731cc7c23b0af1a69ce2df686aff11da_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

731cc7c23b0af1a69ce2df686aff11da_JaffaCakes118
Size

444KB
MD5

731cc7c23b0af1a69ce2df686aff11da
SHA1

bb31ddf3ccb91fe315478e7c51c0436375f91031
SHA256

dfd5d5ccbc29fbfbc5aeafb0c06c73c250427b806eded3a1ea7a68c2fd4568ca
SHA512

26993eeab89f80914723c254bad409645e4bac79b5ed983a35271646a8bfc643bb8cd5f5da82355a88aa758eb8218cc22532d2310a0862e6df25c406be0d455c
SSDEEP

6144:tofP9elcFV8EwoGEf0CbX5koewDhmXacURJIRNSSwLkcQstwKnrJnT3rIVTavDaE:tRGKSjzbTX+acdSSwPtwkT3rGTuDani

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
731cc7c23b0af1a69ce2df686aff11da_JaffaCakes118

Files

731cc7c23b0af1a69ce2df686aff11da_JaffaCakes118
.exe windows:5 windows x86 arch:x86

074440e47d665ea112bb50df5e6b1d2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??1type_info@@UAE@XZ
memmove
_wtoi
_HUGE
floor
ceil
_XcptFilter
bsearch
_CIsqrt
_vsnprintf
_itow
_vsnwprintf
_onexit
_lock
__dllonexit
_unlock
_adjust_fdiv
_amsg_exit
_initterm
free
malloc
__CxxFrameHandler
_CxxThrowException
memcpy
memset

kernel32

GetCurrentProcess
HeapDestroy
GetModuleFileNameW
GlobalUnlock
GlobalLock
GlobalAlloc
FreeLibrary
lstrlenA
GetFileSize
CreateFileW
GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
GetUserDefaultLCID
HeapAlloc
HeapFree
HeapReAlloc
GetVersion
GetProcAddress
GetProcessHeap
FreeLibraryAndExitThread
SetEvent
CreateEventW
GetModuleHandleExW
WaitForMultipleObjectsEx
CreateThread
CloseHandle
LoadLibraryW
WaitForSingleObjectEx
GlobalFree
GlobalHandle
GlobalSize
GlobalReAlloc
RtlUnwind
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WriteFile
GetTimeZoneInformation
GetSystemTime
SystemTimeToFileTime
ReadFile
GetLocalTime
DisableThreadLibraryCalls
lstrcmpiW
GetVersionExW
VirtualProtect
VirtualAlloc
GetSystemInfo
GetCurrentThreadId
CompareStringW
VirtualQuery
lstrlenW
MultiByteToWideChar
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection

user32

GetSystemMetrics
DestroyWindow
LoadImageW
PostMessageW
FillRect
CopyRect
SetRect
IsCharAlphaNumericW
IsCharAlphaW
CharUpperW
ReleaseCapture
GetWindowLongW
PeekMessageW
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjects
LoadStringW
DefWindowProcW
CreateWindowExW
RegisterClassExW
SetWindowLongW
SystemParametersInfoW
MapWindowPoints
EqualRect
IntersectRect
KillTimer
SetTimer
RegisterClassW
ReleaseDC
GetDC
SetRectEmpty

gdi32

SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
SetBkColor
SetTextColor
BitBlt
DeleteObject
DeleteDC
SetPixel
GetDeviceCaps
StretchBlt
SetStretchBltMode
CreateSolidBrush
GetPaletteEntries
GetObjectW
CreateDIBSection
GetPixel

advapi32

RegEnumKeyExW
RegDeleteKeyW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
IsTextUnicode
RegSetValueExW
RegQueryInfoKeyW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
StringFromCLSID
CoCreateInstance
CLSIDFromString
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
StringFromGUID2
OleRun

oleaut32

VariantClear
SysStringByteLen
VariantInit
SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString
VariantCopy
VariantChangeType
LoadRegTypeLi
SetErrorInfo
CreateErrorInfo
LoadTypeLi
VariantChangeTypeEx
GetErrorInfo
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData

urlmon

CoInternetCombineUrl
FindMimeFromData
URLDownloadToCacheFileW
CoGetClassObjectFromURL
CreateAsyncBindCtx
CompatFlagsFromClsid

wininet

InternetCrackUrlW
InternetCombineUrlW
InternetGetConnectedStateExW

ddraw

DirectDrawCreate

shlwapi

PathFindExtensionW
ord158
SHRegGetValueW
StrStrIW
StrCSpnIW
StrStrW
PathFileExistsW
StrCmpW
wnsprintfW
StrSpnW
StrRChrW
StrCmpNW
StrCmpIW
ord2
StrCmpNIW
PathAppendW
ord29
PathFindFileNameW

rpcrt4

NdrDllGetClassObject
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
CStdStubBuffer_CountRefs
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fhj5
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fhj50
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fhj51
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fhj52
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fhj53
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fhj54
Size: 512B - Virtual size: 222B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fhj55
Size: 512B - Virtual size: 222B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fhj56
Size: 512B - Virtual size: 222B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fhj57
Size: 512B - Virtual size: 222B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fhj58
Size: 512B - Virtual size: 222B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fhj59
Size: 512B - Virtual size: 222B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.1231
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JAKS
Size: 512B - Virtual size: 134B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.GAHS
Size: 512B - Virtual size: 194B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HAJS
Size: 512B - Virtual size: 166B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HnJS
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 310B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

074440e47d665ea112bb50df5e6b1d2a

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

advapi32

ole32

oleaut32

urlmon

wininet

ddraw

shlwapi

rpcrt4

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 2KB - Virtual size: 2KB

.fhj5 Size: 512B - Virtual size: 180B

.fhj50 Size: 512B - Virtual size: 202B

.fhj51 Size: 512B - Virtual size: 176B

.fhj52 Size: 200KB - Virtual size: 200KB

.fhj53 Size: 200KB - Virtual size: 200KB

.fhj54 Size: 512B - Virtual size: 222B

.fhj55 Size: 512B - Virtual size: 222B

.fhj56 Size: 512B - Virtual size: 222B

.fhj57 Size: 512B - Virtual size: 222B

.fhj58 Size: 512B - Virtual size: 222B

.fhj59 Size: 512B - Virtual size: 222B

.1231 Size: 512B - Virtual size: 244B

.JAKS Size: 512B - Virtual size: 134B

.GAHS Size: 512B - Virtual size: 194B

.HAJS Size: 512B - Virtual size: 166B

.HnJS Size: 512B - Virtual size: 200B

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 512B - Virtual size: 310B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 2KB - Virtual size: 2KB

.fhj5
Size: 512B - Virtual size: 180B

.fhj50
Size: 512B - Virtual size: 202B

.fhj51
Size: 512B - Virtual size: 176B

.fhj52
Size: 200KB - Virtual size: 200KB

.fhj53
Size: 200KB - Virtual size: 200KB

.fhj54
Size: 512B - Virtual size: 222B

.fhj55
Size: 512B - Virtual size: 222B

.fhj56
Size: 512B - Virtual size: 222B

.fhj57
Size: 512B - Virtual size: 222B

.fhj58
Size: 512B - Virtual size: 222B

.fhj59
Size: 512B - Virtual size: 222B

.1231
Size: 512B - Virtual size: 244B

.JAKS
Size: 512B - Virtual size: 134B

.GAHS
Size: 512B - Virtual size: 194B

.HAJS
Size: 512B - Virtual size: 166B

.HnJS
Size: 512B - Virtual size: 200B

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 310B