425d3dcd2ec22797770ed21adcebf1a2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

425d3dcd2ec22797770ed21adcebf1a2_JaffaCakes118
Size

256KB
MD5

425d3dcd2ec22797770ed21adcebf1a2
SHA1

d461db353b4a75c0a84da4677234addc2d4b4b5a
SHA256

8790473e2d2a255e7d31ec1ed97a9958dccda422bfa1783838b3cf9f88668ecc
SHA512

2c661d353cc53ff90ada121c2642c6d01af7d4e019daae485b57f8d3c998c9946233f3b8905cc7091d78021c3928f76d97b828348c81c863e39a35bac5e6623b
SSDEEP

6144:kx2aCDUKdWgsghxZoL16YjtHPMcql0h7dQ6:k24AnvZa16YBJ4W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
425d3dcd2ec22797770ed21adcebf1a2_JaffaCakes118

Files

425d3dcd2ec22797770ed21adcebf1a2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0bfc15a0398549fa265342ed71e98f23

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushFileBuffers
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
InitializeCriticalSectionAndSpinCount
SetFilePointer
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
SetEndOfFile
GetProcessHeap
ReadFile
GetTickCount
GetLocalTime
Sleep
GetModuleFileNameA
GetCommandLineA
GetTempPathA
CreateDirectoryA
DeleteFileA
RemoveDirectoryA
MoveFileA
CreateMutexA
GetLastError
lstrcpyA
lstrcatA
lstrlenA
ExpandEnvironmentStringsA
GetFileAttributesExA
CreateThread
WaitForSingleObject
TerminateThread
CloseHandle
WriteFile
VirtualFree
HeapFree
HeapCreate
HeapDestroy
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryW
ExitProcess
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetLastError
TlsFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetModuleHandleW
TlsGetValue
GetProcAddress
IsBadReadPtr
HeapValidate
GetStartupInfoA
GetModuleFileNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement

user32

GetClassLongA
wsprintfA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyA

ole32

CoInitialize

shell32

ShellExecuteA

shlwapi

PathIsDirectoryA
PathFileExistsA
PathFindFileNameA
PathRemoveBlanksA
PathGetArgsA

ws2_32

recv
closesocket
__WSAFDIsSet
select
connect
ioctlsocket
htons
socket
gethostbyname
WSAStartup
send

netapi32

Netbios

crypt32

CryptSetOIDFunctionValue
CryptVerifyMessageSignature
CryptGetKeyIdentifierProperty
CryptExportPublicKeyInfoEx
CertCompareCertificateName
CryptRegisterDefaultOIDFunction
CertUnregisterPhysicalStore
CryptBinaryToStringA
CryptInstallOIDFunctionAddress
CertDeleteCRLFromStore
CertFindCertificateInStore
CryptCreateKeyIdentifierFromCSP
CryptMsgOpenToDecode
CertEnumCTLContextProperties
CertAddCTLContextToStore
CertOpenStore
CryptUnregisterDefaultOIDFunction
CryptCreateAsyncHandle
CryptRegisterOIDInfo
CertComparePublicKeyInfo
CertVerifyTimeValidity
CryptCloseAsyncHandle
CertGetCRLFromStore
CryptMsgControl
CertFindRDNAttr
CertAddCTLLinkToStore
CertEnumPhysicalStore
CryptMsgGetAndVerifySigner
CertFreeCRLContext
CryptGetOIDFunctionValue
CryptEncodeObject
CertFreeCertificateContext
CertDuplicateCertificateContext
CryptSignMessage
CryptEncryptMessage
CryptMsgVerifyCountersignatureEncodedEx
CryptUnprotectData
CertSaveStore
CryptMsgOpenToEncode
CertDuplicateCTLContext
CryptVerifyMessageHash
CertSetCTLContextProperty
CryptHashCertificate
CryptVerifyDetachedMessageSignature
CryptSetKeyIdentifierProperty
CertStrToNameW
CryptMemFree
CertControlStore
CertAddSerializedElementToStore
CryptHashMessage
CertFindExtension
CryptGetAsyncParam
CertCreateContext
CertAddCRLContextToStore
CryptEnumOIDFunction
CertCloseStore
CryptGetDefaultOIDDllList
CertGetPublicKeyLength
CertRemoveStoreFromCollection
CertGetCertificateChain
CertFreeCertificateChainEngine
CertDeleteCTLFromStore
CryptGetMessageSignerCount
CryptMsgDuplicate
CertVerifyCRLRevocation
CertSetCRLContextProperty

imm32

ImmDestroyContext
ImmGetGuideLineA
ImmDisableIME
ImmInstallIMEA
ImmEnumInputContext
ImmGetGuideLineW
ImmGetRegisterWordStyleA
ImmRegisterWordW
ImmGetCandidateListA
ImmGetStatusWindowPos
ImmReleaseContext
ImmEscapeW
ImmSetCandidateWindow
ImmNotifyIME
ImmGetCompositionWindow
ImmSetOpenStatus
ImmGetCompositionStringA
ImmAssociateContextEx
ImmGetProperty
ImmConfigureIMEW
ImmGetConversionListA
ImmGetRegisterWordStyleW
ImmSetStatusWindowPos
ImmDisableTextFrameService
ImmSimulateHotKey
ImmGetConversionStatus
ImmSetCompositionFontA

iphlpapi

DisableMediaSense
GetAdaptersInfo
GetUdpStatistics
GetRTTAndHopCount
IpReleaseAddress
SendARP
CreateIpForwardEntry
DeleteIPAddress
GetTcpStatistics
GetUniDirectionalAdapterInfo
NotifyAddrChange
RestoreMediaSense
DeleteIpForwardEntry
GetInterfaceInfo
DeleteIpNetEntry
GetIpNetTable

msi

ord267
ord264
ord104
ord59
ord243
ord251
ord262
ord108
ord257
ord55
ord95
ord156
ord131
ord36
ord42
ord271
ord66
ord228
ord263
ord172
ord268
ord214
ord9
ord82
ord213
ord260
ord203
ord209
ord45
ord84
ord8
ord72
ord175
ord202
ord88
ord38
ord272
ord136
ord269
ord237
ord169
ord281
ord85
ord238
ord89
ord266
ord239
ord177
ord15
ord154
ord211
ord258
ord93
ord265
ord195
ord224
ord216
ord181
ord112
ord69
ord39
ord276
ord90
ord102
ord192
ord107
ord157
ord68
ord44
ord173
ord277
ord43
ord14
ord190
ord129

msimg32

GradientFill
AlphaBlend

msvfw32

ICGetDisplayFormat
ICInstall

mswsock

AcceptEx
GetAcceptExSockaddrs

Sections

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0bfc15a0398549fa265342ed71e98f23

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

shlwapi

ws2_32

netapi32

crypt32

imm32

iphlpapi

msi

msimg32

msvfw32

mswsock

Sections

.text Size: 168KB - Virtual size: 168KB

.rdata Size: 64KB - Virtual size: 64KB

.data Size: 4KB - Virtual size: 21KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 168KB - Virtual size: 168KB

.rdata
Size: 64KB - Virtual size: 64KB

.data
Size: 4KB - Virtual size: 21KB

.reloc
Size: 17KB - Virtual size: 17KB