3fec7beb0bb04eda9471a3f66904c9a1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3fec7beb0bb04eda9471a3f66904c9a1_JaffaCakes118
Size

565KB
MD5

3fec7beb0bb04eda9471a3f66904c9a1
SHA1

fd5de0ac82cd775ff31ceda3e6fea98b8dd7a234
SHA256

e0c1fe22fe6bbde2a4559eb66b64e9c760851baffb8ac6264a9d97ddfe42aee9
SHA512

a5a44d0a6b969e13ad6ba46f7f8872bc0a933a9e4987c2fb2890e1af4635451c22ee03841dbd025dd6d74a1f8d9158f5cfb1f7de1493940c485684a495516256
SSDEEP

6144:XL1QOc95ndnSGDmucVJ9/6+zX4AuEFjH51jz9SSYgsRFYNMb15NFX9kgwFJ7FV+:71QrdnbjcVJl6+L4AdxYLTZ5D9kXf7z+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3fec7beb0bb04eda9471a3f66904c9a1_JaffaCakes118

Files

3fec7beb0bb04eda9471a3f66904c9a1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fe0f3176428f56cabd1f5e101e84ad46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BUILD_AREA\au\client\ws\obj\jucheck\Release\jucheck.pdb

Imports

advapi32

RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegEnumKeyA

crypt32

CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CryptMsgClose
CertCloseStore

version

GetFileVersionInfoA
VerQueryValueA

user32

PeekMessageA
DispatchMessageA
DispatchMessageW
TranslateMessage
GetMessageA
GetMessageW
IsWindowUnicode
SetWindowContextHelpId
MapDialogRect
GetWindowRect
PtInRect
SetCursor
GetDlgCtrlID
LoadBitmapA
EnableWindow
EndDialog
RegisterClassA
ShowWindow
PostQuitMessage
CreatePopupMenu
AppendMenuA
GetCursorPos
SetForegroundWindow
TrackPopupMenu
PostMessageA
GetDesktopWindow
MsgWaitForMultipleObjects
SetWindowLongA
GetWindowLongA
MessageBoxA
LoadStringA
DefWindowProcA
GetSysColor
CharNextA
MoveWindow
SetWindowPos
GetClientRect
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
IsChild
GetParent
GetDlgItem
GetClassNameA
ReleaseCapture
FillRect
DestroyWindow
wsprintfA
GetSystemMetrics
UnregisterClassA
LoadImageA
DialogBoxIndirectParamA
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
CreateAcceleratorTableA
CreateWindowExA
RegisterClassExA
LoadCursorA
GetClassInfoExA
IsWindow
SendMessageA
GetFocus
GetWindow
SetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
CallWindowProcA

gdi32

StretchBlt
SetTextColor
SaveDC
SetGraphicsMode
ModifyWorldTransform
SetViewportOrgEx
SetWindowOrgEx
DPtoLP
CreateFontIndirectA
RestoreDC
GetStockObject
GetObjectA
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
SetBkMode

comctl32

ord17

wintrust

WinVerifyTrust

wininet

InternetGetConnectedState
InternetCrackUrlA
InternetConnectA
HttpOpenRequestA
InternetOpenA
InternetQueryDataAvailable
HttpAddRequestHeadersA
HttpSendRequestA
InternetErrorDlg
HttpQueryInfoA
InternetTimeToSystemTime
InternetReadFile
InternetCloseHandle
InternetTimeFromSystemTime

urlmon

URLDownloadToFileA

shell32

Shell_NotifyIconA
ShellExecuteA

kernel32

InterlockedExchange
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
GetStdHandle
CompareStringW
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
SetEnvironmentVariableA
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
VirtualQuery
GetModuleHandleW
VirtualProtect
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetCurrentProcessId
GetTickCount
SystemTimeToTzSpecificLocalTime
LocalFree
GetEnvironmentVariableA
GetSystemInfo
GetVersionExA
GetTempPathA
GetThreadLocale
GetSystemTime
OpenEventA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetLocaleInfoW
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
SetUnhandledExceptionFilter
CompareStringA
ExitProcess
HeapReAlloc
LoadLibraryA
GetProcAddress
CreatePipe
SetHandleInformation
ReadFile
GetModuleHandleA
LoadLibraryExA
SizeofResource
FreeLibrary
IsDBCSLeadByte
GetCommandLineA
CreateMutexA
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
lstrcpynA
CreateEventA
CreateThread
ResetEvent
WaitForMultipleObjects
SetEvent
MultiByteToWideChar
WideCharToMultiByte
lstrcpyA
lstrlenW
lstrlenA
WaitForSingleObject
CloseHandle
lstrcmpA
WriteFile
SetEndOfFile
SetFilePointer
CompareFileTime
SystemTimeToFileTime
Sleep
GetLastError
FileTimeToSystemTime
GetFileTime
GetFileSize
CreateFileA
lstrcatA
RaiseException
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
GlobalAlloc
FindResourceA
GetExitCodeProcess
CreateProcessA
FormatMessageA
lstrcmpiA
DeleteFileA
GetCurrentThreadId
MulDiv
GetModuleFileNameA
GlobalUnlock
GlobalLock
SetLastError
GlobalFree
GlobalHandle
LockResource
LoadResource
CreateFileW

ole32

OleLockRunning
CoGetClassObject
CoInitializeSecurity
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc
CLSIDFromString
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoTaskMemRealloc
CoUninitialize
CoInitialize
StringFromCLSID
CLSIDFromProgID

oleaut32

VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen

Sections

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.krdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fe0f3176428f56cabd1f5e101e84ad46

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

crypt32

version

user32

gdi32

comctl32

wintrust

wininet

urlmon

shell32

kernel32

ole32

oleaut32

Sections

.text Size: 204KB - Virtual size: 204KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 11KB - Virtual size: 19KB

.rsrc Size: 213KB - Virtual size: 213KB

.krdata Size: 76KB - Virtual size: 76KB

.text
Size: 204KB - Virtual size: 204KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 11KB - Virtual size: 19KB

.rsrc
Size: 213KB - Virtual size: 213KB

.krdata
Size: 76KB - Virtual size: 76KB