3be5b565ffff61fe4de9d2e94d70a096_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3be5b565ffff61fe4de9d2e94d70a096_JaffaCakes118
Size

261KB
MD5

3be5b565ffff61fe4de9d2e94d70a096
SHA1

a33b26b3ed36770e60be840b921bfcdeed0eb521
SHA256

97284c9f182e9a19fc7f6ef77825b4396f6c9c7580b2c32d16e236afd0e686f7
SHA512

b4977185d516ef4fdd0448a51bc9e65c8d8594cbc11c7597ae01bdc30025baa643190425fb747eb4000818a18269b2fa579888bdcfa84165307e32d834626ca8
SSDEEP

6144:KfCyEJ0Bkhiq2oWssVqjOyarNKnDcCxc:XGBap2LssVFLrNu4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3be5b565ffff61fe4de9d2e94d70a096_JaffaCakes118

Files

3be5b565ffff61fe4de9d2e94d70a096_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5ea5616f849653d619d3ea6c777c65be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetLocalTime
Sleep
GetModuleFileNameA
GetCommandLineA
GetTempPathA
CreateDirectoryA
ReadFile
WriteFile
RemoveDirectoryA
MoveFileA
CreateMutexA
GetLastError
lstrcpyA
lstrcatA
lstrlenA
ExpandEnvironmentStringsA
GetFileAttributesExA
CreateThread
WaitForSingleObject
TerminateThread
CloseHandle
GetProcessHeap
SetEndOfFile
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetFilePointer
InitializeCriticalSectionAndSpinCount
VirtualAlloc
HeapReAlloc
HeapSize
HeapAlloc
FlushFileBuffers
VirtualFree
DeleteFileA
HeapFree
HeapCreate
HeapDestroy
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryW
ExitProcess
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetLastError
TlsFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetModuleHandleW
TlsGetValue
GetProcAddress
IsBadReadPtr
HeapValidate
GetStartupInfoA
GetModuleFileNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement

user32

wsprintfA
GetClassLongA

advapi32

RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey

ole32

CoInitialize

shell32

ShellExecuteA

shlwapi

PathFileExistsA
PathFindFileNameA
PathRemoveBlanksA
PathGetArgsA
PathIsDirectoryA

gdi32

LPtoDP
GetCharWidthFloatA
GetTextAlign
EnumFontFamiliesExW
GdiSetBatchLimit
GetViewportExtEx
StrokePath
OffsetClipRgn
SetColorSpace
PaintRgn
GetClipRgn
CreateRectRgnIndirect
PolyBezierTo
GetRandomRgn
GetTextExtentExPointW
GetFontUnicodeRanges
GetICMProfileA
GetTextExtentExPointI
AnimatePalette
GetMetaFileA
WidenPath
FillRgn
ScaleViewportExtEx
GetGlyphIndicesW
GetSystemPaletteEntries
DeleteObject
GetEnhMetaFileW
GetCharWidth32A
CloseEnhMetaFile
PlayMetaFileRecord
Rectangle
CopyMetaFileW
SetPixelV
PolyPolygon
CreateFontA
SetBkMode
SaveDC
UpdateColors
SetBrushOrgEx
AddFontResourceW
CreateHalftonePalette
GetAspectRatioFilterEx
GetGlyphOutlineA
FloodFill
DeleteColorSpace
SetDIBits
CreateBrushIndirect
SetWindowOrgEx
SetTextColor
DeleteMetaFile
ModifyWorldTransform
RemoveFontResourceW
CreatePenIndirect
GetRgnBox
RemoveFontResourceExA
CreateSolidBrush
SetSystemPaletteUse
SetGraphicsMode
RectVisible
SetPixelFormat
DeleteDC
EnumEnhMetaFile
StretchBlt
CreateRoundRectRgn
CreateDIBitmap
EnumObjects
SetBitmapDimensionEx
SetDIBitsToDevice
GetPaletteEntries
GetPixel
ExtCreateRegion
GetObjectType
SetAbortProc
GetTextExtentPointW
GetTextExtentPoint32A
CloseMetaFile
GetEnhMetaFileA
CreateCompatibleBitmap
SetColorAdjustment
EnumICMProfilesA
GetTextCharsetInfo
CreatePalette
SetBitmapBits
SelectClipPath
ArcTo
CreateDIBSection
GdiFlush
SetICMProfileA
CreateFontIndirectW
LineTo
GetEnhMetaFilePixelFormat
PolylineTo
GetCharABCWidthsA
RemoveFontMemResourceEx
SetViewportOrgEx
Polyline
EnumFontFamiliesW
SwapBuffers
ResetDCW
GetFontData
GetWindowOrgEx
GetDCBrushColor
GetCharABCWidthsW
SetViewportExtEx
GetWorldTransform
DrawEscape
GetDCOrgEx
CreateMetaFileA
GetTextMetricsW
StartDocA
GetTextFaceA
GetCharWidthFloatW
PolyTextOutA
SetDeviceGammaRamp

ws2_32

recv
closesocket
__WSAFDIsSet
select
connect
ioctlsocket
htons
socket
gethostbyname
WSAStartup
send

netapi32

Netbios

comdlg32

ReplaceTextA

comsvcs

SafeRef

crypt32

CryptMsgEncodeAndSignCTL
CryptEnumKeyIdentifierProperties
CertAddCTLContextToStore
PFXImportCertStore
CryptSignMessageWithKey
CryptMsgSignCTL
CryptFindLocalizedName
CertAddStoreToCollection
CryptMsgOpenToDecode
CryptSetOIDFunctionValue
CryptVerifyCertificateSignatureEx
CryptExportPKCS8
CryptEncodeObjectEx
CertDeleteCRLFromStore
CertVerifyValidityNesting
CryptAcquireCertificatePrivateKey
CertGetCertificateChain
CertSetCRLContextProperty
CertCreateCertificateChainEngine
CertFindCertificateInStore
CryptDecodeObject
CertDuplicateCTLContext
CertUnregisterPhysicalStore
CertRegisterPhysicalStore
CryptCreateKeyIdentifierFromCSP
CryptGetMessageCertificates
CryptFreeOIDFunctionAddress
CertVerifyRevocation
CertEnumCTLContextProperties
CertFindAttribute
CryptHashToBeSigned
CryptMsgDuplicate
CertVerifyCertificateChainPolicy
CertComparePublicKeyInfo
CryptFindCertificateKeyProvInfo
CertIsValidCRLForCertificate
CryptExportPublicKeyInfo
CryptInstallOIDFunctionAddress
CertEnumCertificatesInStore
CertSetCertificateContextPropertiesFromCTLEntry
CertSerializeCRLStoreElement
CertSaveStore
CryptMsgGetParam
CryptVerifyDetachedMessageHash
PFXVerifyPassword
CryptVerifyMessageHash
CertCreateCertificateContext
CertDuplicateCertificateChain
CryptCreateAsyncHandle
CertAddEncodedCertificateToSystemStoreA
CryptVerifyMessageSignatureWithKey
CryptSignAndEncodeCertificate
CertStrToNameW
CertVerifyTimeValidity
CertCloseStore
CertFindSubjectInCTL
CertEnumCRLsInStore
CryptStringToBinaryA
CryptDecodeMessage
CryptMsgOpenToEncode
CryptRegisterOIDInfo
CertSetCTLContextProperty
CertVerifyCTLUsage
CryptEnumOIDInfo
CertFindChainInStore
CertCreateContext
CryptGetOIDFunctionValue
CryptVerifyMessageSignature
CryptDecryptMessage
CryptInstallDefaultContext
CertGetEnhancedKeyUsage
CertDuplicateStore

imm32

ImmGetIMEFileNameW
ImmInstallIMEW
ImmGetCompositionFontW
ImmDisableTextFrameService
ImmGetIMEFileNameA
ImmGetCompositionFontA
ImmSetCompositionStringW
ImmGetStatusWindowPos
ImmIsUIMessageW
ImmRegisterWordA
ImmRegisterWordW
ImmGetConversionListW
ImmEnumRegisterWordW
ImmConfigureIMEW
ImmGetImeMenuItemsA
ImmUnregisterWordW
ImmSimulateHotKey

iphlpapi

SendARP
GetNetworkParams
GetIpStatistics
GetIfEntry
CancelIPChangeNotify
GetPerAdapterInfo
GetTcpTable

msi

ord269
ord255
ord241
ord6
ord219
ord254
ord247
ord246
ord88
ord232
ord230
ord11
ord261
ord89
ord102
ord55
ord275
ord37
ord180
ord258
ord174
ord45
ord86
ord190
ord266
ord137
ord248
ord243
ord211
ord240
ord108
ord273
ord192
ord15
ord104
ord94
ord168
ord270
ord179
ord195
ord5
ord205
ord249
ord212
ord7
ord70
ord245
ord189
ord56
ord176
ord173
ord154
ord259
ord204
ord96
ord95
ord136
ord263
ord193
ord265
ord238
ord107
ord175
ord202
ord260
ord109
ord66
ord237
ord227
ord126
ord225
ord262
ord267
ord39
ord231
ord14
ord131
ord141
ord84
ord44

msimg32

AlphaBlend
TransparentBlt

msvfw32

ICImageDecompress
DrawDibProfileDisplay
MCIWndCreateA
DrawDibDraw
ICLocate
ICImageCompress
ICGetDisplayFormat
ICSendMessage
DrawDibGetPalette
ICRemove
ICCompressorChoose
ICSeqCompressFrame
ICDraw
DrawDibBegin
DrawDibGetBuffer
ICCompressorFree
ICSeqCompressFrameStart
DrawDibSetPalette
ICSeqCompressFrameEnd
DrawDibChangePalette
ord2
MCIWndRegisterClass

mswsock

AcceptEx

Sections

.text
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ea5616f849653d619d3ea6c777c65be

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

shlwapi

gdi32

ws2_32

netapi32

comdlg32

comsvcs

crypt32

imm32

iphlpapi

msi

msimg32

msvfw32

mswsock

Sections

.text Size: 170KB - Virtual size: 169KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 4KB - Virtual size: 21KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 170KB - Virtual size: 169KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 4KB - Virtual size: 21KB

.reloc
Size: 18KB - Virtual size: 17KB