5b32bba3c18e621fe28d7a5d27b54086_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5b32bba3c18e621fe28d7a5d27b54086_JaffaCakes118
Size

2.2MB
MD5

5b32bba3c18e621fe28d7a5d27b54086
SHA1

def2241b8b42421c5ee7e0a1c8a2387282115709
SHA256

12a19b07c9e2232309d2e31939ec7918cfddde31c1e647130b40783a26d3fb16
SHA512

7b2c4b70964f3f084e1779c9514642293187f4960bd00ffbcf6f4e50ecd59aaea7864d61c8d2fc716e5d7828ae9d0f52930b22b3d778d028a19a6e5d0ebe1008
SSDEEP

49152:p9Y+xZUP9cNRL1efiukMXo+OU96KZ5K1GEx1NJ39jTHKyhVO6W9SFQsQ8c2GyDi:p9Y+i9cxefiu3o+z9iJlJBTHS6W9oQjU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b32bba3c18e621fe28d7a5d27b54086_JaffaCakes118

Files

5b32bba3c18e621fe28d7a5d27b54086_JaffaCakes118
.exe windows:4 windows x86 arch:x86

34eb498e9b39df49f59ebe3443b3e755

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

gdi32

GetDeviceCaps
SetTextColor
DeleteObject
CreateFontIndirectW
SetBkColor
SelectObject
ExtTextOutW
GetTextMetricsW
GetObjectW

kernel32

FormatMessageW
lstrcpynW
MultiByteToWideChar
SetComputerNameExW
GetDriveTypeW
GetVersionExA
ExitProcess
GetModuleFileNameW
GlobalLock
UnhandledExceptionFilter
ExpandEnvironmentStringsW
GetUserDefaultLangID
GetCurrentThread
GetModuleHandleW
GetProcAddress
GetComputerNameW
lstrcpyW
GetLocaleInfoW
lstrcmpiW
GetSystemTimeAsFileTime
CloseHandle
InterlockedIncrement
LoadLibraryW
LocalFree
GetWindowsDirectoryW
DelayLoadFailureHook
MulDiv
ResetEvent
DosDateTimeToFileTime
CreateEventW
GetGeoInfoW
QueryPerformanceCounter
FreeLibrary
InterlockedCompareExchange
GlobalUnlock
LoadLibraryA
WideCharToMultiByte
TerminateProcess
WaitForSingleObject
GetSystemDefaultLCID
LocalAlloc
lstrcmpiA
GetACP
lstrlenW
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
InterlockedDecrement
GetUserGeoID
GetCurrentProcess
OpenEventW
CreateProcessW
DnsHostnameToComputerNameW
SetUnhandledExceptionFilter
GetLastError
GetUserDefaultLCID
CreateThread

msvcrt

_except_handler3
wcschr

ole32

CoInitialize
CreateBindCtx
ReleaseStgMedium
CoTaskMemFree
CoGetInterfaceAndReleaseStream
CoInitializeEx
CoUninitialize
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoMarshalInterThreadInterfaceInStream

user32

RegisterClipboardFormatW
GetDC
CheckRadioButton
LoadCursorW
IsWindowEnabled
IsWindowVisible
LoadStringW
IsWindow
MapWindowPoints
SetCursor
CharNextW
GetWindowLongW
CheckDlgButton
EnableWindow
KillTimer
SetForegroundWindow
DialogBoxParamW
CharLowerBuffW
ReleaseDC
OffsetRect
RegisterWindowMessageW
ShowWindow
SystemParametersInfoW
LoadIconW
GetWindowLongA
SendDlgItemMessageW
GetSysColor
SetTimer
GetDlgItemTextW
GetWindowTextLengthW
GetWindowTextW
DrawFocusRect
SetWindowLongW
LoadImageW
GetSystemMetrics
DestroyIcon
WinHelpW
GetDialogBaseUnits
GetDesktopWindow
GetClientRect
EndDialog
SendMessageW
GetWindowRect
PostMessageW
MoveWindow
SetFocus
SetWindowTextW
FindWindowW
RedrawWindow
SetDlgItemTextW
DrawTextExW
MessageBoxW
GetDlgCtrlID
SetWindowPos
GetDlgItem
GetParent
IsDlgButtonChecked

advapi32

GetTokenInformation
AllocateAndInitializeSid
OpenSCManagerW
LookupAccountNameW
LsaStorePrivateData
OpenThreadToken
CopySid
QueryServiceStatus
CreateProcessWithLogonW
RegOpenKeyExA
LsaClose
RegSetValueExW
GetLengthSid
RegCreateKeyExW
OpenProcessToken
IsValidSid
CheckTokenMembership
RegQueryValueExW
EqualSid
OpenServiceW
LsaOpenPolicy
FreeSid
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyW
RegQueryValueExA
RegCloseKey
LookupAccountSidW
CloseServiceHandle

netapi32

NetUserDel
NetApiBufferFree
NetValidateName
NetUnjoinDomain
DsRoleGetPrimaryDomainInformation
NetLocalGroupEnum
NetUserAdd
NetUserSetInfo
DsRoleFreeMemory
NetJoinDomain
NetLocalGroupDelMembers
NetUserGetInfo
DsGetDcNameW
NetUserGetLocalGroups
NetLocalGroupAddMembers
NetRenameMachineInDomain
NetLocalGroupGetMembers

urlmon

URLDownloadToCacheFileW

secur32

TranslateNameW

mpr

WNetCloseEnum
WNetEnumResourceW
WNetCancelConnection2W
WNetOpenEnumW
WNetGetConnectionW
WNetAddConnection3W

shlwapi

PathIsUNCW
StrCpyNW
StrCatBuffW
PathRenameExtensionW
StrToIntExW
PathMatchSpecW
StrRetToBufW
UrlCombineW
wnsprintfW
StrToIntW
PathCombineW
PathFindExtensionW
PathAppendW
StrCmpNIW
SHSetValueW
StrCmpW
PathGetDriveNumberW
PathParseIconLocationW
StrChrW
PathRemoveFileSpecW
SHStrDupW
SHRegGetBoolUSValueW
PathFindFileNameW
AssocQueryStringW
StrDupW
PathRemoveBackslashW
PathIsUNCServerW
UrlGetPartW
SHGetValueW
StrCmpIW

ntdsapi

DsCrackNamesW
DsFreeNameResultW

shell32

SHCreateShellItem
SHGetDesktopFolder
SHParseDisplayName
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHBindToParent
SHGetFileInfoW
ShellExecuteExW
SHBrowseForFolderW

ntdll

NtAllocateVirtualMemory
RtlGetNtProductType
RtlLargeIntegerShiftRight
RtlInitUnicodeString

Sections

.text
Size: 841KB - Virtual size: 841KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34eb498e9b39df49f59ebe3443b3e755

Headers

File Characteristics

Imports

gdi32

kernel32

msvcrt

ole32

user32

advapi32

netapi32

urlmon

secur32

mpr

shlwapi

ntdsapi

shell32

ntdll

Sections

.text Size: 841KB - Virtual size: 841KB

.data Size: 1.2MB - Virtual size: 6.4MB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 66KB - Virtual size: 65KB

.rsrc Size: 60KB - Virtual size: 59KB

.reloc Size: 512B - Virtual size: 20B

.text
Size: 841KB - Virtual size: 841KB

.data
Size: 1.2MB - Virtual size: 6.4MB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 66KB - Virtual size: 65KB

.rsrc
Size: 60KB - Virtual size: 59KB

.reloc
Size: 512B - Virtual size: 20B