8abb20ee937270e6244c4862f97398d7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8abb20ee937270e6244c4862f97398d7_JaffaCakes118
Size

132KB
MD5

8abb20ee937270e6244c4862f97398d7
SHA1

8bd5456c3bf075170ca5df6e2e506f0964a93fd3
SHA256

8185aa66bc71de16e5a7b7dec5a4b30eb94bbced9f56b21384fac7beedee2c26
SHA512

ef7096942fba7f64d5889f60bcf9548c7e006e2912b3767d02dca65fa142bd9910122a15d191be5cc8a48d0b3334e51175ecfc234df3e636b80aba6c2a15989b
SSDEEP

3072:0zY4WznRiBcVZl1OM8f2mVI81nLZ877FrS1:0zY4ahdP2Y81teB8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8abb20ee937270e6244c4862f97398d7_JaffaCakes118

Files

8abb20ee937270e6244c4862f97398d7_JaffaCakes118
.exe windows:0 windows x86 arch:x86

3738b3bebe6d51ba2754ed6b4ae827e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTimeAsFileTime
WritePrivateProfileSectionW
CreateMutexA
FindFirstVolumeMountPointA
Heap32Next
OutputDebugStringA
Heap32ListNext
SetProcessPriorityBoost
ResetEvent
LocalHandle
SwitchToThread
SetConsoleLocalEUDC
GetNumaAvailableMemoryNode
ReadProcessMemory
GetProcessIoCounters
GetProcessPriorityBoost
EnumDateFormatsW
RtlFillMemory
EnumResourceLanguagesA
SetConsolePalette
SetConsoleDisplayMode
GetEnvironmentStringsA
GlobalAddAtomA
SetCurrentDirectoryW
GetSystemDirectoryW
WriteProcessMemory
CreateFileMappingW
CancelTimerQueueTimer
SetDefaultCommConfigA
SetThreadUILanguage
UpdateResourceA
BuildCommDCBAndTimeoutsA
GetConsoleSelectionInfo
GetSystemWow64DirectoryW
VerLanguageNameW
WriteConsoleInputVDMA
RtlCaptureContext
CreateProcessInternalW
MoveFileA
IsWow64Process
InitAtomTable
CloseProfileUserMapping
LockFileEx
MulDiv
GetConsoleCommandHistoryLengthW
FreeConsole
lstrcpynW
WTSGetActiveConsoleSessionId
FindResourceExW
ConvertDefaultLocale
TlsGetValue
AddAtomW
GetProcAddress
PostQueuedCompletionStatus
EnumTimeFormatsW
RegisterWaitForSingleObjectEx
GlobalUnlock
CreateProcessA
GetCurrentActCtx
SetClientTimeZoneInformation
DeleteVolumeMountPointW

user32

wsprintfA
SetSysColors
SetCursorContents
SetLastErrorEx
GetWinStationInfo
TranslateAcceleratorA
InsertMenuW
SetInternalWindowPos
GetKeyState
RegisterDeviceNotificationW
GetMenuStringA
TrackMouseEvent
CreateCursor
MB_GetString
CharPrevA
UpdateWindow
EnumThreadWindows
UpdateLayeredWindow
SetClassLongW
ExitWindowsEx
UnregisterMessagePumpHook
DeleteMenu
GetRegisteredRawInputDevices
GetReasonTitleFromReasonCode
SoftModalMessageBox
EnumWindowStationsW
GetClassNameW
GetProcessDefaultLayout
SendMessageCallbackA
GetMenuItemRect
GetMessageW
SetMenuDefaultItem
GetNextDlgTabItem
SetWindowStationUser
DrawMenuBarTemp
GetWindowRect
MessageBoxIndirectW
LoadCursorA
CheckMenuRadioItem
CallMsgFilterW
DdeDisconnectList
GetClipboardFormatNameA
TranslateAcceleratorW
CreateWindowStationW
GetMessageA
DdeQueryStringW
DdeCreateStringHandleW
SetFocus
DlgDirListA
GetRawInputData
InsertMenuItemW
LoadIconA
GetClipboardOwner
SetDebugErrorLevel
CheckMenuItem
DrawTextExW
CharToOemBuffW
IMPQueryIMEA
GetWindowRgn
RegisterClipboardFormatW
BuildReasonArray
RegisterClipboardFormatA
DrawStateA
GetClassLongA
DrawEdge
SetPropA
GetMessageExtraInfo
GetDlgItemTextA
ValidateRgn
AnimateWindow
TileChildWindows
OpenClipboard
CliImmSetHotKey
GetQueueStatus
GetRawInputBuffer

gdi32

DdEntry47
GetObjectA
NamedEscape
GetCurrentObject
GdiAddFontResourceW
EngEraseSurface
GetFontLanguageInfo
GetDeviceGammaRamp
GetCharWidthA
DdEntry54
GdiPlayPageEMF
GetClipRgn
DeleteDC
GdiEntry10
GdiIsMetaFileDC
GdiAddGlsRecord
BitBlt
GetTextFaceA
UpdateICMRegKeyA
GdiEntry2
GdiTransparentBlt
Polyline
GetICMProfileW
ScaleWindowExtEx
EnumMetaFile

advapi32

RegRestoreKeyW
SaferIdentifyLevel
StartServiceCtrlDispatcherA
ConvertSidToStringSidA
LsaSetInformationTrustedDomain
MD5Init
FlushTraceW
InitializeAcl
GetSidSubAuthorityCount
GetUserNameA
ReadEventLogW
CryptDuplicateHash
WmiQuerySingleInstanceW
AreAllAccessesGranted
RegQueryValueW
LsaFreeMemory
RemoveTraceCallback
RegEnumKeyExA
GetNamedSecurityInfoExW
ConvertStringSidToSidA
CryptSignHashA
RegisterIdleTask
OpenBackupEventLogA
ClearEventLogA
CryptSetKeyParam
GetSecurityInfo
SetSecurityDescriptorGroup
RegOpenKeyExW
SetEntriesInAuditListA
SetSecurityInfoExW
GetAuditedPermissionsFromAclA

comctl32

CreateStatusWindow
ImageList_DrawEx
ImageList_SetOverlayImage
InitMUILanguage
CreatePropertySheetPageA
DrawStatusTextA
ImageList_LoadImage

ole32

BindMoniker
CoFreeLibrary
CreateErrorInfo
CreateFileMoniker
CoGetCurrentProcess
CoCreateInstanceEx
CoDosDateTimeToFileTime
CoCreateGuid

ws2_32

WSAEnumProtocolsW
WSAAccept
WSADuplicateSocketW
sendto
recvfrom

wininet

InternetAutodialCallback
InternetSetFilePointer
InternetQueryOptionA
GopherGetLocatorTypeW
GopherCreateLocatorW
InternetFindNextFileW
UnlockUrlCacheEntryFileA
GetUrlCacheConfigInfoA
RunOnceUrlCache
PrivacySetZonePreferenceW
InternetCrackUrlA
RetrieveUrlCacheEntryFileW
HttpSendRequestExA
CreateUrlCacheGroup

urlmon

IsLoggingEnabledA
CoGetClassObjectFromURL
AsyncGetClassBits
CDLGetLongPathNameW
UrlMkGetSessionOption
RegisterMediaTypes
CoInternetCreateZoneManager
UrlMkBuildVersion
Extract
GetClassFileOrMime
HlinkSimpleNavigateToMoniker

winmm

mmioSetBuffer
mciGetErrorStringW
waveOutUnprepareHeader
waveInMessage
waveInPrepareHeader
waveOutSetPitch
mmioRead
waveOutPause
mciGetDeviceIDA
midiInGetDevCapsA
midiOutClose

sqlunirl

wsprintf_
_GetFileAttributesEx_@12
_SetCurrentDirectory_@4
_CopyEnhMetaFile_@8
_MapVirtualKeyEx_@12
_MessageBox@16
_OemToChar_@8

wsock32

getsockopt
bind
s_perror
listen
EnumProtocolsW
WSAAsyncGetProtoByName
GetServiceW
getprotobyname
inet_addr
WSAAsyncGetHostByAddr
shutdown

crypt32

CertFreeCertificateChain
PFXExportCertStoreEx
CryptAcquireContextU
CertAddStoreToCollection
CertFindSubjectInCTL
CryptEncodeObject
I_CryptGetAsn1Encoder
I_CertSyncStore

d3dim

Direct3DCreateTexture
FlushD3DDevices

msvcirt

??_Eofstream@@UAEPAXI@Z
??0istream@@IAE@ABV0@@Z
??Bios@@QBEPAXXZ
?delbuf@ios@@QAEXH@Z
?getline@istream@@QAEAAV1@PACHD@Z
??_8fstream@@7Bistream@@@
??0fstream@@QAE@HPADH@Z
?fd@ofstream@@QBEHXZ
?lockptr@streambuf@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
?ends@@YAAAVostream@@AAV1@@Z
?get@istream@@QAEAAV1@AAC@Z
?sgetc@streambuf@@QAEHXZ
?unlock@ios@@QAAXXZ
??0iostream@@IAE@ABV0@@Z

Sections

.SdZl
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.J
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_MEM_READ

.uJ
Size: 71KB - Virtual size: 118KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MQyN
Size: 3KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RxQ
Size: 1KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3738b3bebe6d51ba2754ed6b4ae827e2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

comctl32

ole32

ws2_32

wininet

urlmon

winmm

sqlunirl

wsock32

crypt32

d3dim

msvcirt

Sections

.SdZl Size: 24KB - Virtual size: 23KB

.rdata Size: 9KB - Virtual size: 8KB

.J Size: 1KB - Virtual size: 6KB

.uJ Size: 71KB - Virtual size: 118KB

.MQyN Size: 3KB - Virtual size: 30KB

.data Size: 5KB - Virtual size: 6KB

.RxQ Size: 1KB - Virtual size: 41KB

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 3KB - Virtual size: 4KB

.SdZl
Size: 24KB - Virtual size: 23KB

.rdata
Size: 9KB - Virtual size: 8KB

.J
Size: 1KB - Virtual size: 6KB

.uJ
Size: 71KB - Virtual size: 118KB

.MQyN
Size: 3KB - Virtual size: 30KB

.data
Size: 5KB - Virtual size: 6KB

.RxQ
Size: 1KB - Virtual size: 41KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 3KB - Virtual size: 4KB