9444770adafa3bdbc3f1217deeff17fe_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

9444770adafa3bdbc3f1217deeff17fe_JaffaCakes118
Size

201KB
MD5

9444770adafa3bdbc3f1217deeff17fe
SHA1

9e0df80ec74c96a53107e581355a1d4807f2c39e
SHA256

78c57d715bb2c506c42e4f4c1949090d196d3738594acc9788bf649ffc228f57
SHA512

24486d6032dca30c94ecadcadc0175a950154fd7c2cab22b7f20840ef20639865af6d91254eb4a3e905c5375783960dcb2451eb9e963872e8c251474ee8f7769
SSDEEP

6144:AoqqDLjE+7NqhTkc6WrPEFW9TeIn2hW0xQbpBiEaSwLBCsp0KEu:Atqnjr786WrPz2PMuSw13Eu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9444770adafa3bdbc3f1217deeff17fe_JaffaCakes118

Files

9444770adafa3bdbc3f1217deeff17fe_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b3305920c4bfa6d37551eefa6e9dd010

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileW
SetEndOfFile
CreateProcessW
HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
GetLogicalDriveStringsW
HeapFree
CreateDirectoryW
GetProcessHeap
SetFileTime
VirtualQueryEx
Thread32First
WideCharToMultiByte
ReadProcessMemory
HeapDestroy
HeapCreate
lstrcpynW
Thread32Next
ReadFile
GetTimeZoneInformation
MultiByteToWideChar
lstrlenW
GetTempPathW
GetFileSizeEx
OpenMutexW
LeaveCriticalSection
VirtualProtectEx
VirtualAllocEx
FindClose
CreateMutexW
QueryDosDeviceW
FindNextFileW
GetFileTime
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
GetFileInformationByHandle
SetFileAttributesW
SetHandleInformation
CreatePipe
ResetEvent
GetUserDefaultUILanguage
TlsGetValue
TlsSetValue
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
TlsAlloc
TlsFree
GetThreadContext
SetThreadContext
GetProcessId
lstrcmpiA
WTSGetActiveConsoleSessionId
InitializeCriticalSection
WriteFile
GetLocalTime
SetThreadPriority
GetCurrentThread
ReleaseMutex
GetCurrentThreadId
SetLastError
GetTickCount
LoadLibraryA
HeapReAlloc
GetTempFileNameW
FileTimeToDosDateTime
GetEnvironmentVariableW
GetSystemTime
GetCurrentProcess
DeleteFileW
TerminateProcess
MoveFileExW
GlobalUnlock
GlobalLock
EnterCriticalSection
FlushFileBuffers
RemoveDirectoryW
CreateFileW
VirtualAlloc
GetFileAttributesW
IsBadReadPtr
ExpandEnvironmentStringsW
GetPrivateProfileIntW
LoadLibraryW
GetPrivateProfileStringW
FreeLibrary
CreateThread
WriteProcessMemory
GetCurrentProcessId
DuplicateHandle
OpenEventW
GetFileAttributesExW
VirtualProtect
GetModuleHandleA
lstrcmpiW
GetProcAddress
ExitThread
GetNativeSystemInfo
GetModuleFileNameW
CreateEventA
Sleep
VirtualFree
GetModuleHandleW
SetEvent
GetComputerNameW
SetErrorMode
GetCommandLineW
ExitProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
VirtualFreeEx
OpenProcess
CreateRemoteThread
CloseHandle
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
LocalFree
GetVersionExW
GetLastError

user32

EndPaint
GetUpdateRgn
GetWindowDC
FillRect
DrawEdge
BeginPaint
GetUpdateRect
IntersectRect
GetDCEx
PostThreadMessageW
EqualRect
PrintWindow
DefWindowProcW
GetSystemMetrics
GetTopWindow
CharLowerW
WindowFromPoint
CharToOemW
GetDC
CharLowerA
ReleaseDC
CharUpperW
SetWindowLongW
GetWindow
DefMDIChildProcW
TranslateMessage
GetKeyboardState
GetClipboardData
ToUnicode
CharLowerBuffA
MapVirtualKeyW
GetShellWindow
RegisterClassA
DefFrameProcW
CallWindowProcW
EndMenu
CreateDesktopW
SetProcessWindowStation
CloseWindowStation
CreateWindowStationW
GetProcessWindowStation
CloseDesktop
SetThreadDesktop
OpenWindowStationW
RegisterClassExA
RegisterWindowMessageW
GetThreadDesktop
GetMenuItemID
SetKeyboardState
GetSubMenu
DefDlgProcW
DefFrameProcA
OpenInputDesktop
OpenDesktopW
MenuItemFromPoint
GetMenu
RegisterClassExW
GetMenuItemRect
SystemParametersInfoW
TrackPopupMenuEx
GetClassNameW
GetMenuState
LoadImageW
DefWindowProcA
DrawIcon
GetIconInfo
GetMessageA
SwitchDesktop
GetMenuItemCount
DefDlgProcA
DefMDIChildProcA
HiliteMenuItem
RegisterClassW
GetWindowRect
GetMessageW
SetCapture
PostMessageW
GetParent
GetWindowInfo
GetClassLongW
GetCapture
SetCursorPos
GetWindowLongW
GetAncestor
PeekMessageW
PeekMessageA
SetWindowPos
GetCursorPos
SendMessageTimeoutW
IsWindow
ReleaseCapture
GetUserObjectInformationW
DispatchMessageW
CallWindowProcA
SendMessageW
MapWindowPoints
GetMessagePos
GetWindowThreadProcessId
IsRectEmpty
ExitWindowsEx
MessageBoxA
GetKeyboardLayoutList
MsgWaitForMultipleObjects

advapi32

ConvertSidToStringSidW
GetLengthSid
IsWellKnownSid
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegCreateKeyW
RegEnumKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumValueW
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptCreateHash
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegSetValueExW
CryptHashData
InitiateSystemShutdownExW
SetSecurityInfo
CreateProcessAsUserA
EqualSid

shlwapi

PathSkipRootW
StrCmpNIW
PathIsURLW
wvnsprintfA
StrCmpNIA
PathMatchSpecW
PathAddExtensionW
PathCombineW
SHDeleteKeyW
PathRenameExtensionW
SHDeleteValueW
PathAddBackslashW
PathFindFileNameW
PathIsDirectoryW
wvnsprintfW
UrlUnescapeA
PathUnquoteSpacesW
PathQuoteSpacesW
StrStrIW
PathRemoveFileSpecW
StrStrIA
PathRemoveBackslashW

shell32

ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW

secur32

GetUserNameExW

ole32

CoSetProxyBlanket
CoUninitialize
CLSIDFromString
StringFromGUID2
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoCreateInstance

gdi32

DeleteObject
GetDIBits
GetDeviceCaps
CreateDIBSection
SelectObject
RestoreDC
SaveDC
CreateCompatibleDC
SetRectRgn
GdiFlush
DeleteDC
SetViewportOrgEx
CreateCompatibleBitmap

ws2_32

freeaddrinfo
recv
sendto
select
getaddrinfo
recvfrom
getpeername
listen
inet_addr
WSASend
gethostbyname
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
WSAEventSelect
getsockname
accept
closesocket
WSASetLastError
socket
bind
setsockopt
shutdown
WSAGetLastError
send

crypt32

PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
CryptUnprotectData

wininet

InternetReadFile
InternetSetOptionA
HttpOpenRequestA
HttpSendRequestA
InternetQueryOptionA
InternetSetStatusCallbackA
HttpEndRequestW
HttpAddRequestHeadersA
HttpEndRequestA
InternetSetFilePointer
HttpOpenRequestW
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpSendRequestW
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpSendRequestExA
InternetCrackUrlA
InternetCloseHandle
HttpQueryInfoA
InternetConnectA
InternetQueryOptionW
InternetOpenA

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

waveOutGetVolume
PlaySoundA
PlaySoundW
waveOutSetVolume

Sections

.text
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3305920c4bfa6d37551eefa6e9dd010

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

version

winmm

Sections

.text Size: 189KB - Virtual size: 189KB

.data Size: 2KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 189KB - Virtual size: 189KB

.data
Size: 2KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 7KB