8a197bb6d1c989f33e42e568cb4affec_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8a197bb6d1c989f33e42e568cb4affec_JaffaCakes118
Size

242KB
MD5

8a197bb6d1c989f33e42e568cb4affec
SHA1

936cc39d5d18deab6a5123d0e4d85f62b8ca33d1
SHA256

989179889be82b6aa9d4511c289b82bc764c91f35fddaf8dab00ba698a10eeba
SHA512

b6b0ac53ff7f2be1baa7f9f19b136cddb6b0c0805512a26d144265c693a50f16a1c4aaece95f8296aa67a17f519d86d73b401b53f91e49db6f9c15598b7edc78
SSDEEP

3072:SAA2g7VknVqF7FoWCb7CjctrAtMc6X+JIFz/aE24H7tHnBV5bADdM7w6yQA8dNxl:PRnVIFoWjuctMB+OFTk4bZB236aFQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a197bb6d1c989f33e42e568cb4affec_JaffaCakes118

Files

8a197bb6d1c989f33e42e568cb4affec_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2f46f7871413ff5d684841f5f6973cf0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetTempPathA
CreateDirectoryA
DeleteFileA
RemoveDirectoryA
MoveFileA
CreateMutexA
GetLastError
GetModuleFileNameA
lstrcatA
lstrlenA
ExpandEnvironmentStringsA
GetFileAttributesExA
CreateThread
WaitForSingleObject
TerminateThread
CloseHandle
Sleep
GetLocalTime
GetTickCount
ReadFile
GetProcessHeap
SetEndOfFile
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetFilePointer
InitializeCriticalSectionAndSpinCount
VirtualAlloc
HeapReAlloc
HeapSize
HeapAlloc
FlushFileBuffers
VirtualFree
HeapFree
HeapCreate
HeapDestroy
WriteFile
lstrcpyA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryW
ExitProcess
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsValidCodePage
GetCPInfo
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetStartupInfoA
HeapValidate
IsBadReadPtr
GetProcAddress
TlsGetValue
GetModuleHandleW
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP

user32

wsprintfA

advapi32

RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyA
RegCloseKey
RegOpenKeyExA

ole32

GetClassFile
CoInitialize

shell32

ShellExecuteA

shlwapi

PathIsDirectoryA
PathRemoveBlanksA
PathGetArgsA
PathFindFileNameA
PathFileExistsA

gdi32

GetCharacterPlacementA
CreateBitmap
DeleteObject
UpdateColors
GetBkMode
RemoveFontResourceExA
GetTextExtentExPointI
GetStretchBltMode
ExtTextOutA
CreatePatternBrush
GetTextCharacterExtra
LPtoDP
PolyPolygon
CreatePenIndirect
GetViewportExtEx
GetWinMetaFileBits
GdiComment
SelectClipPath
CreateScalableFontResourceW
GetCharABCWidthsW
SetDIBits
CreateMetaFileA
GetOutlineTextMetricsW
GetFontData
GetTextAlign
PaintRgn
GetDCPenColor
EnumEnhMetaFile
CreateEllipticRgnIndirect
ResetDCA
AddFontResourceExA
PolyDraw
PtInRegion
GetGlyphOutlineA
SetBkColor
EnumFontFamiliesExW
SetICMProfileW
GetTextExtentExPointW
TextOutA
AddFontResourceW
ColorCorrectPalette
EnumObjects
GetTextMetricsW
GetTextExtentPoint32A
SetMetaFileBitsEx
IntersectClipRect
GetDCBrushColor
GetDeviceGammaRamp
GetRandomRgn
GdiAlphaBlend
FlattenPath
ExtSelectClipRgn
SetTextCharacterExtra
GetBkColor
CreatePolygonRgn
GetTextFaceA
GetObjectW
GetGlyphOutlineW
SetSystemPaletteUse
GetCharacterPlacementW
EnumFontFamiliesExA
GetMetaRgn
Escape
SetDCPenColor
EnumFontFamiliesW
AddFontMemResourceEx
SetMapMode
DeleteDC
OffsetClipRgn
GetMiterLimit
LineDDA
GetWindowExtEx
GetAspectRatioFilterEx
CreateEllipticRgn
ExtTextOutW
CreateCompatibleBitmap
StartDocA
SelectPalette
GetCharABCWidthsFloatW
GetKerningPairsA
GetROP2
GetSystemPaletteUse
SetDCBrushColor
GetOutlineTextMetricsA
AbortDoc
GetStockObject
CopyMetaFileW
GetBoundsRect
SetBitmapBits
RemoveFontResourceW
GetTextExtentExPointA
GetColorAdjustment
GetEnhMetaFileDescriptionA
GetCharWidthA
SetViewportOrgEx
GetTextExtentPoint32W
AbortPath
GetCharWidthW
CreatePen
GetCharABCWidthsFloatA
EnumFontsA
GetDeviceCaps
CreateDIBPatternBrushPt
RemoveFontResourceA
RectInRegion

ws2_32

ioctlsocket
closesocket
send
select
htons
socket
gethostbyname
WSAStartup
__WSAFDIsSet
connect
recv

netapi32

Netbios

comdlg32

PageSetupDlgA
ReplaceTextA
GetOpenFileNameW

comsvcs

SafeRef
RecycleSurrogate
MTSCreateActivity
CoCreateActivity

crypt32

CertCompareCertificate
CryptVerifyMessageSignature
CertFindAttribute
CryptMsgCountersign
CryptMsgDuplicate
CertComparePublicKeyInfo
CryptCloseAsyncHandle
CryptStringToBinaryA
CertGetValidUsages
CertCreateCRLContext
CertUnregisterPhysicalStore
PFXImportCertStore
CryptSignMessage
CryptGetAsyncParam
CryptMsgEncodeAndSignCTL
CertDeleteCRLFromStore
CertFindChainInStore
CertAddCRLContextToStore
CertIsValidCRLForCertificate
CertGetNameStringA
CertCompareCertificateName
CertEnumCTLsInStore
CertGetCertificateContextProperty
CertDeleteCertificateFromStore
CertFindExtension
CryptMsgVerifyCountersignatureEncodedEx
CertCreateContext
CryptSignCertificate
CertEnumCertificateContextProperties
CertFreeCertificateContext
CertGetPublicKeyLength
CryptAcquireCertificatePrivateKey
CertFreeCertificateChainEngine
CertGetEnhancedKeyUsage
CryptVerifyCertificateSignatureEx
CryptMsgVerifyCountersignatureEncoded
CertFindCRLInStore
CertAddEncodedCTLToStore
CryptEnumOIDInfo
CryptGetOIDFunctionValue
CryptVerifyDetachedMessageSignature
CryptFindOIDInfo
CertGetIssuerCertificateFromStore
CryptProtectData
CertSetCertificateContextPropertiesFromCTLEntry
CertEnumCertificatesInStore
CryptUnregisterOIDInfo
CertRegisterPhysicalStore
CryptImportPublicKeyInfoEx
CryptDecodeObject
CryptGetMessageSignerCount
CryptMsgOpenToEncode
CryptEnumKeyIdentifierProperties
CryptEncryptMessage
CertFindSubjectInCTL
CertStrToNameA
CertSaveStore
CryptSignMessageWithKey
CryptSignAndEncodeCertificate
CertGetCertificateChain
CertSetCertificateContextProperty
CertAddCTLLinkToStore
CertNameToStrW
CertUnregisterSystemStore
CryptInitOIDFunctionSet
CryptSetKeyIdentifierProperty
CryptUnregisterDefaultOIDFunction
CertSetCTLContextProperty
CryptVerifyMessageSignatureWithKey
CryptExportPKCS8
CryptExportPublicKeyInfo
CryptSetOIDFunctionValue
CertDuplicateCertificateChain
CertAddEncodedCertificateToSystemStoreA
CertCreateCertificateChainEngine
CryptGetDefaultOIDFunctionAddress
CryptMemFree
CryptHashMessage
CryptInstallOIDFunctionAddress
CryptBinaryToStringA
CertIsRDNAttrsInCertificateName
CryptBinaryToStringW
CertEnumSubjectInSortedCTL
CertCreateCTLEntryFromCertificateContextProperties
CryptMsgCalculateEncodedLength

imm32

ImmGetProperty
ImmAssociateContextEx
ImmSetCompositionStringW
ImmEnumRegisterWordA
ImmGetCompositionStringA
ImmUnregisterWordA
ImmGetConversionListA
ImmIsUIMessageA
ImmSetCompositionFontW
ImmGetGuideLineW
ImmGetIMEFileNameA
ImmGetDescriptionW
ImmInstallIMEW
ImmGetCandidateWindow
ImmGetDescriptionA
ImmSetOpenStatus
ImmGetConversionListW
ImmRegisterWordA
ImmDestroyContext
ImmGetImeMenuItemsA
ImmInstallIMEA
ImmGetContext
ImmConfigureIMEW
ImmSetCompositionStringA
ImmGetOpenStatus
ImmSetCompositionWindow
ImmAssociateContext
ImmEnumInputContext
ImmGetCandidateListCountW
ImmGetCompositionStringW
ImmGetCompositionWindow
ImmGetVirtualKey
ImmGetCompositionFontW
ImmGetRegisterWordStyleA
ImmReleaseContext
ImmSimulateHotKey
ImmGetCandidateListCountA
ImmGetImeMenuItemsW
ImmGetGuideLineA

msimg32

TransparentBlt

msvfw32

ICDraw
ICRemove
ICOpen
ICGetInfo
DrawDibBegin
ICSeqCompressFrameEnd
ord2
ICOpenFunction
ICGetDisplayFormat
ICDrawBegin
DrawDibGetBuffer
ICSeqCompressFrameStart
MCIWndCreateW
ICSendMessage
ICLocate
DrawDibClose
ICDecompress
ICCompress

Sections

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2f46f7871413ff5d684841f5f6973cf0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

shlwapi

gdi32

ws2_32

netapi32

comdlg32

comsvcs

crypt32

imm32

msimg32

msvfw32

Sections

.text Size: 168KB - Virtual size: 168KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 4KB - Virtual size: 21KB

.text
Size: 168KB - Virtual size: 168KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 4KB - Virtual size: 21KB