763fcbd55e08c52724685cf1af9b4e17_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

763fcbd55e08c52724685cf1af9b4e17_JaffaCakes118
Size

266KB
MD5

763fcbd55e08c52724685cf1af9b4e17
SHA1

16bb6c2262e7e210a7402d9a80f3d389b4440bc4
SHA256

10e7dd997f35579bac1d0a221427ab4ad968ee654ec9507e47cb3226c6c91d87
SHA512

2d7cae4c32786c20b945c1fff101a1a3e14cf90dbfb1ba8eb4dfd1a5df03084914b5f960f553acfae3e2fa922688ae2a0e6f8c54e1ab6be6dd99a0db9964148e
SSDEEP

3072:067e6oUQYMroyAzXR5XomibZXuHpusoDcgjYUQ5L7a76qKpAb2bHxXw++7byQA8D:r7/wo5XRpo7NXepGjJa7amqCdgIf/Vd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
763fcbd55e08c52724685cf1af9b4e17_JaffaCakes118

Files

763fcbd55e08c52724685cf1af9b4e17_JaffaCakes118
.exe windows:5 windows x86 arch:x86

aac9dd74504052ccbde03e1becf0d675

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
TerminateThread
WaitForSingleObject
CreateThread
GetFileAttributesExA
ExpandEnvironmentStringsA
lstrlenA
lstrcatA
lstrcpyA
GetLastError
CreateMutexA
MoveFileA
RemoveDirectoryA
DeleteFileA
CreateDirectoryA
GetTempPathA
GetCommandLineA
GetModuleFileNameA
Sleep
GetLocalTime
GetTickCount
ReadFile
GetProcessHeap
SetEndOfFile
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetFilePointer
InitializeCriticalSectionAndSpinCount
VirtualAlloc
HeapReAlloc
HeapSize
HeapAlloc
FlushFileBuffers
WriteFile
VirtualFree
HeapFree
HeapCreate
HeapDestroy
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryW
ExitProcess
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetLastError
TlsFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetModuleHandleW
TlsGetValue
GetProcAddress
IsBadReadPtr
HeapValidate
GetStartupInfoA
GetModuleFileNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement

user32

GetClassLongA
wsprintfA

advapi32

RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey

ole32

CoInitialize

shell32

ShellExecuteA

shlwapi

PathFileExistsA
PathIsDirectoryA
PathRemoveBlanksA
PathGetArgsA
PathFindFileNameA

gdi32

SetMapMode
CancelDC
CreateMetaFileA
SetDCPenColor
GetClipBox
GetICMProfileW
EnumFontsW
DeleteColorSpace
GetMetaFileBitsEx
EnumFontFamiliesW
DPtoLP
SetPixelFormat
CreateFontIndirectExW
GetOutlineTextMetricsW
GetGlyphOutlineA
RealizePalette
CreateRectRgn
CombineRgn
SetPixel
MaskBlt
FrameRgn
CreateDCA
CreateHalftonePalette
UnrealizeObject
GetMetaFileW
GetTextExtentPoint32W
PlayMetaFile
GetTextCharacterExtra
GetTextExtentExPointA
GetDIBColorTable
GetStockObject
SetBrushOrgEx
GetCharABCWidthsI
Rectangle
ExtEscape
EnumFontFamiliesExA
EnumICMProfilesA
GetTextExtentPoint32A
ExcludeClipRect
PolyDraw
GetTextColor
SetPixelV
CreateBrushIndirect
AbortPath
BitBlt
GetPaletteEntries
CreateFontIndirectW
SetROP2
OffsetClipRgn
EnumMetaFile
DrawEscape
DescribePixelFormat
SetBkColor
GetTextFaceW
GetCharacterPlacementW
GetLayout
UpdateColors
PatBlt
GetGlyphIndicesA
SetStretchBltMode
SetWindowOrgEx
SetBoundsRect
CreateColorSpaceA
SetSystemPaletteUse
SetPolyFillMode
PtInRegion
Arc
ExtSelectClipRgn
CreateFontA
Polygon
GetTextFaceA
SetWorldTransform
GetSystemPaletteUse
GetTextCharset
CombineTransform
GetBitmapDimensionEx
EqualRgn
GetClipRgn
SetArcDirection
CreatePatternBrush
WidenPath
SetICMProfileA
EnumFontsA
AddFontResourceExW
ExtTextOutA
RoundRect
SetColorAdjustment
GetPolyFillMode
GetRasterizerCaps
GetCharWidthFloatA
GetKerningPairsA
ResetDCW
GetNearestColor
CreateDIBPatternBrushPt
GdiFlush
EnumEnhMetaFile
FillRgn
GetArcDirection
GetEnhMetaFileW
GetTextMetricsA
SetDeviceGammaRamp
StartDocA
SetWindowExtEx
PolyTextOutW
SetMiterLimit
GetGraphicsMode
GetRandomRgn
CreateMetaFileW
AnimatePalette
SaveDC
GetCharWidthA
EnumICMProfilesW
CreateDCW
GetTextExtentPointA
LineTo
AbortDoc
GetCharWidthW
StrokeAndFillPath
SetViewportOrgEx
CreatePolygonRgn
GetStretchBltMode
GetICMProfileA
DeleteMetaFile
PolyBezierTo
IntersectClipRect
GdiTransparentBlt
Polyline
CreateCompatibleBitmap
RectVisible
GetTextExtentPointW
CloseFigure
GetColorSpace
GetCharWidthI
PtVisible
CreatePen
GetLogColorSpaceW
DeleteObject
SwapBuffers
CreateDIBPatternBrush
CreateRoundRectRgn
CreateICW
GetBkColor
SetBitmapBits
AddFontMemResourceEx
OffsetViewportOrgEx
GetEnhMetaFileHeader
GetWindowOrgEx
SetViewportExtEx
Chord
ScaleWindowExtEx
GetMetaFileA
PolyBezier
GetMetaRgn
PolylineTo
GdiSetBatchLimit
ExtCreateRegion
DeleteDC
SetICMProfileW
SetAbortProc
GetPath
RestoreDC
ColorMatchToTarget
AddFontResourceA
CreateHatchBrush
GetCharWidth32A
GetOutlineTextMetricsA
AngleArc
TranslateCharsetInfo
ExtFloodFill
SetDIBColorTable
GetCurrentPositionEx
RectInRegion
Escape
ChoosePixelFormat
GetFontData

ws2_32

recv
closesocket
__WSAFDIsSet
select
connect
ioctlsocket
htons
socket
gethostbyname
WSAStartup
send

netapi32

Netbios

comdlg32

ChooseColorW
PageSetupDlgA
ChooseFontA
GetFileTitleW
GetSaveFileNameW
ReplaceTextW

comsvcs

RecycleSurrogate
CoLeaveServiceDomain
MTSCreateActivity
SafeRef

crypt32

CryptCreateAsyncHandle
CertAddSerializedElementToStore
CryptEnumOIDFunction
CertUnregisterSystemStore
PFXExportCertStore
CertVerifySubjectCertificateContext
CertFindChainInStore
CertStrToNameW
CryptQueryObject
CertNameToStrW
CertSaveStore
CertVerifyCertificateChainPolicy
PFXVerifyPassword
PFXIsPFXBlob
CryptUnregisterDefaultOIDFunction
CryptSetAsyncParam
CertCreateContext
CryptFindCertificateKeyProvInfo
CertRegisterPhysicalStore
CertCreateCRLContext
CertFindCertificateInStore
CertAlgIdToOID
CertDuplicateStore
CryptInstallOIDFunctionAddress
CertGetValidUsages
CertAddEncodedCRLToStore
CertFindCRLInStore
CertAddCTLContextToStore
CertGetCRLFromStore
CertDuplicateCRLContext
CertAddCertificateContextToStore
CertUnregisterPhysicalStore
CertCompareCertificateName
CertVerifyRevocation
CryptGetOIDFunctionValue
CertDuplicateCertificateChain
CertVerifyTimeValidity
CertAddCertificateLinkToStore
CertCreateCTLEntryFromCertificateContextProperties
CertVerifyValidityNesting
CryptHashToBeSigned
CryptSignAndEncryptMessage
CertGetNameStringW
CertFindSubjectInSortedCTL
CertGetIntendedKeyUsage
CryptInitOIDFunctionSet
CryptAcquireCertificatePrivateKey
CertEnumCRLsInStore
CryptMemRealloc
CryptImportPublicKeyInfoEx
CryptMsgEncodeAndSignCTL
CryptVerifyDetachedMessageHash
CryptSetKeyIdentifierProperty
CertEnumCertificateContextProperties
CryptMsgOpenToEncode
CryptSignCertificate
CertDuplicateCTLContext
CryptGetMessageCertificates
CertAddStoreToCollection
CryptMsgControl
CertRDNValueToStrW
CertRegisterSystemStore
CryptSignAndEncodeCertificate
CertOpenSystemStoreA
CryptMsgClose
CertEnumCTLContextProperties
CertFreeCRLContext
CryptStringToBinaryA
CertStrToNameA
CertDeleteCRLFromStore
CertCreateCTLContext
CryptInstallDefaultContext
CryptHashMessage
CryptMsgOpenToDecode
CryptGetKeyIdentifierProperty
CryptRegisterDefaultOIDFunction
CertAddEncodedCertificateToSystemStoreA
CertSerializeCertificateStoreElement

imm32

ImmGetRegisterWordStyleW
ImmRegisterWordA
ImmSetCandidateWindow
ImmEscapeA
ImmGetCompositionStringW
ImmConfigureIMEW
ImmNotifyIME
ImmGetOpenStatus
ImmIsUIMessageA
ImmUnregisterWordA
ImmGetIMEFileNameA
ImmGetConversionListA
ImmGetDescriptionA
ImmSimulateHotKey
ImmEnumInputContext
ImmSetCompositionStringW
ImmGetGuideLineW
ImmGetConversionListW
ImmGetGuideLineA
ImmGetContext
ImmGetCandidateListW
ImmGetCompositionStringA
ImmSetCompositionFontW
ImmGetDefaultIMEWnd
ImmAssociateContext
ImmGetImeMenuItemsW
ImmRegisterWordW
ImmGetRegisterWordStyleA
ImmGetCandidateWindow
ImmSetCompositionStringA
ImmSetCompositionFontA
ImmGetCandidateListCountA
ImmAssociateContextEx
ImmGetCompositionWindow
ImmDisableTextFrameService

iphlpapi

GetNetworkParams
GetAdapterOrderMap
SetIpForwardEntry
NhpAllocateAndGetInterfaceInfoFromStack
GetExtendedTcpTable
SetIpStatistics
GetIpForwardTable
GetTcpStatistics
RestoreMediaSense
SendARP
GetBestInterface
GetNumberOfInterfaces
GetInterfaceInfo
GetIcmpStatistics
GetAdapterIndex
FlushIpNetTable
GetIpStatistics
GetOwnerModuleFromTcpEntry
GetUdpStatisticsEx
CreateIpNetEntry
SetTcpEntry
EnableRouter
SetIfEntry
GetIfEntry
DisableMediaSense
IpReleaseAddress
CancelIPChangeNotify
DeleteIpForwardEntry
NotifyAddrChange
GetIfTable
GetIpNetTable
GetPerAdapterInfo
GetUniDirectionalAdapterInfo
UnenableRouter
GetIpStatisticsEx
GetIpAddrTable
GetIcmpStatisticsEx
DeleteIpNetEntry
GetIpErrorString

msi

ord88
ord203
ord178
ord176
ord137
ord136
ord219
ord202
ord16
ord85
ord82
ord248
ord258
ord218
ord59
ord241
ord224
ord90
ord70
ord247
ord112
ord157
ord209
ord237
ord251
ord272
ord93
ord41
ord89
ord276
ord215
ord175
ord254
ord156
ord216
ord180
ord84
ord67
ord111
ord253
ord208
ord126
ord244
ord229
ord177
ord14
ord275
ord245
ord60
ord94
ord45
ord273

msimg32

TransparentBlt

mswsock

GetAcceptExSockaddrs
WSARecvEx

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aac9dd74504052ccbde03e1becf0d675

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

shlwapi

gdi32

ws2_32

netapi32

comdlg32

comsvcs

crypt32

imm32

iphlpapi

msi

msimg32

mswsock

Sections

.text Size: 171KB - Virtual size: 171KB

.rdata Size: 70KB - Virtual size: 70KB

.data Size: 4KB - Virtual size: 21KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 171KB - Virtual size: 171KB

.rdata
Size: 70KB - Virtual size: 70KB

.data
Size: 4KB - Virtual size: 21KB

.reloc
Size: 18KB - Virtual size: 18KB