67d44ce73c5971be05621d1388190e2c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

67d44ce73c5971be05621d1388190e2c_JaffaCakes118
Size

639KB
MD5

67d44ce73c5971be05621d1388190e2c
SHA1

99c00063f88d2dec4ea40e2d0c8b7d4c9577ff36
SHA256

4b421096cb7c703453e76827a620d4868ad9733d85ab9add6c3f12a45328c033
SHA512

465c2e55cd8a36a478797d4cf0f370441cf2a7b8ff1358dc29fd7edd211c1e2d38fc4ea12344c9e39f4becb6e7e27ea1663b8fd0981a2129b2ddb400dfd3e1f5
SSDEEP

12288:hk4RpxGNf5xTLiip70uAvjH6xybefLjpfNkXRgVTg:hk4Rp0Nf5xTmip70uAvr6obefZlvTg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67d44ce73c5971be05621d1388190e2c_JaffaCakes118

Files

67d44ce73c5971be05621d1388190e2c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6c8573d86168067fa138f323dbd9ef3b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

ord1141
ord1120
ord1119
gethostbyname
getservbyport
WSACancelBlockingCall
gethostbyaddr
WSAUnhookBlockingHook
htonl
ntohl
ord1114
WSAAsyncGetServByName
getsockopt
ioctlsocket
WSAAsyncGetServByPort
ord1110
ord1116
ord1115
WSAAsyncGetProtoByName
gethostname
getprotobyname
socket
getprotobynumber
ord1111
ord1117
recv
getservbyname
inet_ntoa
WSAIsBlocking
WSAAsyncGetProtoByNumber
WSASetBlockingHook
ord1109
listen
ord1112
ord1118
shutdown
send
setsockopt
WSAAsyncSelect
connect
ntohs
closesocket
getpeername
WSAStartup
bind
ord1140
ord1107

comdlg32

GetOpenFileNameW
GetFileTitleA
ChooseFontW
LoadAlterBitmap
PrintDlgA
ChooseColorW
ReplaceTextW
PageSetupDlgW
FindTextW
GetSaveFileNameA
ReplaceTextA
ChooseColorA

advapi32

RegQueryValueA
RegQueryValueExW
RegEnumValueW
RegReplaceKeyA
GetUserNameW
CryptSetProviderA
CryptContextAddRef
RegSetValueW
CryptSignHashW
CryptGenKey
LogonUserW
RegReplaceKeyW
CryptEnumProvidersA
CryptEnumProviderTypesW
CryptAcquireContextW
RegEnumKeyA
RegLoadKeyW
RegEnumValueA
DuplicateToken
ReportEventA
CryptGetHashParam
GetUserNameA
RegCreateKeyExW
RegSetValueExA
CryptVerifySignatureW
InitiateSystemShutdownW
RegCreateKeyExA
CryptDeriveKey
CreateServiceW
RegQueryInfoKeyA
RegDeleteKeyA
LookupPrivilegeValueW
InitializeSecurityDescriptor
RegNotifyChangeKeyValue
RegQueryMultipleValuesA
LookupAccountNameA
RegLoadKeyA
StartServiceA
CryptDestroyHash
CryptEnumProviderTypesA
CryptGetProvParam
StartServiceW
RegQueryValueExA
CryptSetKeyParam
RegSaveKeyW
RegCreateKeyW
LookupSecurityDescriptorPartsW
CreateServiceA
CryptSignHashA
CryptDestroyKey
CryptDuplicateHash
CryptDuplicateKey
LookupPrivilegeNameW

gdi32

OffsetRgn
AbortDoc
CreateDiscardableBitmap
GetKerningPairs
GetMiterLimit
SetBrushOrgEx
GetMapMode
CreateRectRgnIndirect
CreatePalette
GetBoundsRect
GetOutlineTextMetricsA
SetGraphicsMode
GetEnhMetaFileDescriptionW
CreateICA
ExcludeClipRect
SetMiterLimit
CreateDIBPatternBrushPt
GdiPlayScript
GetObjectA
GetTextColor
PlgBlt
GetDIBColorTable
GdiGetBatchLimit
CreateEllipticRgn
GetLayout
GetAspectRatioFilterEx
CreateFontA
SetICMProfileW
StrokePath
ScaleViewportExtEx
FloodFill
SetDeviceGammaRamp
GetBitmapDimensionEx
GetRegionData
CreateFontIndirectW
CloseEnhMetaFile
CreateSolidBrush
GetColorAdjustment
CreateBrushIndirect
CreatePolyPolygonRgn
PolyBezierTo
GetEnhMetaFileHeader
SetBkColor
GetTextExtentPointA
GetROP2
GetGlyphOutlineW
SetBitmapDimensionEx
GetCharABCWidthsFloatA
CreatePenIndirect
SetROP2
GetICMProfileW
PtInRegion
GetDCOrgEx
GetTextFaceW
TranslateCharsetInfo
SetTextJustification
CreateColorSpaceA
CreateScalableFontResourceA
CreatePatternBrush
GetRandomRgn
CreateEllipticRgnIndirect
SetWindowOrgEx
CreateDIBitmap
GetArcDirection
GetCharWidthW
RemoveFontResourceA
GetCharWidth32A
SetICMMode
SetLayout
GetBkColor
AbortPath
PlayMetaFile
EnableEUDC
SetICMProfileA
GetMetaRgn
OffsetViewportOrgEx
CloseFigure
CloseMetaFile
GetTextExtentExPointW
GetFontLanguageInfo
DeviceCapabilitiesExW
GetGlyphOutline
GetEnhMetaFileDescriptionA
EnumFontsW
PolyTextOutW
StartDocW
GetPixelFormat
EnumEnhMetaFile
CreateDIBSection
ExtFloodFill
ModifyWorldTransform
SetBitmapBits
CreateDCW
EnumFontFamiliesW
PolyDraw
PolyTextOutA
GdiSetBatchLimit
GetTextExtentPoint32A
PathToRegion
CreateBitmap
RemoveFontResourceW
GetEnhMetaFilePaletteEntries
CreateEnhMetaFileA
BeginPath
GetNearestPaletteIndex
GetWindowExtEx
ExtCreatePen
UpdateICMRegKeyW
PolyPolyline
SetWindowExtEx
GetPath
PolyBezier
PaintRgn
GetCharABCWidthsW
EqualRgn
GetViewportOrgEx
AddFontResourceW
SetPaletteEntries
SetBkMode
GetTextCharacterExtra
SelectClipPath
GetBrushOrgEx
PlayEnhMetaFile
GetTextExtentExPointA
PlayMetaFileRecord
CreateRoundRectRgn
TextOutW
SetColorAdjustment
SaveDC
ExtTextOutW
SetPolyFillMode
EnumICMProfilesW
SetMagicColors
CreateMetaFileA
PlayEnhMetaFileRecord
CreateHalftonePalette
GetPixel
EndPage
GetFontData
OffsetClipRgn
GetMetaFileW
StartPage
GetRgnBox
GetBitmapBits
CreateFontW
SetAbortProc
PatBlt
Escape
GetOutlineTextMetricsW
EnumFontFamiliesExW
SelectObject
ScaleWindowExtEx
RoundRect
GdiPlayDCScript
AnimatePalette
PolyPolygon
GdiPlayJournal
CreateColorSpaceW
ResetDCW
GetCharWidthA
CreatePolygonRgn
EndPath
ChoosePixelFormat
CopyMetaFileA
CheckColorsInGamut
GetCharABCWidthsFloatW
Polyline
GetClipBox
CreateDIBPatternBrush
GetCharABCWidthsA
ExtCreateRegion
RectVisible
GetCurrentPositionEx
SetPixelFormat
CreatePen
CreateRectRgn
SetSystemPaletteUse
GetTextCharsetInfo
GetStockObject
CreateMetaFileW
GetCharWidthFloatA
ColorMatchToTarget
GetPaletteEntries

kernel32

ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
HeapAlloc
HeapFree
VirtualAlloc
VirtualAllocEx
Toolhelp32ReadProcessMemory
DisconnectNamedPipe
GetLargestConsoleWindowSize
WaitNamedPipeW
Module32First
BeginUpdateResourceW
CopyFileA
GlobalFindAtomW
LockFile
MapViewOfFileEx
GetCalendarInfoA
VirtualUnlock
GetDiskFreeSpaceA
CreateNamedPipeA
GetLongPathNameW
SetWaitableTimer
GlobalFree
GetThreadPriority
FlushInstructionCache
Process32Next
WritePrivateProfileSectionW
LocalFlags
ExpandEnvironmentStringsW
lstrcmpi
Heap32Next
lstrlenW
FindFirstChangeNotificationW
WriteConsoleOutputA
GetShortPathNameW
CompareStringA
GlobalMemoryStatus
SetCriticalSectionSpinCount
GetComputerNameW
LocalHandle
IsDebuggerPresent
SetPriorityClass
SetThreadPriorityBoost
CreatePipe
GetPrivateProfileSectionNamesW
SetConsoleTextAttribute
GetFileAttributesA
FindClose
CreateRemoteThread
WritePrivateProfileSectionA
SetConsoleCursorInfo
UnlockFileEx
SetFilePointer
WaitForDebugEvent
GetUserDefaultLangID
FindNextFileA
Heap32ListFirst
SignalObjectAndWait
DeleteFiber
GetCommandLineA
EnumResourceTypesW
Thread32Next
LoadResource
GetEnvironmentStringsA
Thread32First
GetCurrentDirectoryA
DeleteFileA
FillConsoleOutputCharacterA
GlobalCompact
GetCurrencyFormatW
VirtualLock
CreateProcessA
GetStringTypeA
GlobalFix
CreateMutexA
GetDiskFreeSpaceExW
WaitForSingleObjectEx
ReleaseMutex
GetCurrentThread
ReadProcessMemory
ReadConsoleOutputCharacterA
lstrlen
DebugBreak
GetExitCodeThread
WriteConsoleOutputCharacterA
GlobalFindAtomA
GetPrivateProfileStructW
GlobalGetAtomNameA
FormatMessageW
CreateDirectoryW
SetEnvironmentVariableA
VirtualProtectEx
GetPrivateProfileStringW
OpenWaitableTimerW
SetCurrentDirectoryA
GetThreadContext
ReadConsoleOutputA
IsValidLocale
FindFirstFileA
ReadConsoleOutputAttribute
FindResourceW
GlobalAddAtomW
WriteConsoleInputA
SetCurrentDirectoryW
GetProfileSectionW
CreateEventA
AddAtomW
SetVolumeLabelA
GetCurrencyFormatA
GetACP
LocalAlloc
GetFileSize
TransactNamedPipe
FreeEnvironmentStringsW
GetFileTime
ReadFileScatter
lstrcatW
GetStringTypeW
SetVolumeLabelW
FoldStringW
CreateFileMappingW
EnumResourceNamesA
LocalSize
InitializeCriticalSectionAndSpinCount
SleepEx
FindResourceExA
GetQueuedCompletionStatus
GetDateFormatA
TransmitCommChar
CreateConsoleScreenBuffer
GlobalDeleteAtom
lstrcpyA
ReadConsoleA
EnumSystemLocalesA
WideCharToMultiByte
MoveFileExA
HeapLock
GetConsoleScreenBufferInfo
GetModuleHandleW
EnumCalendarInfoA
EnumSystemCodePagesW
FreeEnvironmentStringsA
ReadDirectoryChangesW
WriteProfileStringW
SetConsoleWindowInfo
GetMailslotInfo
CreateTapePartition
CreateThread
DeleteFileW
CreateDirectoryExW
CreateWaitableTimerW
SetConsoleCtrlHandler
FindResourceA
lstrcpy
SetComputerNameW
GetSystemPowerStatus
GetConsoleCursorInfo
CopyFileExA
HeapWalk
FindFirstFileW
GetDriveTypeA
GetPrivateProfileSectionA
SetConsoleTitleA
GetStringTypeExA
GetLocalTime
InterlockedDecrement
GetFullPathNameW
ContinueDebugEvent
LocalCompact
SystemTimeToTzSpecificLocalTime
lstrcmpA
GetLocaleInfoA
GetPrivateProfileStringA
EraseTape
FindNextChangeNotification
SetFileTime
DeviceIoControl
ReadConsoleInputW
GetNumberFormatW
DefineDosDeviceW
GetLogicalDriveStringsA
RtlFillMemory
CompareFileTime
UpdateResourceW
LoadLibraryExW
FlushConsoleInputBuffer
WriteFileEx
SetConsoleOutputCP
CommConfigDialogW
DeleteCriticalSection
EnterCriticalSection
GetSystemTime
OpenMutexW
GetTempPathA
lstrcmp
WriteProfileSectionA
GetCalendarInfoW
GetProfileStringW
GetConsoleOutputCP
GetEnvironmentVariableW
CreateMutexW
TryEnterCriticalSection
GetThreadPriorityBoost
WriteFileGather
ConvertDefaultLocale
GetTempPathW
WriteConsoleInputW
GetSystemDefaultLCID
LocalFileTimeToFileTime
GetProcessHeaps
SetSystemTimeAdjustment
DisableThreadLibraryCalls
GetVolumeInformationA
GetProfileIntA
CreateProcessW
VirtualQueryEx
TlsGetValue
OpenSemaphoreA
TlsFree
LocalLock
LockFileEx
BeginUpdateResourceA
GlobalWire
GlobalAlloc
SetConsoleScreenBufferSize
GetAtomNameA
lstrcmpiW
OpenMutexA
GetPrivateProfileIntW
MoveFileExW
OpenWaitableTimerA
OpenFile
MultiByteToWideChar
GetProfileIntW
GetEnvironmentStrings

shell32

DragQueryFileAorW
ShellExecuteExW
SHFileOperation
SHGetFileInfoW
ExtractIconEx
ShellExecuteEx
ExtractAssociatedIconExW
FreeIconList
RealShellExecuteExW
SHGetSpecialFolderPathA
ShellExecuteExA
SheChangeDirExW
SHGetFileInfo
ShellExecuteW
SHAppBarMessage
SHQueryRecycleBinW
SHBrowseForFolder
InternalExtractIconListW
DragQueryPoint
RealShellExecuteW
ShellAboutA
SHFileOperationW
DragAcceptFiles
ShellHookProc
CommandLineToArgvW
RealShellExecuteA
SHGetPathFromIDListW
SheChangeDirA
DoEnvironmentSubstA
SHGetSpecialFolderPathW
DragQueryFileW
DragFinish
ShellAboutW
SHGetDesktopFolder
RealShellExecuteExA
SHInvokePrinterCommandA
SHGetFileInfoA
SHGetSettings
DragQueryFileA
ExtractIconExA
InternalExtractIconListA
ShellExecuteA
ExtractIconW
DuplicateIcon
FindExecutableA
ExtractIconA
SHFreeNameMappings
SHGetPathFromIDList
ExtractAssociatedIconExA
SHGetDataFromIDListA
ExtractIconExW
SHGetDiskFreeSpaceA
SHQueryRecycleBinA
SHChangeNotify
SHBrowseForFolderA
SHGetPathFromIDListA
FindExecutableW
SHFormatDrive
SHInvokePrinterCommandW
SHGetMalloc
SHUpdateRecycleBinIcon
SHGetDataFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHEmptyRecycleBinW
SHGetInstanceExplorer
SHAddToRecentDocs
SHFileOperationA
SHLoadInProc
SHEmptyRecycleBinA
CheckEscapesW
SHGetNewLinkInfo
ExtractAssociatedIconW
DoEnvironmentSubstW
ExtractAssociatedIconA
DragQueryFile

Sections

.text
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdata
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6c8573d86168067fa138f323dbd9ef3b

Headers

File Characteristics

Imports

wsock32

comdlg32

advapi32

gdi32

kernel32

shell32

Sections

.text Size: 157KB - Virtual size: 156KB

.sdata Size: 223KB - Virtual size: 223KB

.bss Size: 258KB - Virtual size: 258KB

.text
Size: 157KB - Virtual size: 156KB

.sdata
Size: 223KB - Virtual size: 223KB

.bss
Size: 258KB - Virtual size: 258KB