660038567c12c420fd28e1553bda2ec8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

660038567c12c420fd28e1553bda2ec8_JaffaCakes118
Size

280KB
MD5

660038567c12c420fd28e1553bda2ec8
SHA1

60b87f44da58be98bd1ec253cfc6a0f6ce9b6ece
SHA256

85be795a382579aa7443b2326ac469c35fbad378fccf55fa05f6eb6880c63da9
SHA512

9c647f131ed6e1bc22a39c47f4d96334ecd51bf477b0e3140957dbe8098d77beb879a9b32120b397a83beeaaa93367b400adf73912f68d8595ecbdd7e8952590
SSDEEP

6144:o5d+vayOdOe3LKlI1TkDXQnxSCTIBjPwdXfJ0:Yd+i9bKhD4xNIBjgXfJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
660038567c12c420fd28e1553bda2ec8_JaffaCakes118

Files

660038567c12c420fd28e1553bda2ec8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b06a62109125c7fc6c616ff473dba590

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

clusapi.pdb

Imports

msvcrt

wcslen
_adjust_fdiv
malloc
_initterm
free
wcschr
wcsrchr
_vsnwprintf
_purecall
memmove
strtoul
_wcsnicmp
_ltow
_wtol
swprintf
iswspace
iswprint
strtok
_stricmp
wcsncpy
_wcsicmp
_itow
wcscat
wcscmp
wcscpy
??3@YAXPAX@Z
??2@YAPAXI@Z
_except_handler3

kernel32

MapViewOfFile
DeleteFileW
GetCurrentDirectoryW
GetComputerNameW
SystemTimeToFileTime
WriteFile
LoadLibraryExA
lstrcatA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
WideCharToMultiByte
GetUserDefaultLCID
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
MultiByteToWideChar
LocalReAlloc
lstrlenA
lstrcpyA
LoadLibraryA
FormatMessageW
lstrlenW
lstrcmpA
FindResourceA
LoadResource
LockResource
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetVersionExA
DisableThreadLibraryCalls
FreeLibrary
OutputDebugStringA
LoadLibraryW
CompareFileTime
GetSystemTimeAsFileTime
CreateFileMappingA
InitializeCriticalSection
GetModuleFileNameW
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
LocalFree
GetCurrentThread
GetCurrentProcess
CloseHandle
SetLastError
GetProcAddress
GetModuleHandleW
GetLastError
GetModuleHandleA
SetEndOfFile
SetFilePointer
GetLocalTime
CreateFileA
ExpandEnvironmentStringsA
Sleep
DelayLoadFailureHook
GetFileSize
UnmapViewOfFile
GetComputerNameExW
ExpandEnvironmentStringsW
CreateFileW
GetACP
MulDiv
CompareStringA
CompareStringW
GetDateFormatA
GetTimeFormatA
DeleteCriticalSection

advapi32

GetUserNameW
FreeSid
EqualSid
AllocateAndInitializeSid
CloseServiceHandle
StartServiceW
UnlockServiceDatabase
CryptGetUserKey
CryptDestroyKey
CryptSetProvParam
CryptAcquireContextW
CryptGetProvParam
CryptReleaseContext
RegQueryValueExA
RegCreateKeyExW
RegSetValueExW
RegSetValueExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenThreadToken
OpenProcessToken
GetTokenInformation
CryptGetKeyParam
RegOpenKeyExA
DuplicateToken
RegCreateKeyExA
RegEnumKeyExA
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
RegQueryInfoKeyA
QueryServiceStatus
StartServiceA
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceConfigA
LockServiceDatabase
ChangeServiceConfigA
CryptAcquireContextA

wintrust

WinVerifyTrustEx
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WintrustGetDefaultForUsage
WTHelperGetKnownUsages
TrustIsCertificateSelfSigned

crypt32

CertFindCertificateInStore
CertSetEnhancedKeyUsage
CryptInitOIDFunctionSet
CryptGetDefaultOIDDllList
CryptGetDefaultOIDFunctionAddress
CryptFreeOIDFunctionAddress
CryptFindOIDInfo
CertGetValidUsages
CertFreeCertificateContext
CertDuplicateCertificateContext
CertDuplicateStore
CertGetEnhancedKeyUsage
CertFindExtension
CryptDecodeObject
CryptEncodeObject
CertGetSubjectCertificateFromStore
CertOpenStore
CertCloseStore
CertGetCertificateContextProperty
CertGetPublicKeyLength
CertGetCTLContextProperty
CryptMsgGetParam
CryptMsgClose
CryptMsgUpdate
CryptMsgOpenToDecode
CryptMsgVerifyCountersignatureEncoded
CertFindAttribute
CryptMsgControl
CryptFormatObject
CertGetNameStringW
CertGetStoreProperty
CryptMsgDuplicate
CertFreeCTLContext
CryptQueryObject
CryptFindLocalizedName
CertEnumSystemStore
CertEnumPhysicalStore
CertCompareCertificate
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertSaveStore
CertDeleteCertificateFromStore
CryptEnumOIDInfo
CryptMsgEncodeAndSignCTL
CertAddCTLContextToStore
CertSetCTLContextProperty
CertCreateCTLContext
CryptSIPRetrieveSubjectGuid
CryptDecodeObjectEx
CertEnumCTLsInStore
CertVerifyTimeValidity
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertGetCertificateChain
CertCreateCertificateChainEngine
PFXExportCertStore
PFXExportCertStoreEx
CryptAcquireCertificatePrivateKey
CertFreeCRLContext
CertGetCRLFromStore
PFXVerifyPassword
CertAddCRLContextToStore
CertFindCTLInStore
CertFindCRLInStore
CryptFindCertificateKeyProvInfo
PFXImportCertStore
CertCreateCertificateContext
CertNameToStrW
CertSetCertificateContextProperty

user32

MapDialogRect
SetRect
CreateWindowExW
PostMessageW
DestroyIcon
CheckRadioButton
IsDlgButtonChecked
GetSysColor
IsWindowVisible
GetDialogBaseUnits
GetFocus
UpdateWindow
GetNextDlgTabItem
GetClientRect
DrawFocusRect
LoadCursorA
SetCursor
GetWindowRect
MapWindowPoints
FillRect
InvalidateRect
GetSysColorBrush
LoadBitmapW
GetDesktopWindow
LoadStringA
SendDlgItemMessageA
SetDlgItemTextW
SendMessageA
SetWindowTextA
GetDC
ReleaseDC
WinHelpW
ShowWindow
GetDlgItem
GetWindowTextW
EnableWindow
SetFocus
DialogBoxParamW
PeekMessageA
IsWindowEnabled
LoadIconA
GetUpdateRect
CallWindowProcA
BeginPaint
EndPaint
DrawIcon
wsprintfA
SetWindowPos
GetParent
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
GetDlgItemTextA
SetClassLongA
GetWindowLongA
MonitorFromWindow
GetMonitorInfoW
GetWindow
CopyRect
LoadCursorW
DestroyWindow
SystemParametersInfoA
MessageBoxExW
PostMessageA
RegisterClipboardFormatA
CreateWindowExA
MoveWindow
GetWindowDC
SetCapture
SetWindowLongA
ReleaseCapture
GetWindowLongW
DrawTextExW
SendDlgItemMessageW
EndDialog
SetWindowLongW
SetWindowTextW
SendMessageW
LoadStringW
MessageBoxW

gdi32

CreatePalette
CreateDIBitmap
RealizePalette
SelectPalette
SelectObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
SetBkColor
CreateBitmap
GetObjectA
GetTextExtentPoint32W
GetBkColor
CreateFontIndirectA
GetDeviceCaps
CreateFontIndirectW
GetObjectW
SetPixel
DeleteObject

rpcrt4

RpcNetworkIsProtseqValidA
RpcBindingFromStringBindingA
RpcBindingFree
UuidCreate
UuidToStringA
RpcStringFreeA
NdrClientCall2
RpcStringBindingComposeA
RpcEpResolveBinding

netapi32

DsGetDcNameW
NetGetDCName
NetApiBufferFree

wininet

InternetCrackUrlW
InternetCanonicalizeUrlW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 58KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 208KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b06a62109125c7fc6c616ff473dba590

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

wintrust

crypt32

user32

gdi32

rpcrt4

netapi32

wininet

version

Sections

.text Size: 58KB - Virtual size: 59KB

.data Size: 208KB - Virtual size: 314KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 58KB - Virtual size: 59KB

.data
Size: 208KB - Virtual size: 314KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 7KB - Virtual size: 7KB