virtual size: 49KB

.rrdata
Size: 68KB - Virtual size: 68KB