433d8ecd72be44b26f8849a27f550830_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

433d8ecd72be44b26f8849a27f550830_JaffaCakes118
Size

265KB
MD5

433d8ecd72be44b26f8849a27f550830
SHA1

9a3c0ef7ae3578b5dad3b4c86a39b3301c30d696
SHA256

f8609a3515445eac935d22ee792029ebc115f5675cb3c0b1b8b49af82e3209e2
SHA512

4e7832cd4c62df9a4a9349b0450e92c84c6ba8402194338d7437046070e66f9c9533c0612dfc8073d2a3728d9db6b61e4608500a2589e9cd8bf415436270de1c
SSDEEP

6144:Spk78rD9QaoV4obuuBljKWzGb4Bs3dgUr:SS0104CBlj0b4BI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
433d8ecd72be44b26f8849a27f550830_JaffaCakes118

Files

433d8ecd72be44b26f8849a27f550830_JaffaCakes118
.exe windows:5 windows x86 arch:x86

786e9b8a964a1ee59faf86089ca80266

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
HeapCreate
HeapFree
VirtualFree
FlushFileBuffers
HeapAlloc
HeapSize
HeapReAlloc
InitializeCriticalSectionAndSpinCount
SetFilePointer
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
SetEndOfFile
GetProcessHeap
ReadFile
GetTickCount
GetLocalTime
Sleep
GetModuleFileNameA
GetCommandLineA
GetTempPathA
CreateDirectoryA
DeleteFileA
RemoveDirectoryA
MoveFileA
CreateMutexA
GetLastError
lstrcpyA
lstrcatA
lstrlenA
ExpandEnvironmentStringsA
GetFileAttributesExA
CreateThread
WaitForSingleObject
TerminateThread
CloseHandle
VirtualAlloc
HeapDestroy
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryW
ExitProcess
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetLastError
TlsFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetModuleHandleW
TlsGetValue
GetProcAddress
IsBadReadPtr
HeapValidate
GetStartupInfoA
GetModuleFileNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement

user32

wsprintfA
GetClassLongA

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegSetValueExA

ole32

CoInitialize

shell32

ShellExecuteA

shlwapi

PathFindFileNameA
PathFileExistsA
PathGetArgsA
PathIsDirectoryA
PathRemoveBlanksA

gdi32

GetCurrentPositionEx
GetBrushOrgEx
SetMiterLimit
PolyBezierTo
AddFontResourceA
StretchBlt
GetBoundsRect
SetMapMode
GetStretchBltMode
CreateHalftonePalette
RemoveFontResourceExW
RemoveFontResourceW
AbortDoc
SetTextJustification
GetWorldTransform
GetWindowExtEx
GetGlyphOutlineA
StretchDIBits
ExcludeClipRect
GetEnhMetaFileDescriptionA
SetDIBitsToDevice
GetDCBrushColor
AbortPath
StrokeAndFillPath
GetTextExtentExPointI
GetPaletteEntries
EnumEnhMetaFile
CreateICW
SetRectRgn
SetGraphicsMode
AddFontResourceExW
CreateMetaFileA
GetTextExtentExPointA
GetGlyphIndicesA
ModifyWorldTransform
AngleArc
WidenPath
PolyTextOutA
Arc
PatBlt
CreatePatternBrush
Escape
SetDIBColorTable
CreateEnhMetaFileW
GetMetaFileW
SetMetaRgn
CreateICA
CreateRoundRectRgn
GetICMProfileA
GetCharWidthW
CombineTransform
ResetDCA
FlattenPath
GetNearestPaletteIndex
GetBkColor
RemoveFontMemResourceEx
GetNearestColor
CreateEllipticRgn
GetStockObject
SelectClipRgn
PolyBezier
CopyMetaFileA
OffsetViewportOrgEx
UnrealizeObject
GetSystemPaletteEntries
CreateFontIndirectW
GetFontUnicodeRanges
GetTextMetricsW
PolyPolygon
PolyDraw
ColorMatchToTarget
CreateScalableFontResourceA
RemoveFontResourceExA
GetOutlineTextMetricsW
CreateDIBPatternBrush
GetTextCharsetInfo
GetCharacterPlacementA
LineDDA
GetClipBox
CreateColorSpaceW
GetRandomRgn
Polygon
GetLayout
SetSystemPaletteUse
ColorCorrectPalette
PlayMetaFileRecord
CreateBitmap
GetTextExtentExPointW
GetObjectType
GetKerningPairsA
EnumFontFamiliesA
CreateFontA
LPtoDP
GetTextCharset
SelectPalette
CreateRectRgnIndirect
IntersectClipRect
PathToRegion
GetColorSpace
GetEnhMetaFileHeader
GdiSetBatchLimit
GdiComment
GetEnhMetaFileA
EnumFontsW
GetEnhMetaFilePaletteEntries
MaskBlt
EnumObjects
CopyEnhMetaFileW
CreateFontW
EnumMetaFile
CreateEllipticRgnIndirect
GetTextAlign
GetDCPenColor
GetTextFaceA
GetGlyphOutlineW
CreateMetaFileW
SetWorldTransform
CreateFontIndirectExW
ExtSelectClipRgn
GetFontLanguageInfo

ws2_32

recv
closesocket
__WSAFDIsSet
select
connect
ioctlsocket
htons
socket
gethostbyname
WSAStartup
send

netapi32

Netbios

comdlg32

PageSetupDlgW
PageSetupDlgA
FindTextW
PrintDlgA
GetOpenFileNameA
FindTextA
ChooseFontA
ChooseColorW
GetFileTitleW

comsvcs

CoCreateActivity
RecycleSurrogate

crypt32

CertVerifyCTLUsage
CertCompareCertificate
CryptEnumOIDInfo
CertStrToNameA
CryptGetOIDFunctionAddress
CertVerifyCRLTimeValidity
CertEnumCTLsInStore
CryptSetAsyncParam
CertGetValidUsages
CertEnumCRLsInStore
CryptMsgDuplicate
CertCreateContext
CertAddCertificateLinkToStore
CertAddCertificateContextToStore
CertAddEncodedCTLToStore
CertEnumCTLContextProperties
CryptCloseAsyncHandle
CertDuplicateCertificateChain
CertGetNameStringW
CryptInstallDefaultContext
CertAddEncodedCertificateToStore
CertCreateCRLContext
PFXExportCertStore
CertDeleteCTLFromStore
CertDuplicateCTLContext
CertFindSubjectInSortedCTL
CertFreeCertificateContext
CertVerifyRevocation
CryptUnprotectData
PFXExportCertStoreEx
CertFreeCTLContext
CryptMsgSignCTL
CertEnumSubjectInSortedCTL
CryptVerifyDetachedMessageSignature
CertVerifyCertificateChainPolicy
CryptCreateKeyIdentifierFromCSP
CryptSignCertificate
CryptFindCertificateKeyProvInfo
CryptMsgControl
CertGetIntendedKeyUsage
CertCloseStore
CryptSignAndEncodeCertificate
CryptVerifyMessageSignatureWithKey
CertIsValidCRLForCertificate
CertSetEnhancedKeyUsage
CryptInitOIDFunctionSet
CryptHashMessage
CertStrToNameW
CertOIDToAlgId
CertGetStoreProperty
CryptEnumOIDFunction
CertCreateCTLEntryFromCertificateContextProperties
CertSetCTLContextProperty
CryptImportPublicKeyInfo
CertDuplicateCertificateContext
CryptGetDefaultOIDDllList
CertCreateSelfSignCertificate
PFXIsPFXBlob
CertUnregisterSystemStore
CryptFindLocalizedName
CryptRegisterDefaultOIDFunction
CertRDNValueToStrW
CryptUnregisterOIDInfo
CryptBinaryToStringW
CryptRegisterOIDFunction
CertSaveStore
CryptGetDefaultOIDFunctionAddress
CryptHashCertificate
CryptMsgVerifyCountersignatureEncoded
CryptBinaryToStringA
CertAddSerializedElementToStore
CertCreateCTLContext
CertDeleteCertificateFromStore
CertGetCertificateContextProperty
CryptVerifyMessageHash
CertIsRDNAttrsInCertificateName
CryptExportPublicKeyInfo
CryptProtectData
CryptImportPublicKeyInfoEx
CryptStringToBinaryA
CertAddEncodedCertificateToSystemStoreW
CryptDecodeObjectEx
CryptMsgVerifyCountersignatureEncodedEx
CryptExportPublicKeyInfoEx
CertNameToStrW
CertGetCRLContextProperty
CertFreeCRLContext
CryptMsgGetParam
CertDeleteCRLFromStore
CertAddCTLLinkToStore
CertAddEncodedCRLToStore
CryptEncodeObject
CryptInstallOIDFunctionAddress
CryptFindOIDInfo
CryptMsgClose
CryptVerifyCertificateSignature
CertFindCertificateInStore
CryptGetAsyncParam
CryptSetKeyIdentifierProperty
CertRemoveStoreFromCollection
CertFindRDNAttr
CryptMsgCalculateEncodedLength
CertVerifyCRLRevocation
CertGetEnhancedKeyUsage
CryptGetMessageCertificates
CertSetCertificateContextProperty
CertAddCTLContextToStore
CryptEncodeObjectEx
CryptVerifyCertificateSignatureEx
CryptAcquireCertificatePrivateKey
CertGetCertificateChain

imm32

ImmDisableIME
ImmUnregisterWordW
ImmGetCandidateListW
ImmGetVirtualKey
ImmSimulateHotKey
ImmEnumRegisterWordA
ImmGetImeMenuItemsW
ImmSetCompositionStringA
ImmSetCompositionStringW
ImmSetCompositionFontW
ImmSetConversionStatus
ImmGetCandidateWindow
ImmDestroyContext
ImmSetOpenStatus
ImmNotifyIME
ImmSetCandidateWindow
ImmGetDescriptionW
ImmGetCompositionFontW
ImmGetCompositionFontA
ImmEnumRegisterWordW
ImmSetCompositionFontA
ImmGetConversionListW
ImmGetOpenStatus
ImmGetConversionStatus
ImmGetIMEFileNameA
ImmReleaseContext
ImmGetGuideLineA
ImmGetImeMenuItemsA
ImmGetRegisterWordStyleW
ImmGetContext
ImmAssociateContext
ImmGetRegisterWordStyleA
ImmAssociateContextEx
ImmIsUIMessageA
ImmGetCandidateListCountW
ImmRegisterWordW
ImmConfigureIMEA
ImmUnregisterWordA
ImmGetCandidateListA

iphlpapi

GetBestInterfaceEx
GetUdpStatisticsEx
GetAdapterOrderMap
UnenableRouter
GetFriendlyIfIndex
GetIfEntry

msi

ord246
ord216
ord68
ord268
ord245
ord263
ord271
ord65
ord15
ord192
ord212
ord217
ord264
ord179
ord250
ord274
ord67
ord241
ord111
ord41
ord168
ord259
ord90
ord249
ord175
ord16
ord231
ord281
ord141
ord102
ord275
ord242
ord39
ord237
ord172
ord113
ord208
ord10
ord270
ord209
ord189
ord204
ord136
ord56
ord7
ord14
ord155
ord38
ord66
ord72
ord109
ord224
ord89
ord225
ord85
ord104
ord240
ord214
ord258
ord211
ord8
ord180
ord37
ord157
ord178
ord70
ord40
ord11
ord265
ord202
ord42
ord252
ord248
ord95
ord107
ord232
ord255
ord5
ord176
ord94
ord277
ord193
ord254

msimg32

GradientFill
TransparentBlt

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

786e9b8a964a1ee59faf86089ca80266

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

shlwapi

gdi32

ws2_32

netapi32

comdlg32

comsvcs

crypt32

imm32

iphlpapi

msi

msimg32

Sections

.text Size: 171KB - Virtual size: 171KB

.rdata Size: 70KB - Virtual size: 69KB

.data Size: 4KB - Virtual size: 21KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 171KB - Virtual size: 171KB

.rdata
Size: 70KB - Virtual size: 69KB

.data
Size: 4KB - Virtual size: 21KB

.reloc
Size: 18KB - Virtual size: 17KB