440a6a04c2a965b1bcd312d03670b811_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

440a6a04c2a965b1bcd312d03670b811_JaffaCakes118
Size

274KB
MD5

440a6a04c2a965b1bcd312d03670b811
SHA1

8403a28151a39280eea326a6155a677f8dc4ea0f
SHA256

4724d45adaedfb9d73593e10443171b82432799e79dd0a8055d2cda252f94ba5
SHA512

338d30fc012101b91480ee6991e6bf70ab98ad1c4d58ed40583154efcd71946200eab229d7ce94810f82c23337bf239dbef7d8b5c647a7892bfc1d17a6720a4e
SSDEEP

3072:KaP7KIH6EebzvWk8wcp9EN9aO4ux+bGeGq5+9gd+hgNzzhf:KaPBaEeXvw9aQbGjq50gpz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
440a6a04c2a965b1bcd312d03670b811_JaffaCakes118

Files

440a6a04c2a965b1bcd312d03670b811_JaffaCakes118
.exe windows:5 windows x86 arch:x86

38c2c3f10a33926dd262b1b0e038cc18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedFlushSList
WritePrivateProfileSectionW
GetCPInfoExW
CreateTimerQueueTimer
WaitForSingleObjectEx
AssignProcessToJobObject
AddConsoleAliasW
CreateEventW
GetThreadTimes
ChangeTimerQueueTimer
RemoveDirectoryW
SetCriticalSectionSpinCount
EnumDateFormatsExA
GlobalFree
GetProcessVersion
ReadConsoleA
OpenJobObjectA
GetDiskFreeSpaceExA
lstrcmpW
FileTimeToLocalFileTime
FileTimeToDosDateTime
SetFileAttributesW
GetThreadSelectorEntry
CreateFileW
FatalAppExitW
FreeEnvironmentStringsW
GlobalFindAtomW
AddVectoredExceptionHandler
SetDllDirectoryA
GetVersionExA
SetComputerNameExW
ReadFileScatter
ReadConsoleW
WriteConsoleOutputW
ReadProcessMemory
WriteTapemark
GetLastError
GetModuleFileNameA
_hread
SetComputerNameA
GetTimeFormatW
QueryMemoryResourceNotification
EnumCalendarInfoA
SetFileApisToOEM
TerminateProcess
WriteFileEx
SetCurrentDirectoryW
GetLogicalProcessorInformation
GetNumaProcessorNode
WritePrivateProfileStringW
FindNextFileA
FillConsoleOutputCharacterA
DnsHostnameToComputerNameA
GetSystemPowerStatus
SetFilePointerEx
VirtualFree
EnumSystemCodePagesA
SetStdHandle
FindVolumeMountPointClose
ExitProcess
MoveFileExW
DeleteFiber
AddConsoleAliasA
ReadConsoleOutputA
GetCommProperties
LCMapStringW
SetProcessShutdownParameters
IsBadCodePtr
SetComputerNameExA
SetCommTimeouts
GetUserGeoID
GetStringTypeA
GetCompressedFileSizeW
IsWow64Process
GlobalSize
OpenWaitableTimerA
EnumResourceNamesW
ReadConsoleOutputCharacterA
LocalFlags
EnumTimeFormatsA
LocalLock
GetNumaHighestNodeNumber
CreateWaitableTimerA
GetGeoInfoW
GetModuleHandleW
SetLocaleInfoW
GetCPInfo
GlobalGetAtomNameA
CreateMailslotA
OutputDebugStringW
FindFirstFileExW
EnumDateFormatsW
GetStringTypeW
GetNumberOfConsoleInputEvents
GetCurrentThread
CreateIoCompletionPort
GetQueuedCompletionStatus
ScrollConsoleScreenBufferA
GetConsoleSelectionInfo
GetExitCodeProcess
LCMapStringA
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
HeapSize
IsValidCodePage
GetOEMCP
GetACP
CreateFileA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
FreeEnvironmentStringsA
RtlUnwind
SetFilePointer
GetFileType
SetHandleCount
ReadFile
MultiByteToWideChar
CloseHandle
GetStdHandle
WriteFile
Sleep
HeapReAlloc
VirtualAlloc
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
HeapFree
ConvertThreadToFiber
CreateFiberEx
GetProcessIoCounters
GetTempPathW
RemoveDirectoryA
GetBinaryTypeA
ReadFileEx
OpenSemaphoreW
GetDriveTypeW
WinExec
LocalHandle
GetWriteWatch
DeleteTimerQueueEx
GetProcessTimes
FreeLibraryAndExitThread
PeekConsoleInputA
GetPrivateProfileIntW
GlobalGetAtomNameW
FindFirstChangeNotificationW
GetCompressedFileSizeA
SetEnvironmentVariableA
QueryDosDeviceW
GetThreadPriorityBoost
HeapAlloc
AllocConsole
SetConsoleScreenBufferSize
CopyFileExW
LoadModule
SetLocaleInfoA
GetSystemTimeAsFileTime
SetCommConfig
GetProcessWorkingSetSize
SetUserGeoID
SetVolumeMountPointA
RegisterWaitForSingleObjectEx
GetVersion
GlobalUnlock
GetConsoleAliasA
CallNamedPipeW
WriteConsoleInputA
SearchPathA
GetModuleHandleA
LoadLibraryA
lstrcmpA
lstrlenA
lstrcmpiA
EnterCriticalSection
LeaveCriticalSection
lstrcpynA
DeleteCriticalSection
GetProcAddress
LoadLibraryW
LocalReAlloc

comdlg32

GetSaveFileNameW
PageSetupDlgA
PrintDlgA
ChooseFontW
ReplaceTextW
ChooseColorA
ChooseColorW

comsvcs

RecycleSurrogate
MTSCreateActivity
SafeRef
CoEnterServiceDomain

crypt32

CertVerifyRevocation
CryptSignCertificate
CryptHashMessage
CertAddEnhancedKeyUsageIdentifier
CertAddEncodedCertificateToSystemStoreA
CertNameToStrA
CertVerifyCRLRevocation
CertSerializeCertificateStoreElement
CryptStringToBinaryA
CertDuplicateCTLContext
CertAddCTLContextToStore
CertFindSubjectInCTL
CertCreateCTLEntryFromCertificateContextProperties
CertSetStoreProperty
CryptGetOIDFunctionAddress
CryptVerifyDetachedMessageSignature
CertAddEncodedCTLToStore
CryptImportPublicKeyInfoEx
CertFindCertificateInCRL
CryptMsgCountersignEncoded
CryptFindOIDInfo
CertEnumCertificatesInStore
CertRegisterSystemStore
CertGetCTLContextProperty
CertVerifyCertificateChainPolicy
CertFindCRLInStore
CryptCloseAsyncHandle
CertAddCRLLinkToStore
CertGetStoreProperty
CertEnumSystemStoreLocation
CryptMsgDuplicate
CertStrToNameA
CryptGetOIDFunctionValue
CertGetIntendedKeyUsage
CryptDecodeObjectEx
CertAddEncodedCertificateToSystemStoreW
CryptSignAndEncryptMessage
CryptSetKeyIdentifierProperty
CryptEnumOIDFunction
CertFindRDNAttr
CertAddCertificateLinkToStore
CryptEncodeObject
CertUnregisterPhysicalStore
CertUnregisterSystemStore
PFXExportCertStoreEx
CertAlgIdToOID
CertCreateCRLContext
CryptMsgGetAndVerifySigner
CertDuplicateCertificateChain
CertAddSerializedElementToStore
CryptFindCertificateKeyProvInfo
CertOIDToAlgId
CryptGetMessageCertificates
CertCompareCertificate
CertDeleteCTLFromStore
CryptMsgVerifyCountersignatureEncodedEx
CryptMemAlloc
CryptSignMessageWithKey
CertGetValidUsages
CertEnumPhysicalStore
CryptGetDefaultOIDFunctionAddress
CertAddEncodedCRLToStore
CryptGetAsyncParam
CertResyncCertificateChainEngine
CertGetNameStringW
CryptQueryObject
CertFreeCertificateChainEngine
CryptRegisterOIDFunction
CryptExportPublicKeyInfo
CertFindExtension
CryptDecryptAndVerifyMessageSignature
CertGetPublicKeyLength
CryptEncryptMessage
CryptGetKeyIdentifierProperty
CryptFindLocalizedName

iphlpapi

GetIcmpStatisticsEx
GetTcpTable
SetIpTTL
NhpAllocateAndGetInterfaceInfoFromStack
GetAdapterOrderMap
GetIpStatistics
GetIcmpStatistics
GetUdpTable
GetTcpStatisticsEx
DeleteIpNetEntry
DeleteIpForwardEntry
GetIpStatisticsEx
GetNumberOfInterfaces
GetNetworkParams
GetExtendedTcpTable
GetUniDirectionalAdapterInfo
GetIfEntry
GetBestRoute
GetBestInterfaceEx
SetIpNetEntry
GetUdpStatisticsEx
UnenableRouter
GetRTTAndHopCount
SetIpStatistics
GetOwnerModuleFromUdpEntry
GetFriendlyIfIndex
SendARP
DisableMediaSense
DeleteIPAddress
RestoreMediaSense
GetIpNetTable
GetIpForwardTable
CreateIpForwardEntry
NotifyAddrChange
SetIpForwardEntry
NotifyRouteChange
GetOwnerModuleFromTcpEntry
GetIfTable
GetIpErrorString
GetAdapterIndex
GetBestInterface

msi

ord264
ord11
ord275
ord93
ord252
ord217
ord71
ord253
ord239
ord268
ord231
ord173
ord172
ord212
ord281
ord60
ord195
ord65
ord81
ord40
ord154
ord7
ord107
ord69
ord228
ord247
ord250
ord102
ord242
ord224
ord255
ord272
ord208
ord202
ord44
ord36
ord263
ord178
ord230
ord269
ord176
ord189
ord108
ord111
ord175
ord5
ord276
ord6
ord8
ord243
ord86
ord87
ord126
ord232
ord72
ord90
ord209
ord96
ord227
ord211
ord174
ord262
ord241
ord254
ord39
ord179
ord83
ord226
ord89
ord193
ord59
ord177

comctl32

ImageList_SetImageCount
ImageList_LoadImageA
FlatSB_GetScrollPos
ImageList_DragShowNolock
ImageList_SetBkColor
ord14
ImageList_Read
DrawStatusTextW
ord328
ImageList_DrawEx
ImageList_SetIconSize
ord335
ImageList_Copy
ImageList_Duplicate
ord336
InitializeFlatSB
ord334
ImageList_AddMasked
ord324
ImageList_GetDragImage
ImageList_ReplaceIcon
ImageList_GetBkColor
ImageList_DragLeave
ImageList_DragEnter
ImageList_Add
ImageList_LoadImageW
ord4
FlatSB_EnableScrollBar
ImageList_GetIcon
ord327
ord321
FlatSB_GetScrollProp
FlatSB_GetScrollInfo
ImageList_GetImageInfo
ImageList_Destroy
FlatSB_SetScrollInfo
InitCommonControlsEx
ord3
CreateToolbarEx
ImageList_Replace
ord5
InitMUILanguage
ImageList_DrawIndirect
FlatSB_ShowScrollBar
ord6
_TrackMouseEvent
ImageList_Create
ord16
ImageList_GetIconSize
ord329
ord323
CreatePropertySheetPageA

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 190KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38c2c3f10a33926dd262b1b0e038cc18

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comdlg32

comsvcs

crypt32

iphlpapi

msi

comctl32

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 190KB - Virtual size: 196KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 190KB - Virtual size: 196KB

.reloc
Size: 6KB - Virtual size: 5KB