6f05c6a5a7dc606918899c1cbd865c8b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6f05c6a5a7dc606918899c1cbd865c8b_JaffaCakes118
Size

243KB
MD5

6f05c6a5a7dc606918899c1cbd865c8b
SHA1

9f2f4b18adec17442bf8503b1cac0444ee373702
SHA256

b8451d83c5a9ea98b42928200d7b8ae11f2a63434753d8b0c6d28d6b7650b119
SHA512

b0a5531a69a4ea17daf07c42806dd3d5e3b9c9317f35d77d74cecc6edc3ce87b6a61af87d9c743dfa1ef5074ae7ae3fefddeb47d2d338d10ff897ffa9be2ee9d
SSDEEP

3072:7YIiZTc+qRBEW8mpuPHk3389XkJ+jO7rwPxTwG5OWV7B/cUp57yyQA8iEMs7m9hR:8c+vPmpokHkXM+jOXcTwCOWzN/hUMR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f05c6a5a7dc606918899c1cbd865c8b_JaffaCakes118

Files

6f05c6a5a7dc606918899c1cbd865c8b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7e34084957023618f09862a71fb22cb0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
HeapCreate
HeapFree
VirtualFree
FlushFileBuffers
HeapAlloc
HeapReAlloc
VirtualAlloc
InitializeCriticalSectionAndSpinCount
SetFilePointer
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
SetEndOfFile
GetProcessHeap
ReadFile
GetTickCount
GetLocalTime
Sleep
GetModuleFileNameA
GetCommandLineA
GetTempPathA
CreateDirectoryA
DeleteFileA
RemoveDirectoryA
MoveFileA
CreateMutexA
GetLastError
lstrcpyA
lstrcatA
lstrlenA
ExpandEnvironmentStringsA
GetFileAttributesExA
CreateThread
WaitForSingleObject
TerminateThread
CloseHandle
HeapSize
HeapDestroy
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryW
ExitProcess
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetLastError
TlsFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetModuleHandleW
TlsGetValue
GetProcAddress
IsBadReadPtr
HeapValidate
GetStartupInfoA
GetModuleFileNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement

user32

wsprintfA

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegSetValueExA

ole32

CoInitialize
GetClassFile

shell32

ShellExecuteA

shlwapi

PathFindFileNameA
PathGetArgsA
PathRemoveBlanksA
PathIsDirectoryA
PathFileExistsA

gdi32

SetRectRgn
GetEnhMetaFileDescriptionA
GetBitmapBits
SetMapMode
AnimatePalette
GdiAlphaBlend
CreateFontIndirectExA
Ellipse
EnumFontFamiliesW
GetICMProfileW
GetGlyphOutlineA
LPtoDP
EndDoc
RemoveFontResourceExA
OffsetWindowOrgEx
EnumFontFamiliesA
CreatePenIndirect
GetPaletteEntries
SetViewportOrgEx
CombineTransform
SetWindowOrgEx
PlayMetaFileRecord
CreateDIBPatternBrush
DeleteColorSpace
AbortDoc
AngleArc
InvertRgn
PlayEnhMetaFile
GetCharABCWidthsI
BeginPath
StartDocW
GetCharABCWidthsA
GetMetaFileBitsEx
GetSystemPaletteEntries
OffsetClipRgn
PolyBezier
EnumEnhMetaFile
GetFontLanguageInfo
ExtTextOutW
SaveDC
PaintRgn
ScaleViewportExtEx
CloseMetaFile
GetGlyphOutlineW
PolyBezierTo
GetTextExtentPointI
DeleteDC
RealizePalette
CreateEnhMetaFileA
SetPixel
UnrealizeObject
SetPaletteEntries
GdiGetBatchLimit
SetLayout
PolyPolyline
AddFontResourceW
PolylineTo
GetMetaRgn
SelectClipPath
SetWindowExtEx
TranslateCharsetInfo
CreateICW
OffsetViewportOrgEx
GetKerningPairsW
GetObjectA
GetCharWidthI
GetCharWidth32W
GetStretchBltMode
SwapBuffers
ResetDCA
GetGlyphIndicesA
Chord
MaskBlt
RemoveFontResourceA
GetMetaFileA
CreateRectRgn
GetDeviceGammaRamp
GetRandomRgn
ExtFloodFill
GetCurrentPositionEx
GetROP2
CreateDIBitmap
CreateDiscardableBitmap
GetBkColor
GetTextExtentPointW
AddFontResourceA
GetCharWidthFloatW
GetAspectRatioFilterEx
GetBoundsRect
CreatePatternBrush
CreateDIBSection
RemoveFontMemResourceEx
Polyline
GetCharABCWidthsFloatA

ws2_32

recv
closesocket
__WSAFDIsSet
select
connect
ioctlsocket
htons
socket
gethostbyname
WSAStartup
send

netapi32

Netbios

comdlg32

CommDlgExtendedError
ChooseFontA
PrintDlgA
FindTextW
ChooseColorW
ChooseColorA
PageSetupDlgW
GetSaveFileNameA
GetOpenFileNameW
FindTextA

comsvcs

CoEnterServiceDomain
SafeRef

crypt32

CryptHashCertificate
CertEnumPhysicalStore
CryptExportPublicKeyInfoEx
CertGetNameStringA
CertSetCertificateContextPropertiesFromCTLEntry
CryptVerifyCertificateSignatureEx
CryptEnumKeyIdentifierProperties
CryptGetDefaultOIDDllList
CertDuplicateCTLContext
CertAddCRLLinkToStore
CryptMsgGetAndVerifySigner
CertCreateCTLEntryFromCertificateContextProperties
CryptInitOIDFunctionSet
CertEnumCertificateContextProperties
CryptHashMessage
CryptVerifyMessageHash
CertOIDToAlgId
CertAddEncodedCTLToStore
CryptHashPublicKeyInfo
CryptMsgControl
CryptGetOIDFunctionValue
PFXIsPFXBlob
CertRDNValueToStrW
CryptGetOIDFunctionAddress
CertRDNValueToStrA
CryptGetAsyncParam
CertVerifyValidityNesting
CertGetCRLContextProperty
CertCreateCRLContext
CryptVerifyDetachedMessageSignature
CryptEncodeObject
CertResyncCertificateChainEngine
CertCompareIntegerBlob
CertAddCertificateLinkToStore
CryptEnumOIDInfo
CryptSignMessageWithKey
CertCreateCertificateContext
CertOpenStore
CryptMsgVerifyCountersignatureEncoded
CertFindCertificateInStore
CertGetEnhancedKeyUsage
CertVerifyRevocation
CryptVerifyMessageSignatureWithKey
CryptInstallOIDFunctionAddress
CertSetCRLContextProperty
CertFindChainInStore
CertGetCertificateChain
CryptVerifyCertificateSignature
CryptUninstallDefaultContext
CryptExportPKCS8
CertSetStoreProperty
CryptQueryObject
CryptRegisterDefaultOIDFunction
CryptRegisterOIDFunction
CertEnumSystemStoreLocation
CertDuplicateCertificateChain
CryptUnregisterOIDInfo
CryptMsgOpenToEncode
CryptMsgGetParam
CryptDecryptAndVerifyMessageSignature
CertOpenSystemStoreW
CertAddEnhancedKeyUsageIdentifier
CertCompareCertificateName
CryptFreeOIDFunctionAddress
CryptGetDefaultOIDFunctionAddress
PFXVerifyPassword
CertAddEncodedCertificateToSystemStoreA
CryptProtectData
CryptVerifyDetachedMessageHash
CertGetSubjectCertificateFromStore
CryptEncryptMessage
CertEnumCTLContextProperties
CryptHashToBeSigned
CertFindSubjectInSortedCTL
CertSetCTLContextProperty
CertDuplicateCertificateContext
CryptUnprotectData
CryptMemRealloc
CertFreeCertificateContext
CertVerifyCRLTimeValidity
CertFindExtension
CryptMsgDuplicate
CertGetValidUsages
CertAddCTLContextToStore
CertSerializeCertificateStoreElement
CertFindCertificateInCRL
CertEnumSystemStore
CertCreateSelfSignCertificate
CryptGetMessageCertificates
CertAddEncodedCertificateToStore

imm32

ImmIsUIMessageA
ImmGetGuideLineA
ImmGetCandidateListA
ImmSetCompositionFontA
ImmSetCompositionStringW
ImmGetStatusWindowPos
ImmGetConversionStatus
ImmSimulateHotKey

iphlpapi

GetIpErrorString
SetIpNetEntry
AddIPAddress
GetIpNetTable
GetPerAdapterInfo
SetIpStatistics
SetTcpEntry
CancelIPChangeNotify
GetIpStatistics
NhpAllocateAndGetInterfaceInfoFromStack
IpRenewAddress
NotifyRouteChange
GetUdpTable
GetUniDirectionalAdapterInfo
GetAdapterOrderMap
CreateIpNetEntry
DeleteIpNetEntry
EnableRouter
NotifyAddrChange
GetExtendedUdpTable
GetIcmpStatistics
FlushIpNetTable
GetBestInterfaceEx
UnenableRouter
GetBestRoute
GetExtendedTcpTable
IpReleaseAddress
GetTcpStatistics
SendARP
GetRTTAndHopCount
GetAdaptersInfo
GetInterfaceInfo
GetIfTable
GetIpStatisticsEx
GetAdapterIndex

msi

ord102
ord256
ord130
ord111
ord70
ord82
ord157
ord216
ord237
ord261
ord271
ord281
ord274
ord85
ord90
ord241
ord209
ord113
ord175
ord172
ord71
ord93
ord83
ord263
ord8
ord258
ord9
ord208
ord59
ord95
ord181
ord6
ord245
ord141
ord66
ord45
ord228
ord84
ord217
ord225
ord223
ord226
ord15
ord240
ord88
ord195
ord107
ord126
ord101
ord68
ord81
ord43
ord89
ord131
ord112
ord259
ord109
ord269
ord238
ord194
ord104
ord156
ord67
ord190
ord262
ord275
ord94
ord247
ord36
ord255
ord179
ord224
ord173
ord239
ord272
ord42
ord270
ord60

msimg32

AlphaBlend
GradientFill

mswsock

AcceptEx
GetAcceptExSockaddrs
TransmitFile
WSARecvEx

Sections

.text
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7e34084957023618f09862a71fb22cb0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

shlwapi

gdi32

ws2_32

netapi32

comdlg32

comsvcs

crypt32

imm32

iphlpapi

msi

msimg32

mswsock

Sections

.text Size: 169KB - Virtual size: 168KB

.rdata Size: 68KB - Virtual size: 68KB

.data Size: 4KB - Virtual size: 21KB

.text
Size: 169KB - Virtual size: 168KB

.rdata
Size: 68KB - Virtual size: 68KB

.data
Size: 4KB - Virtual size: 21KB