4d1a6ff32e54512e03a071eea7fc92cb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4d1a6ff32e54512e03a071eea7fc92cb_JaffaCakes118
Size

427KB
MD5

4d1a6ff32e54512e03a071eea7fc92cb
SHA1

32ccdfb91f336285e609c111fe2a481acd185455
SHA256

9b7c125d7e992dede2818213f7a258d6f85c2272406c7cf34f93a7525b048ebb
SHA512

67b525dab695904c356f3720ad21bd3018ca79ecef1ed310c5ba518131f865a6c9e9efb1ae81ffd63852ca98d016cbe4c6ecf92848c4b3452d1ab5e5cef6eeee
SSDEEP

6144:8rWYFiv5uVpOOsOSyQAJB9rT6+EWnofi/NTtjP03XOcb65AH/wdQIv+clj2DrTOE:81wvqKm3/T3EWo6bjP0uXclQ6D3Ox

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d1a6ff32e54512e03a071eea7fc92cb_JaffaCakes118

Files

4d1a6ff32e54512e03a071eea7fc92cb_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4527f1e7cf0416a949ef333a3a73976f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

iphlpapi

GetBestInterfaceEx

msvcrt

time
__badioinfo
ferror
_amsg_exit
calloc
iswalnum
localeconv
wcschr
__pioinfo
_isatty
wcspbrk
__dllonexit
_adjust_fdiv
_errno
_XcptFilter
isxdigit
wcsrchr
memcpy
mbtowc
_stricmp
_lseeki64
ceil
_CxxThrowException
_read
_unlock
_write
_resetstkoflw
wcstok
wcsstr
strtoul
memmove
wcsncmp
_purecall
fclose
wcstombs
_wtoi
bsearch
_wcslwr
toupper
_initterm
_fileno
ungetc
towlower
_wtol
free
_lock
malloc
_onexit
_strnicmp
_iob
_wcsnicmp
floor
_strlwr
wctomb
_snprintf
iswctype
isdigit
strchr
iswdigit
_itoa
__mb_cur_max
printf
_wcsicmp
memset
realloc
strtok
strncmp
srand
_vsnprintf
isleadbyte
_vsnwprintf

winmm

waveOutReset
waveOutGetPitch
waveOutSetVolume
waveOutPrepareHeader
waveOutOpen
waveOutWrite
waveOutUnprepareHeader
waveOutGetVolume
waveOutClose

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

advapi32

RegFlushKey
RegCreateKeyExA
GetUserNameA
RegQueryValueExW
RegOpenKeyExA
GetFileSecurityW
RegDeleteKeyW
RegOpenKeyA
CredReadW
CredWriteDomainCredentialsW
SetFileSecurityW
CredFree
CredWriteW
RegDeleteValueW
GetSecurityDescriptorLength
RegCreateKeyExW
GetTraceEnableLevel
RegCloseKey
RegQueryInfoKeyA
CryptReleaseContext
RegQueryInfoKeyW
RegEnumKeyExW
CryptAcquireContextW
RegSetValueExW
CredUnmarshalCredentialW
CredDeleteW
RegOpenKeyExW
RegSetValueExA
CredReadDomainCredentialsW
UnregisterTraceGuids
RegCreateKeyW
RegOpenKeyW
RegEnumKeyExA
GetTraceEnableFlags
RegConnectRegistryW
CredGetSessionTypes
GetUserNameW
RegQueryValueExA
GetTraceLoggerHandle
RegDeleteValueA
TraceMessage
CryptGenRandom
RegisterTraceGuidsW
RegEnumValueW

netapi32

NetGetJoinInformation
NetApiBufferFree

cryptui

CryptUIDlgViewCertificateW

ntdll

NtWriteFile
RtlAreBitsSet
RtlUnwind
RtlEnumerateGenericTable
VerSetConditionMask
RtlAcquireResourceExclusive
RtlReleaseResource
RtlInitializeBitMap
RtlInitializeGenericTable
RtlGetLastNtStatus
RtlInitializeCriticalSection
RtlFindClearBitsAndSet
RtlDeleteResource
RtlInitUnicodeString
NtOpenFile
RtlEnumerateGenericTableWithoutSplaying
NtAllocateVirtualMemory
NtDeviceIoControlFile
RtlClearBits
RtlLookupElementGenericTable
NtReadFile
RtlInitializeResource
RtlDeleteElementGenericTable
RtlAcquireResourceShared

shell32

SHAppBarMessage
DragQueryFileW
Shell_NotifyIconW
SHFileOperationW
ExtractIconW

samlib

SamAddMemberToAlias

shlwapi

PathRemoveFileSpecW

wininet

InternetGetCookieW

msimg32

GradientFill

crypt32

CertDuplicateCertificateContext
CertGetCertificateChain
CertAddCertificateContextToStore
CertCreateCertificateContext
CertFindExtension
CertFreeCertificateChain
CertCompareCertificate
CryptDecodeObject
CryptMsgClose
CertGetNameStringW
CryptStringToBinaryW
CertDuplicateCertificateChain
CertGetEnhancedKeyUsage
CertCloseStore
CertOpenStore
CryptProtectData
CertGetCertificateContextProperty
CertFindCertificateInStore
CertVerifyCertificateChainPolicy
CryptMsgOpenToDecode
CryptMsgUpdate
CryptSignMessage
CryptBinaryToStringW
CryptVerifyDetachedMessageSignature
CertFreeCertificateContext
CertVerifySubjectCertificateContext

gdi32

ExtSelectClipRgn
CombineRgn
SetBkMode
GetTextAlign
GetStockObject
GetCurrentObject
SetRectRgn
SelectPalette
GetRgnBox
GetBkMode
CreateRectRgnIndirect
GetObjectW
Ellipse
PatBlt
SetBkColor
CreateSolidBrush
MoveToEx
CreatePolygonRgn
FillRgn
CreatePalette
LineTo
GetTextExtentPointW
SelectClipRgn
GetPaletteEntries
DeleteDC
StretchBlt
SetTextAlign
CreateCompatibleDC
DPtoLP
SelectObject
CreateMetaFileW
CreateCompatibleBitmap
UpdateColors
CreateDIBPatternBrushPt
CreatePatternBrush
SetViewportOrgEx
SetWindowExtEx
BitBlt
DeleteMetaFile
CreateDCW
SetDCBrushColor
CreateRectRgn
GetBrushOrgEx
SetStretchBltMode
SaveDC
CreateDIBSection
RestoreDC
CreatePen
SetTextColor
GetNearestColor
CreateBitmap
SetBrushOrgEx
LPtoDP
CloseMetaFile
DeleteObject
GetMapMode
Polygon
FrameRgn
SetROP2
SetBitmapBits
SetWindowOrgEx
CreateDIBitmap
SetMapMode
GetMetaFileBitsEx
GetNearestPaletteIndex
OffsetClipRgn
GdiDrawStream
CreateBrushIndirect
GetClipBox
PlayMetaFile
SetMetaFileBitsEx
GetDIBColorTable
GdiFlush
SetDIBColorTable
StretchDIBits
OffsetRgn
SetPolyFillMode
GetDeviceCaps
Rectangle
RealizePalette
CreateFontIndirectW

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInfoW
SetupDiOpenClassRegKeyExW
SetupDiOpenDevRegKey

kernel32

InterlockedExchange
GetTimeZoneInformation
UnhandledExceptionFilter
TlsAlloc
SetEndOfFile
LockFileEx
GetLocaleInfoW
FormatMessageW
TlsGetValue
lstrcmpA
SetCommMask
GetComputerNameW
RemoveDirectoryW
HeapFree
GetSystemDirectoryW
GetVersionExA
LockFile
MultiByteToWideChar
GlobalLock
GetDefaultCommConfigW
TlsFree
ExpandEnvironmentStringsW
DeleteFileW
LoadLibraryW
OutputDebugStringA
GetLastError
FlushInstructionCache
VirtualQuery
ReadFile
QueueUserWorkItem
GetCommConfig
GetCommState
UnlockFile
GetFileSize
lstrcmpiW
GetDiskFreeSpaceW
TerminateProcess
WideCharToMultiByte
lstrlenA
FindNextChangeNotification
QueryPerformanceCounter
GetSystemTimeAsFileTime
CancelIo
GetSystemInfo
WaitForSingleObject
SystemTimeToFileTime
GetFileInformationByHandle
HeapAlloc
FindFirstFileW
SetCommTimeouts
InterlockedIncrement
FreeLibrary
GlobalAlloc
LoadLibraryExW
RaiseException
SetEvent
LoadResource
FindCloseChangeNotification
GetCommModemStatus
GlobalAddAtomW
DeviceIoControl
GetSystemDefaultLangID
GetCommTimeouts
InterlockedDecrement
ResetEvent
GetSystemTime
ReleaseSemaphore
SetUnhandledExceptionFilter
SearchPathW
lstrcpyW
OutputDebugStringW
DisableThreadLibraryCalls
GetTickCount
SetFilePointer
GetProcAddress
OpenThread
GlobalUnlock
lstrcpynW
VirtualFree
ClearCommError
MapViewOfFile
WaitForMultipleObjects
lstrcmpiA
WriteFile
FindFirstChangeNotificationW
WaitCommEvent
lstrcatW
CloseHandle
FreeLibraryAndExitThread
CreateDirectoryW
VerifyVersionInfoW
GetCurrentThreadId
GetVersionExW
SizeofResource
LocalFree
FindResourceW
DuplicateHandle
GlobalSize
CreateMutexW
GetTempFileNameW
GetCommMask
VirtualAlloc
QueryDosDeviceW
GetFileAttributesExW
GetFileAttributesW
GetModuleFileNameW
EnterCriticalSection
lstrlenW
GetOverlappedResult
HeapDestroy
SetFileAttributesW
CreateFileW
GetCurrentProcessId
CreateFileMappingW
Sleep
SetFileTime
ResumeThread
LocalAlloc
FindClose
BindIoCompletionCallback
CreateEventW
SetErrorMode
CreateThread
LoadLibraryA
GetTempPathW
GetCommProperties
TransmitCommChar
SetCommState
GetProcessHeap
FindNextFileW
SetupComm
WaitForMultipleObjectsEx
GetUserDefaultUILanguage
CreateProcessW
DeleteCriticalSection
FindResourceExW
InitializeCriticalSection
GetModuleHandleA
lstrcmpW
InterlockedCompareExchange
LockResource
FreeResource
GetModuleHandleW
UnmapViewOfFile
GetProfileStringW
GetACP
GetFullPathNameW
MoveFileW
GlobalHandle
MulDiv
Beep
GlobalFree
GetVolumeInformationW
GetSystemDefaultUILanguage
GetCurrentProcess
GetComputerNameA
CreateSemaphoreW
GlobalDeleteAtom
GetDriveTypeW
FlushFileBuffers
GetSystemDirectoryA
TlsSetValue
LeaveCriticalSection
EscapeCommFunction
VirtualProtect
SetLastError
GetModuleHandleExW
GetVersion
DebugBreak
PurgeComm

ws2_32

WSALookupServiceEnd
freeaddrinfo
WSAIoctl
getaddrinfo
WSALookupServiceBeginW
WSANSPIoctl
WSALookupServiceNextW

rpcrt4

IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
NdrMesTypeDecode2
NdrCStdStubBuffer_Release
CStdStubBuffer_DebugServerRelease
IUnknown_AddRef_Proxy
NdrMesTypeFree2
NdrMesTypeEncode2
NdrDllRegisterProxy
MesDecodeBufferHandleCreate
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_Invoke
NdrOleFree
MesEncodeDynBufferHandleCreate
CStdStubBuffer_DebugServerQueryInterface
MesHandleFree
NdrDllCanUnloadNow
CStdStubBuffer_AddRef
NdrDllUnregisterProxy
NdrOleAllocate
NdrDllGetClassObject
IUnknown_QueryInterface_Proxy
CStdStubBuffer_QueryInterface

ole32

OleIsCurrentClipboard
CreateDataAdviseHolder
CoUninitialize
CoInitializeEx
CLSIDFromString
WriteClassStm
OleSaveToStream
OleSetClipboard
OleUninitialize
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemRealloc
OleLoadFromStream
CoCreateInstance
CoGetMalloc
CreateOleAdviseHolder
CoInitialize
OleRegEnumVerbs
OleRegGetMiscStatus
OleInitialize
OleGetClipboard
CoTaskMemFree
OleRegGetUserType
StringFromCLSID

urlmon

CopyStgMedium

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 146KB - Virtual size: 944KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4527f1e7cf0416a949ef333a3a73976f

Headers

File Characteristics

Imports

iphlpapi

msvcrt

winmm

version

advapi32

netapi32

cryptui

ntdll

shell32

samlib

shlwapi

wininet

msimg32

crypt32

gdi32

setupapi

kernel32

ws2_32

rpcrt4

ole32

urlmon

Sections

.text Size: 19KB - Virtual size: 18KB

.data Size: 146KB - Virtual size: 944KB

.rsrc Size: 256KB - Virtual size: 256KB

.rdata Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 24B

.text
Size: 19KB - Virtual size: 18KB

.data
Size: 146KB - Virtual size: 944KB

.rsrc
Size: 256KB - Virtual size: 256KB

.rdata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 24B