6401f2b8e61c860e2379299399c18b4c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6401f2b8e61c860e2379299399c18b4c_JaffaCakes118
Size

207KB
MD5

6401f2b8e61c860e2379299399c18b4c
SHA1

cb6521f790c85b452b7f08209317992fc9666744
SHA256

43a293020066b3e3ee801122599690e8f0a59b38ac9de476d99395d37958fc00
SHA512

6ee784dbebd28f591e8573b8bed220ec6cfd58a9c837473915d67e074a153d9c2b097cc4a01ec0bb29f96f142b4d925957900034a41083f05c66328ab59ff0f4
SSDEEP

6144:og3Z3aJXQfPf35zE+VhX2lmDJPBr+fmxczok:oaqJ+FE+TXE8pE/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6401f2b8e61c860e2379299399c18b4c_JaffaCakes118

Files

6401f2b8e61c860e2379299399c18b4c_JaffaCakes118
.exe windows:1 windows x86 arch:x86

59ec14f080ea9a6a14f4e55dbb57976e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsAlloc
GetModuleHandleW
lstrcpyW
GetUserDefaultLangID
HeapCreate
IsBadCodePtr
OpenSemaphoreW
LocalAlloc
GetCommandLineA
GetLocaleInfoA
OpenMutexA
FreeLibrary
GetExitCodeThread
LocalFree
lstrcmpiW
lstrcmpW
GetDateFormatA
lstrcpyn
GetProcAddress
CompareFileTime
IsBadReadPtr
GetAtomNameW
GetThreadPriority
GetMailslotInfo
GetCurrentDirectoryW
GlobalDeleteAtom
LoadLibraryA
SetCurrentDirectoryW
RaiseException
FatalAppExitW
OpenFile
GetEnvironmentStringsW
lstrcmpiA
LocalAlloc
GetModuleFileNameW
BeginUpdateResourceW
GetLocaleInfoW
IsDebuggerPresent
GetStringTypeA
DosDateTimeToFileTime
IsValidCodePage
MoveFileA
GetThreadLocale

user32

RegisterClassA
MonitorFromRect
AdjustWindowRect
LoadImageW
MessageBeep
LoadCursorA
GetDCEx
LoadMenuA
MessageBoxIndirectW
LoadMenuIndirectA
ShowWindow
CreateDialogIndirectParamW
FindWindowA
SetActiveWindow
MessageBoxIndirectA
SetForegroundWindow
GetClassInfoExW
LoadMenuIndirectW
wsprintfW
GetForegroundWindow
GetCaretPos
CreateDesktopW
DialogBoxParamA
GetMenuStringA
CreateWindowExW
MonitorFromPoint
FindWindowW
LoadIconA
GetCapture
PostMessageW
UnregisterClassA
WinHelpW
CharUpperA
SendDlgItemMessageA
SetDlgItemInt
InvalidateRgn
GetWindowRgn
mouse_event
PostQuitMessage
IsChild
OffsetRect
CharLowerW
GetDesktopWindow
DestroyIcon
TrackPopupMenu
WaitForInputIdle
RegisterWindowMessageW
LoadBitmapW
GetActiveWindow
LoadMenuW
GetAsyncKeyState
SetCapture
DialogBoxIndirectParamA
RemoveMenu
PostMessageA
ShowCursor
GetKeyState
EnumWindowStationsW
SetFocus
SetMenu

gdi32

ExtCreateRegion
CreateMetaFileW
GetEnhMetaFilePixelFormat
GetTextExtentPointW
CreateMetaFileA
RemoveFontResourceW
GetEnhMetaFileA
RemoveFontResourceA
SetWinMetaFileBits
CreateBitmapIndirect
CreatePolygonRgn
TranslateCharsetInfo
CreateEllipticRgn
CreatePolyPolygonRgn
SetMetaFileBitsEx
DeleteObject
CreateDIBSection
CreateFontA
CreateCompatibleDC
CreateFontW
CreatePatternBrush
CreateICA
CreateColorSpaceW
CreateSolidBrush
AddFontResourceA
CreateFontIndirectExA
GetMetaFileW
CreateHatchBrush

advapi32

RegQueryMultipleValuesA
RegCreateKeyW
RegSaveKeyW
RegSetValueA
RegEnumValueW
RegEnumValueA
RegDeleteKeyW
RegDeleteKeyA
RegEnumKeyW
RegReplaceKeyA

shlwapi

PathGetCharTypeW
SHRegOpenUSKeyW
UrlHashA
PathFindOnPathA
PathIsNetworkPathW

comctl32

ImageList_ReplaceIcon
DrawInsert
MenuHelp
ImageList_AddIcon

comdlg32

PageSetupDlgW
PrintDlgExW
PageSetupDlgA
FindTextA
PrintDlgExA
ChooseFontW
GetOpenFileNameW

version

GetFileVersionInfoW
VerInstallFileA
GetFileVersionInfoSizeW

ws2_32

select
WSAEnumProtocolsW
WSARecvDisconnect
gethostbyaddr
getservbyname
WSASendTo
gethostname
WSAConnect
getsockname

wininet

HttpAddRequestHeadersA
InternetConnectA
FtpDeleteFileW
FtpRenameFileA
UrlZonesDetach
InternetFindNextFileA
RetrieveUrlCacheEntryFileA
InternetConfirmZoneCrossingW
InternetCheckConnectionW
FtpCreateDirectoryW
InternetReadFileExA

winmm

mmioCreateChunk
waveInMessage
mmDrvInstall
mciGetCreatorTask
waveInUnprepareHeader
timeSetEvent
waveInClose
mciExecute
mixerGetLineControlsW
timeEndPeriod
mmioStringToFOURCCW
joyGetDevCapsW

inetcomm

CreateRASTransport
CreateIMAPTransport2
MimeOleGetPropertySchema
EssReceiptRequestEncodeEx
MimeOleParseRfc822Address
HrGetAttachIcon
MimeOleGetDefaultCharset
HrGetLastOpenFileDirectoryW
HrSaveAttachmentAs

oledlg

OleUIAddVerbMenuA
OleUIBusyW
OleUIBusyA
OleUIObjectPropertiesA
OleUIUpdateLinksA
OleUIEditLinksA
OleUIInsertObjectW
OleUICanConvertOrActivateAs

sqlunirl

_UpdateResource_@24
_SendMessageCallback_@24
_DefFrameProc_@20
_GetModuleHandle_@4
_MoveFile@8
_BeginUpdateResource_@8
_GetMenuString_@20
_CreateStatusWindow_@16
_CreateNamedPipe_@32

crypt32

CryptHashCertificate
CryptSIPRetrieveSubjectGuidForCatalogFile
CryptSIPRemoveProvider
CryptSIPCreateIndirectData
CertEnumPhysicalStore
CryptMsgSignCTL
CryptExportPublicKeyInfoEx
CertAlgIdToOID
CryptGetOIDFunctionAddress

Sections

.cj
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.aSlQE
Size: 142KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TaTuIe
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.aGuF
Size: 3KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Sd
Size: 2KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Um
Size: 2KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.IBzcYo
Size: 2KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WaZba
Size: 3KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RP
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_MEM_READ

.EIl
Size: 3KB - Virtual size: 14KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eYwI
Size: 1KB - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59ec14f080ea9a6a14f4e55dbb57976e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

comctl32

comdlg32

version

ws2_32

wininet

winmm

inetcomm

oledlg

sqlunirl

crypt32

Sections

.cj Size: 21KB - Virtual size: 20KB

.aSlQE Size: 142KB - Virtual size: 230KB

.TaTuIe Size: 1KB - Virtual size: 25KB

.aGuF Size: 3KB - Virtual size: 39KB

.rdata Size: 7KB - Virtual size: 6KB

.Sd Size: 2KB - Virtual size: 18KB

.Um Size: 2KB - Virtual size: 21KB

.IBzcYo Size: 2KB - Virtual size: 41KB

.WaZba Size: 3KB - Virtual size: 13KB

.data Size: 8KB - Virtual size: 11KB

.RP Size: 1KB - Virtual size: 5KB

.EIl Size: 3KB - Virtual size: 14KB

.eYwI Size: 1KB - Virtual size: 26KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 512B - Virtual size: 4KB

.cj
Size: 21KB - Virtual size: 20KB

.aSlQE
Size: 142KB - Virtual size: 230KB

.TaTuIe
Size: 1KB - Virtual size: 25KB

.aGuF
Size: 3KB - Virtual size: 39KB

.rdata
Size: 7KB - Virtual size: 6KB

.Sd
Size: 2KB - Virtual size: 18KB

.Um
Size: 2KB - Virtual size: 21KB

.IBzcYo
Size: 2KB - Virtual size: 41KB

.WaZba
Size: 3KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 11KB

.RP
Size: 1KB - Virtual size: 5KB

.EIl
Size: 3KB - Virtual size: 14KB

.eYwI
Size: 1KB - Virtual size: 26KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 512B - Virtual size: 4KB