78bbc4cd7adf77ab6bd566abd4cbb203_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

78bbc4cd7adf77ab6bd566abd4cbb203_JaffaCakes118
Size

464KB
MD5

78bbc4cd7adf77ab6bd566abd4cbb203
SHA1

4a43b769d3d9b6ce397002b32cf16613e6ed801f
SHA256

8eb946b485b108eecf77f637828973f8c4d93cbcac039e843fd2d6746747722e
SHA512

d1a8d8d9fe885079d44c9beaf9002f3238d1025a3c01af1b51fe9c9f31dd47463f7c059100626449d0e0614cf145048402fb14d908e307c6429dc7c96cdb2fc7
SSDEEP

6144:ylPiOcmQcN+dMsRoxqALFGq4ZqMbUVXSSryJy7y/v0WwJq8YyJuOUpddmIIX:yJcY+KsRo1p9URQViSrydMtfYmulXAX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78bbc4cd7adf77ab6bd566abd4cbb203_JaffaCakes118

Files

78bbc4cd7adf77ab6bd566abd4cbb203_JaffaCakes118
.exe windows:4 windows x86 arch:x86

91f8687b091365c0af1b99f7a0ba53e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCrackUrlW
InternetCanonicalizeUrlW

msvcrt

memmove
_wcsnicmp
strtok
_wcsicmp
wcscat
wcsrchr
wcscpy
wcschr
swprintf
_wtol
_vsnwprintf
_purecall
_itow
wcscmp
_adjust_fdiv
iswprint
_initterm
wcsncpy
_except_handler3
iswspace
free
_stricmp
_ltow
strtoul
wcslen
malloc

ntdll

NtAllocateVirtualMemory

kernel32

GlobalLock
MapViewOfFile
SetEndOfFile
DeleteFileW
LocalReAlloc
OutputDebugStringA
DisableThreadLibraryCalls
MulDiv
SetFilePointer
LoadLibraryW
CreateFileMappingA
lstrlenW
GlobalUnlock
SetLastError
GetTickCount
lstrcpyA
GetCurrentProcessId
lstrcmpA
LocalFree
LocalAlloc
GetLastError
CreateFileA
GetModuleHandleA
UnhandledExceptionFilter
UnmapViewOfFile
CompareStringA
Sleep
GetComputerNameExW
LoadLibraryExA
ExpandEnvironmentStringsW
QueryPerformanceCounter
GetVersionExA
GetLocalTime
GlobalFree
FileTimeToLocalFileTime
GetCurrentThread
GetCurrentThreadId
GetModuleFileNameW
CompareStringW
lstrcatA
GetTimeFormatA
CompareFileTime
CreateFileW
GetProcAddress
FreeLibrary
LeaveCriticalSection
WriteFile
EnterCriticalSection
ExpandEnvironmentStringsA
GetUserDefaultLCID
GetDateFormatW
InterlockedCompareExchange
InitializeCriticalSection
DeleteCriticalSection
FileTimeToSystemTime
LoadResource
LoadLibraryA
GetCurrentProcess
GetACP
GetModuleHandleW
CloseHandle
SetUnhandledExceptionFilter
WideCharToMultiByte
DelayLoadFailureHook
FindResourceA
SystemTimeToFileTime
GlobalAlloc
TerminateProcess
FreeResource
GetTimeFormatW
GetComputerNameW
GetDateFormatA
FormatMessageW
GetSystemTimeAsFileTime
GetCurrentDirectoryW
lstrlenA
GetFileSize
MultiByteToWideChar
LockResource

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

gdi32

DeleteDC
CreateCompatibleDC
RealizePalette
GetBkColor
CreateFontIndirectA
CreateFontIndirectW
SetPixel
GetObjectA
DeleteObject
CreateCompatibleBitmap
CreateBitmap
SetBkColor
SelectPalette
CreateDIBitmap
GetObjectW
CreatePalette
GetDeviceCaps
BitBlt
SelectObject
GetTextExtentPoint32W

shlwapi

PathUndecorateW
StrCmpNIW
PathFindFileNameW

netapi32

NetApiBufferFree
NetGetDCName
DsGetDcNameW

crypt32

CertGetValidUsages
CertCreateCertificateChainEngine
CertCompareCertificate
CryptInitOIDFunctionSet
CryptMsgUpdate
PFXImportCertStore
CertFindExtension
CryptFreeOIDFunctionAddress
CertEnumSystemStore
CertGetCRLFromStore
CertDuplicateCertificateContext
CertGetCertificateChain
CertSaveStore
CertGetPublicKeyLength
CertEnumCertificatesInStore
CertSetEnhancedKeyUsage
CertGetCertificateContextProperty
CertFreeCertificateChainEngine
CryptFormatObject
CertSetCertificateContextProperty
CryptAcquireCertificatePrivateKey
CertFreeCRLContext
CryptMsgOpenToDecode
CertDuplicateStore
CertOpenStore
CertCloseStore
CertEnumCTLsInStore
CertAddCRLContextToStore
CertNameToStrW
PFXVerifyPassword
CertCreateCertificateContext
CryptMsgControl
CryptQueryObject
CryptMsgVerifyCountersignatureEncoded
CryptSIPRetrieveSubjectGuid
CertGetCTLContextProperty
CertFindCertificateInStore
CertVerifyTimeValidity
CryptEnumOIDInfo
CryptMsgEncodeAndSignCTL
CertFreeCertificateChain
CertDeleteCertificateFromStore
CertFindCRLInStore
CertSetCTLContextProperty
CryptFindLocalizedName
CryptGetDefaultOIDFunctionAddress
CryptDecodeObject
PFXExportCertStore
CertEnumPhysicalStore
CertFindAttribute
CertFindCTLInStore
CertFreeCTLContext
CryptMsgClose
CertAddCTLContextToStore
CryptBinaryToStringA
CryptEncodeObject
CertGetEnhancedKeyUsage
CertGetStoreProperty
PFXExportCertStoreEx
CryptMsgDuplicate
CryptFindOIDInfo
CertAddCertificateContextToStore
CertGetSubjectCertificateFromStore
CertGetNameStringW
CryptFindCertificateKeyProvInfo
CryptMsgGetParam
CertFreeCertificateContext
CertCreateCTLContext
CryptGetDefaultOIDDllList
CryptDecodeObjectEx

advapi32

OpenProcessToken
FreeSid
RegEnumValueW
EqualSid
GetUserNameW
StartServiceW
GetTokenInformation
CryptGetUserKey
RegQueryInfoKeyA
LockServiceDatabase
OpenThreadToken
CryptAcquireContextA
CryptReleaseContext
QueryServiceStatus
AllocateAndInitializeSid
RegEnumValueA
CryptDestroyKey
RegSetValueExA
ChangeServiceConfigA
RegEnumKeyExW
OpenSCManagerW
RegCreateKeyExA
ControlService
UnlockServiceDatabase
RegQueryValueExW
OpenServiceW
RegOpenKeyExW
RegSetValueExW
CryptGetKeyParam
DuplicateToken
CloseServiceHandle
CryptSetProvParam
RegQueryValueExA
QueryServiceConfigA
StartServiceA
RegCreateKeyExW
RegEnumKeyExA
RegOpenKeyExA
CryptAcquireContextW
CryptGetProvParam
RegCloseKey

wintrust

WintrustGetDefaultForUsage
WTHelperProvDataFromStateData
WinVerifyTrustEx
TrustIsCertificateSelfSigned
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperGetKnownUsages

user32

SendDlgItemMessageW
SetCapture
SetDlgItemInt
SendMessageA
MessageBoxW
PostMessageA
DestroyIcon
InvalidateRect
DrawTextExW
IsWindowVisible
GetMonitorInfoW
GetFocus
CallWindowProcA
LoadCursorA
EndPaint
GetUpdateRect
GetParent
MonitorFromWindow
GetDlgItemTextW
DestroyWindow
ReleaseCapture
RegisterClipboardFormatA
SetWindowLongA
SetWindowPos
SetDlgItemTextW
PeekMessageA
DialogBoxParamW
IsDlgButtonChecked
MapDialogRect
GetWindowDC
SendDlgItemMessageA
CopyRect
LoadIconA
wsprintfA
IsWindowEnabled
GetWindowLongA
SetCursor
ReleaseDC
PostMessageW
GetWindow
GetDlgItemTextA
SendMessageW
MoveWindow
GetDC
GetDlgItemInt
GetClientRect
MessageBoxExW
CheckRadioButton
DrawIcon
SetFocus
SetRect
GetWindowRect
CreateWindowExA
UpdateWindow
EnableWindow
GetDesktopWindow
LoadStringW
GetDlgItem
GetNextDlgTabItem
SetWindowTextA
CreateWindowExW
GetSysColorBrush
WinHelpW
GetWindowTextW
SetWindowTextW
EndDialog
SetClassLongA
LoadStringA
MapWindowPoints
LoadCursorW
GetWindowLongW
DrawFocusRect
LoadBitmapW
BeginPaint
ShowWindow
SetWindowLongW
FillRect
GetSysColor
GetDialogBaseUnits
SystemParametersInfoA

rpcrt4

NdrClientCall2
RpcEpResolveBinding
RpcBindingFree
RpcNetworkIsProtseqValidA
RpcBindingFromStringBindingA
UuidToStringA
UuidCreate
RpcStringBindingComposeA
RpcStringFreeA

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 952KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 428KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

91f8687b091365c0af1b99f7a0ba53e3

Headers

File Characteristics

Imports

wininet

msvcrt

ntdll

kernel32

version

gdi32

shlwapi

netapi32

crypt32

advapi32

wintrust

user32

rpcrt4

Sections

.text Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 20B

.rsrc Size: 10KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 952KB

.rdata Size: 428KB - Virtual size: 428KB

.text
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 20B

.rsrc
Size: 10KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 952KB

.rdata
Size: 428KB - Virtual size: 428KB