a44fe48288826c4072e91d5b83bc72d4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a44fe48288826c4072e91d5b83bc72d4_JaffaCakes118
Size

311KB
MD5

a44fe48288826c4072e91d5b83bc72d4
SHA1

2828a1486f0921a0007b286393306e06fcb8f6ee
SHA256

c93876eeb9f993d67a2473093e340fb4ea75f8472e0495f72f0e0bd5cc7d6eb9
SHA512

f3c75532e322d5062eb670a9e8c946e7238fdcf42c29e93f23b44f34ad3243092f1050e7acea902fd065dd546b32ce7973f562beb4b0414bf94685a931a2a733
SSDEEP

6144:MTgamwVk/ZB4HTYeTffH8EZU3cC162S6G51Q2+:MTgamwe/7MzZ0cT26XQ2+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a44fe48288826c4072e91d5b83bc72d4_JaffaCakes118

Files

a44fe48288826c4072e91d5b83bc72d4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d5c39b3137e593831fea515da1ba2bc6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

comctl32

InitCommonControls
ImageList_Destroy

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
OffsetViewportOrgEx
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
PatBlt
LPtoDP
DPtoLP
GetTextColor
GetBkColor
GetMapMode
SetViewportOrgEx
SetMapMode
SetBkMode
GetStockObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
GetObjectA
GetClipBox
GetDeviceCaps
SetTextColor
SetBkColor
CreateFontA
SelectObject
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateDIBitmap
DeleteObject

kernel32

WritePrivateProfileStringA
GetFileAttributesA
GetFullPathNameA
GetFileTime
SetErrorMode
DuplicateHandle
GetCurrentProcess
FlushFileBuffers
LockFile
UnlockFile
FindClose
FindFirstFileA
GetVolumeInformationA
RtlUnwind
GetStartupInfoA
GetCommandLineA
RaiseException
TerminateProcess
HeapReAlloc
HeapSize
GetACP
GetTimeZoneInformation
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
FileTimeToLocalFileTime
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProfileStringA
FreeLibrary
GetProcAddress
LoadLibraryA
ExitProcess
GetLastError
CreateMutexA
GetModuleHandleA
GetTickCount
lstrcatA
lstrcpyA
lstrcpynA
GlobalFree
GlobalAlloc
GetModuleFileNameA
GlobalLock
FileTimeToSystemTime
FormatMessageA
GetThreadLocale
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
SizeofResource
GlobalFlags
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
lstrlenA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
ReleaseMutex
CloseHandle
lstrcmpA
lstrlenW
WideCharToMultiByte
MulDiv
SetLastError
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LockResource
FindResourceA
LoadResource
SetFilePointer
SetFileAttributesA
SetEndOfFile
RtlZeroMemory
ReadFile
HeapFree
HeapAlloc
GlobalUnlock
GetWindowsDirectoryA
GetVersion
GetThreadContext
GetSystemTime
GetSystemDirectoryA
GetProcessHeap
GetCurrentThreadId
GetCurrentThread
CreateThread
GetExitCodeProcess
Sleep
lstrcmpiA
GetFileSize
CreateFileA
WriteFile
DeleteFileA
WriteProcessMemory
OpenProcess
GetVersionExA

oleaut32

VariantChangeType
SysAllocStringByteLen
SysAllocString
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
VariantTimeToSystemTime
SysStringLen
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
SysFreeString
VariantClear

olepro32

OleCreateFontIndirect

user32

PtInRect
GetDesktopWindow
GetSysColorBrush
DestroyMenu
CharNextA
LoadStringA
CopyAcceleratorTableA
SetRect
GetNextDlgGroupItem
MessageBeep
InflateRect
CharUpperA
RegisterClipboardFormatA
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
GrayStringA
TabbedTextOutA
GetWindowDC
ClientToScreen
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
ShowWindow
MoveWindow
IsDialogMessageA
IsDlgButtonChecked
UpdateWindow
MapWindowPoints
DispatchMessageA
GetFocus
SetFocus
AdjustWindowRectEx
ScreenToClient
IsWindowVisible
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
MessageBoxA
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
CreateWindowExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetParent
IsWindowEnabled
PostThreadMessageA
GetClassNameA
WaitForInputIdle
SetDlgItemTextA
GetDlgItemTextA
SendDlgItemMessageA
IsWindow
GetWindowThreadProcessId
SetWindowPos
SetActiveWindow
GetDC
EnumDisplaySettingsA
ChangeDisplaySettingsA
ReleaseDC
PostMessageA
FindWindowExA
InvalidateRect
MapDialogRect
SetWindowContextHelpId
CopyRect
wsprintfA
PeekMessageA
GetWindowRect
IsIconic
GetSystemMetrics
DrawIcon
FindWindowA
SendMessageA
LoadIconA
EnableWindow
GetCursorPos
WindowFromPoint
RedrawWindow
BeginPaint
GetSysColor
GetClientRect
DrawTextA
EndPaint
GetWindowLongA
CallWindowProcA
LoadCursorA
SetCursor
SetWindowTextA
GetDlgItem
SetWindowLongA
SetTimer
IsWindowUnicode
DefDlgProcA
DrawFocusRect
ExcludeUpdateRgn
ShowCaret
HideCaret
UnregisterClassA
SetWindowsHookExA

wgshell

DeRegisterShell
RegisterShell

wininet

InternetOpenA
InternetConnectA
HttpSendRequestA
HttpOpenRequestA
HttpQueryInfoA
InternetCloseHandle

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

ws2_32

WSASocketA
WSACleanup
send
htonl
sendto
setsockopt
recv
inet_ntoa
closesocket
htons
inet_addr
socket
WSAStartup
connect
WSAAsyncSelect

comdlg32

GetFileTitleA

ole32

OleInitialize
StgOpenStorageOnILockBytes
CoGetClassObject
CreateILockBytesOnHGlobal
CoTaskMemFree
CLSIDFromProgID
CLSIDFromString
StgCreateDocfileOnILockBytes
CoTaskMemAlloc
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize

oledlg

OleUIBusyA

Sections

,�+{rn�
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

,�*dr��
Size: 44KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

,�*dr��
Size: 50KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

,�9uan�
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.PLL621
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d5c39b3137e593831fea515da1ba2bc6

Headers

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

oleaut32

olepro32

user32

wgshell

wininet

winspool.drv

ws2_32

comdlg32

ole32

oledlg

Sections

,�+{rn� Size: 168KB - Virtual size: 168KB

,�*dr�� Size: 44KB - Virtual size: 48KB

,�*dr�� Size: 50KB - Virtual size: 68KB

,�9uan� Size: 18KB - Virtual size: 20KB

.PLL621 Size: 27KB - Virtual size: 28KB

,�+{rn�
Size: 168KB - Virtual size: 168KB

,�*dr��
Size: 44KB - Virtual size: 48KB

,�*dr��
Size: 50KB - Virtual size: 68KB

,�9uan�
Size: 18KB - Virtual size: 20KB

.PLL621
Size: 27KB - Virtual size: 28KB