94fc49c94c05cff65a541d95abf8c96c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

94fc49c94c05cff65a541d95abf8c96c_JaffaCakes118
Size

142KB
MD5

94fc49c94c05cff65a541d95abf8c96c
SHA1

c02d3208d94f2a1b801325aa1a687452e63eba56
SHA256

85ceb80963c1ccea57f985d90cd330d6c4b8fd0b03fa89f8a9f9167eacbef794
SHA512

8a561d38f8c1c827a3092b21d4ef29756e5471350bc57691f8e0fb1f02b593f4262d631cbdac3940b91f19858ecd64d3974205d0a9af158962d62fb574266676
SSDEEP

3072:Jq1EFNWr6U0ps24gQEVsI80QkISoCBXybbOlUsmB3oPteDQ:Jq1E3k90e2FQEmI8RbylNOcWQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94fc49c94c05cff65a541d95abf8c96c_JaffaCakes118

Files

94fc49c94c05cff65a541d95abf8c96c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

02c7424d78572fe1d25c93ba17c215f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapDestroy
HeapCreate
GetFileAttributesW
Thread32Next
ReadFile
GetTimeZoneInformation
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetFileSizeEx
OpenMutexW
GetLastError
SetLastError
VirtualProtectEx
VirtualAllocEx
FindClose
LoadLibraryA
RemoveDirectoryW
WaitForMultipleObjects
FindNextFileW
VirtualProtect
GetFileTime
ReleaseMutex
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
ReadProcessMemory
GetSystemTime
WriteProcessMemory
SetFileAttributesW
CreateThread
LoadLibraryExW
ResetEvent
ExitProcess
GetCommandLineW
SetErrorMode
GetComputerNameW
GetVersionExW
GetModuleFileNameW
OpenEventW
DuplicateHandle
WinExec
GetCurrentProcessId
MoveFileExW
GetUserDefaultUILanguage
lstrcmpiA
GetLocalTime
TlsGetValue
TlsSetValue
TerminateProcess
WTSGetActiveConsoleSessionId
GetNativeSystemInfo
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
VirtualQuery
RtlUnwind
Sleep
WideCharToMultiByte
Thread32First
WriteFile
VirtualQueryEx
SetFileTime
IsBadReadPtr
GetProcessHeap
VirtualFree
GetModuleHandleW
CreateDirectoryW
HeapFree
SetFilePointerEx
SystemTimeToFileTime
HeapAlloc
CreateProcessW
SetEndOfFile
FindFirstFileW
HeapReAlloc
GetTempFileNameW
FileTimeToDosDateTime
GetEnvironmentVariableW
GetFileAttributesExW
GetProcessId
VirtualAlloc
SetThreadContext
GetThreadContext
LocalFree
GetPrivateProfileIntW
GetProcAddress
LoadLibraryW
GetPrivateProfileStringW
FreeLibrary
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
VirtualFreeEx
OpenProcess
CreateRemoteThread
EnterCriticalSection
GlobalUnlock
LeaveCriticalSection
InitializeCriticalSection
GetTickCount
GlobalLock
ExpandEnvironmentStringsW
lstrcmpiW
TlsFree
CloseHandle
TlsAlloc
GetCurrentThreadId
CreateEventW
CreateFileMappingW
SetThreadPriority
GetCurrentThread
SetEvent
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
GetFileInformationByHandle
CreateMutexW
IsDebuggerPresent

user32

GetMessagePos
GetTopWindow
LoadImageW
MsgWaitForMultipleObjects
WindowFromPoint
CharToOemW
GetWindowLongW
CharLowerA
PeekMessageW
CharUpperW
SetWindowLongW
SendMessageTimeoutW
GetWindow
DispatchMessageW
TranslateMessage
GetKeyboardState
GetClipboardData
ToUnicode
ExitWindowsEx
RegisterClassExA
RegisterWindowMessageW
GetThreadDesktop
GetMenuItemID
CreateWindowStationW
ReleaseCapture
GetDCEx
SetCursorPos
GetCapture
GetUpdateRect
GetWindowRect
GetParent
GetClassLongW
GetAncestor
SetWindowPos
IsWindow
MapWindowPoints
FillRect
GetWindowInfo
DrawEdge
IntersectRect
EqualRect
PrintWindow
IsRectEmpty
MapVirtualKeyW
PostMessageW
DrawIcon
GetIconInfo
CharLowerBuffA
CreateDesktopW
SetProcessWindowStation
PeekMessageA
GetCursorPos
GetProcessWindowStation
CloseDesktop
SetCapture
SetThreadDesktop
GetShellWindow
RegisterClassA
GetWindowThreadProcessId
DefFrameProcW
DefWindowProcW
CallWindowProcW
SetKeyboardState
GetSubMenu
DefDlgProcW
DefFrameProcA
OpenInputDesktop
OpenDesktopW
MenuItemFromPoint
GetDC
GetMenu
RegisterClassExW
GetMenuItemRect
TrackPopupMenuEx
SystemParametersInfoW
GetClassNameW
ReleaseDC
GetMenuState
DefWindowProcA
DefMDIChildProcW
EndMenu
CallWindowProcA
OpenWindowStationW
BeginPaint
GetSystemMetrics
EndPaint
GetMessageA
GetUpdateRgn
GetMessageW
GetWindowDC
CloseWindowStation
SendMessageW
GetUserObjectInformationW
RegisterClassW
HiliteMenuItem
DefMDIChildProcA
PostThreadMessageW
DefDlgProcA
GetMenuItemCount
SwitchDesktop
CharLowerW

advapi32

InitiateSystemShutdownExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
RegQueryValueExW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptCreateHash
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegSetValueExW
CryptHashData
IsWellKnownSid
EqualSid
ConvertSidToStringSidW
GetLengthSid

shlwapi

StrCmpNIW
PathQuoteSpacesW
PathRenameExtensionW
wvnsprintfA
StrCmpNIA
PathMatchSpecW
PathRemoveBackslashW
PathUnquoteSpacesW
PathAddExtensionW
PathCombineW
SHDeleteKeyW
PathSkipRootW
SHDeleteValueW
PathAddBackslashW
PathFindFileNameW
PathIsURLW
PathIsDirectoryW
wvnsprintfW
UrlUnescapeA
StrStrIW
PathRemoveFileSpecW
StrStrIA

shell32

CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW

secur32

GetUserNameExW

ole32

StringFromGUID2
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitializeEx

gdi32

DeleteDC
SetViewportOrgEx
DeleteObject
GdiFlush
SetRectRgn
SaveDC
RestoreDC
CreateDIBSection
GetDIBits
GetDeviceCaps
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC

ws2_32

send
closesocket
WSASetLastError
socket
bind
setsockopt
shutdown
WSAGetLastError
WSAEventSelect
WSASend
WSAIoctl
connect
WSAAddressToStringW
listen
accept
getpeername
recvfrom
getaddrinfo
select
getsockname
sendto
recv
freeaddrinfo
WSAStartup

crypt32

CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
PFXImportCertStore
CryptUnprotectData
PFXExportCertStoreEx

wininet

HttpAddRequestHeadersA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpSendRequestW
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpSendRequestExA
InternetQueryOptionA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
HttpQueryInfoA
InternetConnectA
InternetQueryOptionW
InternetCrackUrlA
InternetReadFile
InternetSetOptionA

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02c7424d78572fe1d25c93ba17c215f0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

Sections

.text Size: 134KB - Virtual size: 133KB

.data Size: 1024B - Virtual size: 9KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 134KB - Virtual size: 133KB

.data
Size: 1024B - Virtual size: 9KB

.reloc
Size: 6KB - Virtual size: 5KB