39b361d1559b77753fa2efb59a538188_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

39b361d1559b77753fa2efb59a538188_JaffaCakes118
Size

5.3MB
MD5

39b361d1559b77753fa2efb59a538188
SHA1

c4277e14dc080e7b0fe09acd4be7b978994adc9e
SHA256

4e03d7d941b45e2a8c553073c6840a04656dec233793dd0f1221c73709a758f7
SHA512

95824f64973c89810c800126f4eae7fbdf5c7934eecf4e0989735923ee1cb43bb8ca5b75b71d2c157c667b894f46557fa700ffba982a07c7c71d9071eed6d7e7
SSDEEP

49152:7HeTlP2+rM1F0UaK1Nl5YN4gZoCQCM0Cla1PrIHRKPe8FLfM9tvnq1ucKMre0b7H:7mNrq0o7YzQCM0nkaDLXZPbdniOxp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39b361d1559b77753fa2efb59a538188_JaffaCakes118

Files

39b361d1559b77753fa2efb59a538188_JaffaCakes118
.exe windows:4 windows x86 arch:x86

76dc79ffa6991a3501b61566d57330e4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptImportKey
CryptGetHashParam
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
CryptDeriveKey
CryptDecrypt
CryptCreateHash
CryptHashData
CryptVerifySignatureA
CryptDestroyHash
RegEnumValueA
CryptReleaseContext
CryptDestroyKey
CryptEncrypt
CryptAcquireContextA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameA
RegCreateKeyExA
RegDeleteValueA

dinput8

DirectInput8Create

gdi32

BitBlt
SelectObject
CreateCompatibleDC
DeleteDC
GetStockObject
GetObjectA

kernel32

OpenProcess
GetModuleFileNameA
LocalLock
ReadProcessMemory
CloseHandle
GetCurrentThreadId
FormatMessageA
lstrlen
LocalAlloc
GetVersionExA
IsBadWritePtr
SetUnhandledExceptionFilter
lstrcmpi
LoadLibraryA
GetProcAddress
FreeLibrary
InterlockedExchange
CreateDirectoryA
FindFirstFileA
DeleteFileA
FindNextFileA
FindClose
GetLastError
CompareFileTime
lstrcpy
FileTimeToSystemTime
GetVersion
SetFilePointer
GetLocalTime
SystemTimeToFileTime
IsDBCSLeadByte
MultiByteToWideChar
LocalFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
SetConsoleCtrlHandler
FlushFileBuffers
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetStringTypeW
GetStringTypeA
IsBadCodePtr
GetFileType
LockResource
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetCurrentThread
SetLastError
TlsFree
TlsAlloc
FatalAppExitA
HeapSize
HeapReAlloc
GetSystemTime
GetTimeZoneInformation
GetFileAttributesA
GetCommandLineA
GetStartupInfoA
ExitThread
TlsGetValue
InterlockedIncrement
InterlockedDecrement
GetVolumeInformationA
GetWindowsDirectoryA
Thread32Next
Thread32First
Process32Next
Process32First
CreateToolhelp32Snapshot
WideCharToMultiByte
TerminateProcess
SetEvent
InitializeCriticalSection
DeleteCriticalSection
SetEndOfFile
WriteFile
ResumeThread
ResetEvent
SetThreadPriority
GetModuleHandleA
GetExitCodeProcess
WaitForMultipleObjects
CreateProcessA
ReadFile
GetFileSize
CreateEventA
WaitForSingleObject
OpenEventA
GetTickCount
CreateFileA
lstrcat
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
OpenMutexA
CreateThread
TerminateThread
CreateMutexA
ReleaseMutex
GetComputerNameA
lstrcmp
ExitProcess
QueryPerformanceCounter
IsBadReadPtr
GetSystemDirectoryA
GetModuleFileNameW
VirtualProtect
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
CopyFileA
GetCurrentDirectoryA
VirtualQuery
VirtualAlloc
VirtualFree
LoadLibraryExA
GetTempFileNameA
GetTempPathA
HeapFree
GetProcessHeap
HeapAlloc
GetFileInformationByHandle
DuplicateHandle
GetCurrentProcess
SetStdHandle
CreatePipe
GetStdHandle
PeekNamedPipe
Sleep
lstrlenW
RtlUnwind
RaiseException
FileTimeToLocalFileTime
TlsSetValue

netapi32

Netbios

oleaut32

SysAllocString
CreateErrorInfo
SysFreeString
SetErrorInfo
VariantInit
VariantChangeType
VariantCopy
SafeArrayDestroy
SafeArrayCreate
VariantClear
GetErrorInfo

shell32

SHGetSpecialFolderPathA

user32

wvsprintfA
PtInRect
wsprintfA
BringWindowToTop
AttachThreadInput
GetWindowThreadProcessId
SetRectEmpty
EnumThreadWindows
MessageBoxA
GetWindowTextA
SetRect
MapVirtualKeyA
DialogBoxParamA
FrameRect
LoadBitmapA
IsWindowEnabled
FindWindowA
CreateWindowExA
GetDlgItem
EnableWindow

wininet

InternetCloseHandle
FtpOpenFileA
InternetConnectA
InternetOpenA
FtpGetFileSize
FtpGetFileA

winmm

timeKillEvent
timeSetEvent
timeGetTime

ws2_32

htonl
WSASend
send
sendto
WSACleanup
WSAStartup
getpeername
socket
inet_addr
gethostbyname
WSAGetLastError
closesocket
htons

ijl15

ijlFree
ijlWrite
ijlInit

npkcrypt

NPKSetDrvPath
NPKOpenDriver
NPKGetAppCompatFlag
NPKLoadAtStartup
NPKRegisterCryptWindowMsg
NPKCloseDriver
NPKSetAppCompatFlag

ole32

CoCreateGuid

Exports

Exports

ZtlTaskMemAllocImp
ZtlTaskMemFreeImp
ZtlTaskMemReallocImp

Sections

Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 424KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 656KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mackt
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

76dc79ffa6991a3501b61566d57330e4

Headers

File Characteristics

Imports

advapi32

dinput8

gdi32

kernel32

netapi32

oleaut32

shell32

user32

wininet

winmm

ws2_32

ijl15

npkcrypt

ole32

Exports

Exports

Sections

Size: 4.1MB - Virtual size: 4.1MB

Size: 424KB - Virtual size: 424KB

Size: 112KB - Virtual size: 112KB

.rsrc Size: 656KB - Virtual size: 656KB

.data Size: 72KB - Virtual size: 72KB

.adata Size: 4KB - Virtual size: 4KB

.tls Size: 8KB - Virtual size: 8KB

.mackt Size: 8KB - Virtual size: 8KB

.rsrc
Size: 656KB - Virtual size: 656KB

.data
Size: 72KB - Virtual size: 72KB

.adata
Size: 4KB - Virtual size: 4KB

.tls
Size: 8KB - Virtual size: 8KB

.mackt
Size: 8KB - Virtual size: 8KB