6a008789449e83ba7b104e45029bf73c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6a008789449e83ba7b104e45029bf73c_JaffaCakes118
Size

171KB
MD5

6a008789449e83ba7b104e45029bf73c
SHA1

bc5c5d05b1804a145625fec440390446775fd4fc
SHA256

1e1321bef1faddb1080ed0f45151d2c235aa7baa89f38aa1f29f77279e41228f
SHA512

83ee07a45e0b53a63fbd5a269f17e8f19b958a1e6586900b70d69f80841f5a9e0dd0d1d62e2fe9394d6f7aa6ecceda4dc4c827db8d81928484f14f0283c0610b
SSDEEP

3072:RVfw9Draqreo6C+gL2VPC9wt/WpMGA8SF2dWXfp8sir+MAv6Zg4li:RZwhGqrL4c2VPCbpMGA8SLyLryMg4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a008789449e83ba7b104e45029bf73c_JaffaCakes118

Files

6a008789449e83ba7b104e45029bf73c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7f1257c8e8a222a84f0a75d7ea1f931d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToDosDateTime
GetTempFileNameW
HeapReAlloc
CreateMutexW
FindFirstFileW
SetEndOfFile
HeapAlloc
SystemTimeToFileTime
GetCurrentProcess
SetFilePointerEx
GetLogicalDriveStringsW
HeapFree
GetProcessHeap
IsBadReadPtr
SetFileTime
VirtualQueryEx
Thread32First
WideCharToMultiByte
ReadProcessMemory
HeapDestroy
HeapCreate
lstrcpynW
Thread32Next
GetTimeZoneInformation
MultiByteToWideChar
lstrlenW
FlushFileBuffers
CreateToolhelp32Snapshot
GetFileSizeEx
OpenMutexW
GetLastError
VirtualProtectEx
GetEnvironmentVariableW
FindClose
RemoveDirectoryW
QueryDosDeviceW
FindNextFileW
GetFileTime
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
ExpandEnvironmentStringsW
MoveFileExW
GetUserDefaultUILanguage
GlobalLock
GlobalUnlock
GetNativeSystemInfo
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
TlsAlloc
TlsFree
GetPrivateProfileStringW
GetPrivateProfileIntW
GetLocalTime
Process32NextW
Process32FirstW
OpenProcess
CreateRemoteThread
SetFileAttributesW
WTSGetActiveConsoleSessionId
lstrcmpiA
CreateFileW
GetFileAttributesW
LoadLibraryW
GetSystemTime
CreatePipe
ReadFile
WriteFile
SetHandleInformation
CreateProcessW
LoadLibraryA
GetCurrentThreadId
SetLastError
GetTickCount
ResetEvent
SetThreadPriority
TerminateProcess
TlsSetValue
GetCurrentThread
VirtualAllocEx
TlsGetValue
CreateDirectoryW
FreeLibrary
GetProcessId
EnterCriticalSection
VirtualAlloc
LeaveCriticalSection
InitializeCriticalSection
SetThreadContext
GetThreadContext
CreateThread
WriteProcessMemory
LocalFree
GetCurrentProcessId
CloseHandle
DuplicateHandle
OpenEventW
GetFileAttributesExW
VirtualProtect
GetModuleHandleA
WaitForSingleObject
lstrcmpiW
WaitForMultipleObjects
CreateEventW
GetProcAddress
ExitThread
GetModuleFileNameW
GetVersionExW
Sleep
VirtualFreeEx
VirtualFree
GetModuleHandleW
SetEvent
GetComputerNameW
SetErrorMode
GetCommandLineW
ExitProcess
ReleaseMutex
GetTempPathW

user32

CharLowerBuffA
MapVirtualKeyW
MsgWaitForMultipleObjects
WindowFromPoint
CharLowerA
CharUpperW
SetWindowLongW
GetWindow
CharLowerW
DrawIcon
GetIconInfo
GetMessageA
GetWindowRect
SetCapture
GetParent
GetClassLongW
RegisterWindowMessageW
SetCursorPos
GetWindowLongW
PeekMessageW
PeekMessageA
SetWindowPos
GetCursorPos
SendMessageTimeoutW
IsWindow
ReleaseCapture
MapWindowPoints
CallWindowProcW
GetWindowThreadProcessId
EndPaint
GetUpdateRgn
GetWindowDC
FillRect
PostMessageW
GetWindowInfo
GetMenuItemID
SetKeyboardState
GetSubMenu
MenuItemFromPoint
GetMenu
GetMenuItemRect
TrackPopupMenuEx
SystemParametersInfoW
GetClassNameW
GetMenuState
GetMenuItemCount
HiliteMenuItem
EndMenu
GetShellWindow
CreateDesktopW
SetProcessWindowStation
GetThreadDesktop
CloseWindowStation
CreateWindowStationW
GetProcessWindowStation
OpenDesktopW
GetUserObjectInformationW
OpenWindowStationW
DefDlgProcW
DefFrameProcA
RegisterClassExW
DefWindowProcA
DefMDIChildProcW
DefDlgProcA
SwitchDesktop
DefMDIChildProcA
RegisterClassW
GetCapture
CallWindowProcA
DrawEdge
BeginPaint
GetUpdateRect
DefFrameProcW
RegisterClassA
GetKeyboardState
GetDC
IntersectRect
GetDCEx
ReleaseDC
PostThreadMessageW
EqualRect
PrintWindow
SendMessageW
IsRectEmpty
CharToOemW
DestroyWindow
GetMessageW
RegisterClassExA
LoadCursorW
OpenInputDesktop
ExitWindowsEx
CloseDesktop
TranslateMessage
LoadIconW
GetClipboardData
ToUnicode
GetTopWindow
GetMessagePos
LoadImageW
CreateWindowExA
ShowWindow
SetThreadDesktop
UpdateWindow
GetKeyboardLayoutList
DefWindowProcW
DispatchMessageW
GetSystemMetrics
GetAncestor

advapi32

IsWellKnownSid
GetLengthSid
CreateProcessAsUserA
CreateProcessAsUserW
EqualSid
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptCreateHash
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegCloseKey
RegSetValueExW
CryptHashData
InitiateSystemShutdownExW
SetSecurityInfo
ConvertSidToStringSidW
RegEnumKeyExW

shlwapi

PathAddExtensionW
StrStrIW
StrStrIA
PathQuoteSpacesW
PathIsURLW
wvnsprintfA
StrCmpNIA
PathMatchSpecW
PathUnquoteSpacesW
PathRenameExtensionW
PathCombineW
SHDeleteKeyW
PathSkipRootW
SHDeleteValueW
PathAddBackslashW
PathFindFileNameW
PathIsDirectoryW
wvnsprintfW
UrlUnescapeA
StrCmpNIW
PathRemoveFileSpecW
PathRemoveBackslashW

shell32

ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW

secur32

GetUserNameExW

ole32

CLSIDFromString
StringFromGUID2
CoInitializeEx
CoUninitialize
CoCreateInstance

gdi32

SelectObject
GetStockObject
RestoreDC
SaveDC
CreateCompatibleDC
SetRectRgn
GdiFlush
DeleteDC
SetViewportOrgEx
CreateCompatibleBitmap
GetDIBits
GetDeviceCaps
CreateDIBSection
DeleteObject

ws2_32

WSASetLastError
freeaddrinfo
socket
bind
recv
setsockopt
shutdown
getsockname
inet_addr
WSAEventSelect
WSASend
gethostbyname
closesocket
send
listen
accept
WSAGetLastError
getaddrinfo
WSAStartup
WSAAddressToStringW
connect
WSAIoctl
sendto
getpeername
recvfrom
select

crypt32

CryptUnprotectData
PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore

wininet

InternetQueryOptionW
InternetCrackUrlA
InternetReadFile
InternetSetOptionA
InternetCloseHandle
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpAddRequestHeadersA
HttpSendRequestW
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpSendRequestExA
InternetQueryOptionA
InternetConnectA
InternetOpenA
HttpSendRequestA
HttpQueryInfoA
HttpOpenRequestA

oleaut32

SysFreeString
VariantInit
SysAllocString
VariantClear

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

PlaySoundW
waveOutSetVolume
waveOutGetVolume
PlaySoundA

Sections

.text
Size: 161KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f1257c8e8a222a84f0a75d7ea1f931d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

version

winmm

Sections

.text Size: 161KB - Virtual size: 164KB

.data Size: 1KB - Virtual size: 12KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 161KB - Virtual size: 164KB

.data
Size: 1KB - Virtual size: 12KB

.reloc
Size: 7KB - Virtual size: 6KB