3912b24c4a7563a1321e4b6e28420a03_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3912b24c4a7563a1321e4b6e28420a03_JaffaCakes118
Size

5.9MB
MD5

3912b24c4a7563a1321e4b6e28420a03
SHA1

ccb801b0c6bee261ee3e1a4d5832bf85013f2c6b
SHA256

ecbc234d0ca00490a5b22b32ac482cf26804123c1f8fc314249606b6fe80318e
SHA512

2a3cb86e0935528a801a6484cd3199b936e88713daeb85b7ca68075b17f810d0bd4e9984ec1a8216c672a2c0db30aa871e535d5f23152574a7a53cf265de2ed7
SSDEEP

98304:cd33vwlCXqFtSsG+5G3WI/YfWT/SyzcMLkkSDBDH7:g3YIXqasG+5SJIgi7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3912b24c4a7563a1321e4b6e28420a03_JaffaCakes118

Files

3912b24c4a7563a1321e4b6e28420a03_JaffaCakes118
.exe windows:4 windows x86 arch:x86

21a2a3835522a1a2cdb57b17c720d075

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
CryptGetHashParam
RegSetValueExA
RegCloseKey
CryptDeriveKey
CryptDecrypt
CryptImportKey
CryptCreateHash
CryptHashData
CryptVerifySignatureA
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameA
RegDeleteValueA
RegEnumValueA
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash

dinput8

DirectInput8Create

gdi32

CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteObject
DeleteDC

kernel32

OpenProcess
GetModuleFileNameA
ReadProcessMemory
CloseHandle
GetLastError
GetCurrentThreadId
FormatMessageA
lstrlen
LocalAlloc
GetVersionExA
IsBadWritePtr
InterlockedExchange
SetUnhandledExceptionFilter
FindFirstFileA
lstrcmpi
FindNextFileA
LoadLibraryA
GetProcAddress
FreeLibrary
lstrcmp
CompareFileTime
FileTimeToSystemTime
lstrcpy
GetLocalTime
SystemTimeToFileTime
IsDBCSLeadByte
GetVersion
SetFilePointer
MultiByteToWideChar
LocalFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
SetConsoleCtrlHandler
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetStringTypeW
GetStringTypeA
IsBadCodePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
Sleep
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
GetCurrentThread
SetLastError
TlsFree
TlsAlloc
FatalAppExitA
HeapSize
HeapReAlloc
GetSystemTime
GetTimeZoneInformation
GetFileAttributesA
GetCommandLineA
GetStartupInfoA
ExitThread
TlsGetValue
TlsSetValue
TerminateProcess
RaiseException
InterlockedIncrement
InterlockedDecrement
RtlUnwind
lstrlenW
GetVolumeInformationA
GetWindowsDirectoryA
Thread32Next
Thread32First
Process32Next
Process32First
CreateToolhelp32Snapshot
WideCharToMultiByte
SetEvent
InitializeCriticalSection
DeleteCriticalSection
SetEndOfFile
WriteFile
ResumeThread
ResetEvent
GetModuleHandleA
GetExitCodeProcess
WaitForMultipleObjects
CreateProcessA
ReadFile
GetFileSize
CreateEventA
WaitForSingleObject
OpenEventA
GetTickCount
CreateFileA
lstrcat
CreateDirectoryA
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
OpenMutexA
CreateThread
TerminateThread
CreateMutexA
ReleaseMutex
GetComputerNameA
ExitProcess
QueryPerformanceCounter
IsBadReadPtr
GetSystemDirectoryA
GetModuleFileNameW
VirtualAlloc
VirtualFree
VirtualProtect
LoadLibraryExA
CopyFileA
GetTempFileNameA
GetTempPathA
HeapFree
GetProcessHeap
DeleteFileA
FindClose
HeapAlloc
GetFileInformationByHandle
FlushFileBuffers
DuplicateHandle
GetCurrentProcess
SetStdHandle
CreatePipe
GetStdHandle
PeekNamedPipe

oleaut32

SysAllocString
CreateErrorInfo
GetErrorInfo
SafeArrayCreate
SafeArrayDestroy
VariantCopy
VariantChangeType
VariantClear
SetErrorInfo
SysFreeString
VariantInit

user32

EnableWindow
MoveWindow
SendMessageA
FindWindowA
IsWindowEnabled
SetRectEmpty
SetRect
MapVirtualKeyA
DialogBoxParamA
GetDlgItem
MessageBoxA
GetWindowThreadProcessId
EnumThreadWindows
GetWindowTextA
AttachThreadInput
BringWindowToTop
wsprintfA
OffsetRect
PtInRect
GetWindow
wvsprintfA

winmm

timeGetTime

ws2_32

send
WSACleanup
WSAStartup
WSASend
getsockname
socket
inet_addr
gethostbyname
WSAGetLastError
getpeername
htonl
htons
closesocket

wzmss

?WzSoap_GetArticleOwner@@YAJEHPBGEH_NPAH@Z
?WzSoap_WriteArticle@@YAJEHPBGE000HPAG1_N1@Z
?WzSoap_CommentArticle@@YAJEHPBGEH00H_NPAG@Z
?WzSoap_GetArticleTitle@@YAJEHPBGEH_NPAG@Z
?WzSoap_GetArticleContent@@YAJEH_NPBGPAG@Z
?WzSoap_ModifyArticle@@YAJEHPBG0_N0PAG@Z
?WzSoap_GetTopArticleID@@YAJEHPBGE_NPAH@Z
?WzSoap_DeleteArticle@@YAJEH_NPBGPAG@Z
?WzSoap_ConsultDelete@@YAJHPBGPAG@Z
?WzSoap_GetTopArticleTitle@@YAJEHPBGE_NPAG@Z

ijl15

ijlInit
ijlRead
ijlWrite
ijlFree

iphlpapi

GetAdaptersInfo

npkcrypt

NPKSetDrvPath
NPKSetAppCompatFlag
NPKGetAppCompatFlag
NPKRegisterCryptWindowMsg
NPKOpenDriver
NPKLoadAtStartup
NPKCloseDriver

ole32

CoCreateGuid

Exports

Exports

ZtlTaskMemAllocImp
ZtlTaskMemFreeImp
ZtlTaskMemReallocImp

Sections

Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 488KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

aspr
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mackt
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

21a2a3835522a1a2cdb57b17c720d075

Headers

File Characteristics

Imports

advapi32

dinput8

gdi32

kernel32

oleaut32

user32

winmm

ws2_32

wzmss

ijl15

iphlpapi

npkcrypt

ole32

Exports

Exports

Sections

Size: 4.9MB - Virtual size: 4.9MB

Size: 488KB - Virtual size: 488KB

Size: 248KB - Virtual size: 248KB

.rsrc Size: 8KB - Virtual size: 8KB

Size: 4KB - Virtual size: 4KB

.data Size: 248KB - Virtual size: 248KB

.adata Size: 4KB - Virtual size: 4KB

aspr Size: 20KB - Virtual size: 20KB

.mackt Size: 8KB - Virtual size: 8KB

.rsrc
Size: 8KB - Virtual size: 8KB

.data
Size: 248KB - Virtual size: 248KB

.adata
Size: 4KB - Virtual size: 4KB

aspr
Size: 20KB - Virtual size: 20KB

.mackt
Size: 8KB - Virtual size: 8KB