47ba7516040ace684ebb65a3282f3282_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

47ba7516040ace684ebb65a3282f3282_JaffaCakes118
Size

778KB
MD5

47ba7516040ace684ebb65a3282f3282
SHA1

977ca1dcbfedbd5512c9c35dba8b3ea778fb761b
SHA256

15b624036f548cdf438e9a2e8fe4c4caeea9654979269813b58c7e0cf81bc32f
SHA512

5bce1ae5cc3fc0eaa76070ab94947eee2d65a322b817d4ded76591b30eec3680ec3cc29870ef3bc9adbd545ac043635accf412063b3ddc3636d6f8b34c91adda
SSDEEP

12288:WUgu5QTR1OEMoEO9Yktof1w5qEX56vmCukkrzOYys4HsXxL7QMZT9bHx7Q+:zHiTR1v9YkofApcudysEshgMZJRM+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47ba7516040ace684ebb65a3282f3282_JaffaCakes118

Files

47ba7516040ace684ebb65a3282f3282_JaffaCakes118
.exe windows:6 windows x86 arch:x86

6b156c48184a21ea25c241bf42a3abd4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wlarp.pdb

Imports

advapi32

RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
GetSecurityDescriptorDacl
GetSecurityDescriptorOwner
GetUserNameW
GetTokenInformation
ConvertSidToStringSidW
ImpersonateLoggedOnUser
OpenThreadToken
RevertToSelf
DuplicateTokenEx
DuplicateToken
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
CryptGenRandom
LookupPrivilegeValueW
AdjustTokenPrivileges
TraceEvent
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextW
CryptReleaseContext
CreateWellKnownSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
SetNamedSecurityInfoW
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
SetSecurityInfo
CopySid
IsValidSid
GetLengthSid
InitializeAcl
AddAce
RegQueryValueExW

kernel32

OpenFileMappingW
SetFilePointerEx
GetFileSizeEx
GetFileAttributesExW
FreeLibraryAndExitThread
DuplicateHandle
InitializeCriticalSectionAndSpinCount
GetSystemTime
SystemTimeToFileTime
GetExitCodeProcess
GlobalFree
CreateWaitableTimerW
WaitForMultipleObjects
GetExitCodeThread
SetWaitableTimer
TerminateThread
GetComputerNameW
LoadLibraryW
CopyFileW
CompareFileTime
GetVersionExW
GlobalMemoryStatusEx
GetSystemDefaultUILanguage
GetSystemDefaultLCID
GetComputerNameExW
GetEnvironmentVariableW
CreateProcessW
lstrlenA
OpenProcess
GetTempPathA
GetFullPathNameA
DeleteFileA
SetFilePointer
CreateFileA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFileAttributesA
GetTempPathW
GetLocalTime
GetFullPathNameW
ReadFile
QueueUserWorkItem
MulDiv
GetUserDefaultLangID
QueueUserAPC
InterlockedCompareExchange
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
ResetEvent
ReleaseSemaphore
CreateSemaphoreW
CreateEventW
SetEvent
CreateMutexW
OpenMutexW
LocalAlloc
SetFileAttributesW
RemoveDirectoryW
MoveFileExW
GetFileAttributesW
CreateDirectoryW
GetPrivateProfileStringW
WaitForSingleObject
ReleaseMutex
FlushFileBuffers
WritePrivateProfileStringW
CreateFileW
DeviceIoControl
CloseHandle
DeleteFileW
GetTempFileNameW
FindNextFileW
FindFirstFileW
FindClose
GetLongPathNameW
FileTimeToSystemTime
SetThreadPriority
EnumResourceNamesW
GetSystemInfo
VerifyVersionInfoW
ExpandEnvironmentStringsW
FindResourceExW
CompareStringA
GetStringTypeW
GetStringTypeA
LoadLibraryA
HeapSize
Sleep
VirtualAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LCMapStringW
WideCharToMultiByte
LCMapStringA
GetOEMCP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetCurrentThread
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
WriteConsoleW
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
GetThreadPriority
ExitThread
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateThread
GetStartupInfoA
LockResource
CompareStringW
GetModuleHandleW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
HeapSetInformation
GetModuleFileNameW
LoadLibraryExW
lstrcmpiW
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
lstrlenW
FreeLibrary
FormatMessageW
GetLastError
LocalFree
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
HeapReAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile

gdi32

SetBkMode
BitBlt
DeleteDC
CreatePen
GetClipRgn
SaveDC
CreateCompatibleBitmap
RestoreDC
CreateRectRgn
GetObjectW
CreateFontIndirectW
SelectObject
GetTextMetricsW
CreateCompatibleDC
Rectangle
ExcludeClipRect
SetLayout
IntersectClipRect
GetStockObject
SetTextColor
SetBkColor
CreateSolidBrush
DeleteObject

user32

DefDlgProcW
RegisterWindowMessageW
EnumChildWindows
CreateDialogIndirectParamW
GetClassLongW
TrackMouseEvent
GetFocus
RegisterClassExW
GetScrollInfo
SetScrollInfo
IntersectRect
InvalidateRect
PtInRect
UpdateWindow
IsWindowEnabled
KillTimer
GetKeyState
GetNextDlgTabItem
CreateAcceleratorTableW
GetMessageW
TranslateAcceleratorW
IsDialogMessageW
DestroyAcceleratorTable
GetLayeredWindowAttributes
SetLayeredWindowAttributes
EnableWindow
LoadCursorW
SetCursor
PostMessageW
DefWindowProcW
IsWindowVisible
ShowWindow
GetWindowTextLengthW
GetWindowTextW
GetClassNameW
GetDesktopWindow
IsWindow
DrawIconEx
CopyRect
GetSysColor
MessageBoxIndirectW
BeginPaint
EndPaint
RedrawWindow
MessageBeep
SetWindowLongW
SetWindowTextW
FillRect
InflateRect
AdjustWindowRectEx
SetWindowPos
GetSystemMetrics
DrawTextW
LoadIconW
MapWindowPoints
ScreenToClient
WindowFromPoint
GetDCEx
SetWindowRgn
GetWindowThreadProcessId
GetShellWindow
PostThreadMessageW
MsgWaitForMultipleObjects
GetSystemMenu
EnableMenuItem
CreateWindowExW
GetWindowLongW
SetRect
DestroyWindow
LoadStringW
SetFocus
SendMessageW
ReleaseDC
GetDC
PostQuitMessage
SetProcessDefaultLayout
EndDialog
GetWindowRect
SystemParametersInfoW
DialogBoxIndirectParamW
CharNextW
NotifyWinEvent
GetClientRect
GetParent
MsgWaitForMultipleObjectsEx
TranslateMessage
DispatchMessageW
PeekMessageW
UnregisterClassA

urlmon

CoInternetGetSession
CreateURLMoniker
CreateAsyncBindCtx

msi

ord70
ord203
ord195
ord141
ord118
ord115
ord116
ord190
ord88
ord8
ord160
ord159
ord32
ord205
ord113
ord78
ord150
ord266
ord48
ord171
ord92

comctl32

ord413
ord410
ord412
ord17

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrustEx

userenv

UnloadUserProfile

setupapi

SetupIterateCabinetW

secur32

GetUserNameExW

crypt32

CertVerifyCertificateChainPolicy
CryptStringToBinaryW
CryptBinaryToStringW

uxtheme

SetWindowTheme

shlwapi

SHCreateStreamOnFileEx
UrlCanonicalizeW
PathCombineW
PathIsRelativeW
ord437
StrStrIW
PathFindExtensionW
StrRChrW
UrlCreateFromPathW
PathFindFileNameW
PathFileExistsW
SHCreateStreamOnFileW
PathIsDirectoryW
PathCreateFromUrlW
StrStrNW
PathFindFileNameA
SHCreateStreamOnFileA
StrCmpNW
PathAppendW

wininet

InternetCreateUrlW
InternetCrackUrlW
InternetCombineUrlW

gdiplus

GdipFree
GdipAlloc
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipDeleteFont
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipDrawImageRectRectI
GdipCreateFont
GdipGetLogFontW
GdipCloneImage
GdipDrawImageRectRect
GdipDrawImageI
GdipDrawImagePointRectI
GdipDrawImageRectI
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdiplusStartup
GdiplusShutdown
GdipCreateFromHWND
GdipDeleteGraphics

winhttp

WinHttpSetCredentials
WinHttpGetProxyForUrl
WinHttpDetectAutoProxyConfigUrl
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCrackUrl
WinHttpQueryHeaders
WinHttpTimeFromSystemTime
WinHttpQueryOption
WinHttpSetOption
WinHttpConnect
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpWriteData
WinHttpSetStatusCallback
WinHttpOpen
WinHttpCloseHandle
WinHttpOpenRequest

cabinet

ord11
ord14
ord13
ord10

sensapi

IsNetworkAlive

ntdll

RtlUnwind
VerSetConditionMask

oleacc

AccessibleObjectFromWindow
LresultFromObject

shell32

SHGetFolderPathW
CommandLineToArgvW
SHFileOperationW
ShellExecuteExW
SHCreateDirectoryExW
ord165
SHGetSpecialFolderPathW
SHGetFolderPathAndSubDirW

ole32

CoCreateGuid
OleRun
OleLockRunning
CreateStreamOnHGlobal
CoSetProxyBlanket
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoCreateFreeThreadedMarshaler
CoInitializeEx
StringFromGUID2
CoTaskMemFree
CoCreateInstance

oleaut32

LoadTypeLi
SysFreeString
VarUI4FromStr
SysStringLen
VariantInit
VariantClear
SysAllocString
VariantChangeType
SysAllocStringLen
VariantCopy
LoadRegTypeLi

Sections

.text
Size: 609KB - Virtual size: 609KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6b156c48184a21ea25c241bf42a3abd4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

urlmon

msi

comctl32

wintrust

userenv

setupapi

secur32

crypt32

uxtheme

shlwapi

wininet

gdiplus

winhttp

cabinet

sensapi

ntdll

oleacc

shell32

ole32

oleaut32

Sections

.text Size: 609KB - Virtual size: 609KB

.data Size: 12KB - Virtual size: 24KB

.rsrc Size: 32KB - Virtual size: 32KB

.reloc Size: 41KB - Virtual size: 41KB

.pdata Size: 76KB - Virtual size: 76KB

.text
Size: 609KB - Virtual size: 609KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 41KB - Virtual size: 41KB

.pdata
Size: 76KB - Virtual size: 76KB