403ea7ee788a531246514624de6120ca_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

403ea7ee788a531246514624de6120ca_JaffaCakes118
Size

743KB
MD5

403ea7ee788a531246514624de6120ca
SHA1

53c99d839a29b9b8355d6a286f3c7a8cb4d926ee
SHA256

dc59c58e3ad2cfcc2c38195036642c7dafea7566860342268b7c3092bf30ca3d
SHA512

319a2d8bb30348d6bc41f280381486ad02fe9db096ec8b8fc66598de5995d28ca3186cc4c5d60e44e449ec8d39fdce4ea87a6e2deeef82aca1133de3c200ca3f
SSDEEP

12288:8CD85Oij26e2xbepZozM18P5Xcla++xOIISHerJC874rc36VflTnGluiQ1l:8CDqBbIZ118kZtp74r/VdTnsOl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
403ea7ee788a531246514624de6120ca_JaffaCakes118

Files

403ea7ee788a531246514624de6120ca_JaffaCakes118
.exe windows:5 windows x86 arch:x86

283dfe27df44efb70cd9bdb0945a3a19

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostname
inet_addr
ioctlsocket
connect
getpeername
WSAStartup
gethostbyname
htonl
WSAGetLastError
htons
getsockname
shutdown
setsockopt
WSACleanup
recv
bind
socket
closesocket
send
listen
accept

winmm

timeSetEvent
timeGetTime
timeKillEvent

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

userenv

ExpandEnvironmentStringsForUserA
CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

Sleep
CreateEventA
GetExitCodeProcess
Process32Next
OpenEventA
CreateToolhelp32Snapshot
OutputDebugStringA
GetVersionExA
GetCurrentProcessId
SetCurrentDirectoryA
ResumeThread
CreateThread
CreateFileA
GetFileSize
CompareFileTime
GetFileTime
SetFilePointer
MoveFileExA
SetEndOfFile
SetErrorMode
SystemTimeToFileTime
SetFileTime
WriteFile
GetDriveTypeA
GetFileAttributesA
FileTimeToSystemTime
ReadFile
FlushFileBuffers
CreateDirectoryA
GetLogicalDriveStringsA
SetFileAttributesA
MoveFileA
GetSystemTime
GlobalLock
GetCurrentThread
GlobalAlloc
CreateProcessA
TerminateProcess
SetThreadPriority
GlobalUnlock
SetProcessShutdownParameters
TerminateThread
ResetEvent
WaitForMultipleObjects
AllocConsole
FormatMessageA
GetStdHandle
WriteConsoleA
SetLastError
GlobalGetAtomNameA
GlobalAddAtomA
SetEvent
GetOEMCP
GetACP
HeapSize
ExitThread
RaiseException
GetTimeZoneInformation
HeapReAlloc
PeekNamedPipe
GetFileInformationByHandle
GetCPInfo
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
RtlUnwind
GetCurrentDirectoryA
SetEnvironmentVariableA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetCommandLineA
SetStdHandle
ExitProcess
GetModuleHandleW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsAlloc
DuplicateHandle
TlsSetValue
TlsFree
TlsGetValue
CreateSemaphoreA
ReleaseSemaphore
SetVolumeLabelA
GetLocaleInfoA
GetLocalTime
lstrcmpiA
lstrcpynA
InterlockedExchange
GetProcessHeap
HeapAlloc
HeapFree
GetFileType
DosDateTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetFullPathNameA
GetVolumeInformationA
lstrcpyA
lstrcatA
GlobalFree
Process32First
GetStringTypeW
HeapCreate
VirtualFree
OpenFileMappingA
ReleaseMutex
CreateMutexA
CreateFileMappingA
GetStringTypeA
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
CloseHandle
GetPrivateProfileStructA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
OpenProcess
WritePrivateProfileSectionA
WritePrivateProfileStructA
WinExec
GetLastError
GetComputerNameA
GetVersion
GetSystemInfo
lstrlenA
DeleteFileA
GetTempPathA
FindNextFileA
FindClose
CopyFileA
FindFirstFileA
FreeLibrary
WideCharToMultiByte
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcessTimes
InitializeCriticalSection
GetSystemTimeAsFileTime
GetTickCount
GetCurrentProcess
GetCurrentThreadId
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
MulDiv
VirtualAlloc
SetHandleCount
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetConsoleOutputCP
WriteConsoleW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetEnvironmentVariableW
GetLocaleInfoW
CompareStringA
CompareStringW
IsValidCodePage
LCMapStringA
LCMapStringW
GlobalDeleteAtom
RemoveDirectoryA

user32

IsDlgButtonChecked
TrackPopupMenu
GetMenuItemID
GetSubMenu
LoadMenuA
EnableMenuItem
SetMenuDefaultItem
DestroyMenu
DestroyIcon
EnableWindow
ToAscii
GetKeyState
GetAsyncKeyState
MapVirtualKeyA
VkKeyScanA
SetRect
IsIconic
DestroyWindow
PostThreadMessageA
WaitMessage
GetClipboardData
PeekMessageA
ChangeClipboardChain
SetClipboardViewer
GetClipboardOwner
CheckDlgButton
CloseClipboard
GetClassNameA
OpenDesktopA
DrawIconEx
WaitForInputIdle
WindowFromPoint
RegisterWindowMessageA
EnumWindows
GetIconInfo
GetWindowTextA
EmptyClipboard
IsWindow
OpenClipboard
IsWindowVisible
SetClipboardData
keybd_event
GetKeyboardState
mouse_event
SetActiveWindow
MessageBeep
FlashWindow
ChangeDisplaySettingsExA
EnumDisplaySettingsA
SetCursor
ScreenToClient
SetDlgItemInt
GetDlgItemInt
ExitWindowsEx
GetProcessWindowStation
EnumDesktopWindows
GetWindowRect
SendDlgItemMessageA
SetCapture
SetForegroundWindow
LoadStringA
GetParent
GetClientRect
SetFocus
GetScrollInfo
InvalidateRect
GetDlgItem
EndDialog
GetCursorPos
PostMessageA
SetCaretBlinkTime
ReleaseCapture
SetWindowTextA
CallWindowProcA
GetDlgItemTextA
DialogBoxParamA
GetCaretBlinkTime
SetDlgItemTextA
MoveWindow
wsprintfA
FindWindowA
GetWindowThreadProcessId
SystemParametersInfoA
GetForegroundWindow
MessageBoxA
SendMessageA
GetMessageA
GetUserObjectInformationA
SetTimer
RegisterClassExA
PostQuitMessage
GetThreadDesktop
KillTimer
LoadIconA
OpenInputDesktop
CloseDesktop
GetDC
TranslateMessage
SetWindowLongA
GetWindowLongA
CreateWindowExA
ReleaseDC
DefWindowProcA
ShowWindow
SetThreadDesktop
DispatchMessageA
GetSystemMetrics
LoadImageA
LoadCursorA
wvsprintfA
OemToCharA
CharToOemA
GetDesktopWindow

gdi32

CreateDIBSection
GetObjectA
GetBitmapBits
SetDIBColorTable
GdiFlush
CreatePalette
RealizePalette
SelectPalette
GetPixel
BitBlt
ExtEscape
GetSystemPaletteEntries
MoveToEx
LineTo
SetROP2
GetRgnBox
GetRegionData
SetRectRgn
CombineRgn
OffsetRgn
CreateRectRgn
DeleteDC
GetDeviceCaps
GetStockObject
GetClipBox
CreateCompatibleDC
SelectObject
DeleteObject
CreateCompatibleBitmap
GetDIBits
CreateDCA

advapi32

GetSecurityDescriptorControl
SetKernelObjectSecurity
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
IsValidAcl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
IsValidSid
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetKernelObjectSecurity
RegCreateKeyA
SetServiceStatus
QueryServiceStatus
RegCreateKeyExA
CreateServiceA
RegisterServiceCtrlHandlerA
DeleteService
StartServiceCtrlDispatcherA
AdjustTokenPrivileges
DuplicateTokenEx
LookupPrivilegeValueA
SetTokenInformation
RevertToSelf
ImpersonateLoggedOnUser
GetTokenInformation
OpenProcessToken
CreateProcessAsUserA
RegSetValueExA
QueryServiceConfigA
OpenSCManagerA
EnumServicesStatusA
CloseServiceHandle
OpenServiceA
GetUserNameA
LookupAccountSidA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shell32

SHGetMalloc
Shell_NotifyIconA
SHAppBarMessage
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHFileOperationA
ShellExecuteA
ShellExecuteExA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

imm32

ImmGetDefaultIMEWnd

Sections

.text
Size: 595KB - Virtual size: 594KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

283dfe27df44efb70cd9bdb0945a3a19

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

winmm

version

userenv

kernel32

user32

gdi32

advapi32

shell32

ole32

imm32

Sections

.text Size: 595KB - Virtual size: 594KB

.rdata Size: 110KB - Virtual size: 110KB

.data Size: 13KB - Virtual size: 372KB

.rsrc Size: 23KB - Virtual size: 23KB

.text
Size: 595KB - Virtual size: 594KB

.rdata
Size: 110KB - Virtual size: 110KB

.data
Size: 13KB - Virtual size: 372KB

.rsrc
Size: 23KB - Virtual size: 23KB