a21438cbb78181fe80fc335291f79527_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a21438cbb78181fe80fc335291f79527_JaffaCakes118
Size

259KB
MD5

a21438cbb78181fe80fc335291f79527
SHA1

bbfacf1c45224257aaf3510e563e0437f4c3ed7e
SHA256

46869f3b9d479f72a09ace4f85741761a734eba74925702c448722f161724c50
SHA512

d03dd6a49eee5a23239bc0b92e48ba5df2c2848860b2411551cb0a623075860d92a5955edd29692e2c5977aef0890815a4ccf3538e8f79824b5d58e0a34ea214
SSDEEP

6144:/5PMFD6jJvvZBsCHQBPFpSnpHjPsokMdA+ti63:JjieqFMnpDDkMdDt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a21438cbb78181fe80fc335291f79527_JaffaCakes118

Files

a21438cbb78181fe80fc335291f79527_JaffaCakes118
.exe windows:5 windows x86 arch:x86

95f8e0dd395d4691088afbf27adc9e60

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
FlushFileBuffers
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
InitializeCriticalSectionAndSpinCount
SetFilePointer
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
SetEndOfFile
GetProcessHeap
ReadFile
WriteFile
GetTickCount
GetLocalTime
Sleep
GetModuleFileNameA
GetCommandLineA
GetTempPathA
CreateDirectoryA
DeleteFileA
RemoveDirectoryA
MoveFileA
CreateMutexA
GetLastError
lstrcpyA
lstrcatA
lstrlenA
ExpandEnvironmentStringsA
GetFileAttributesExA
CreateThread
WaitForSingleObject
TerminateThread
CloseHandle
HeapFree
HeapCreate
HeapDestroy
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryW
ExitProcess
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetLastError
TlsFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetModuleHandleW
TlsGetValue
GetProcAddress
IsBadReadPtr
HeapValidate
GetStartupInfoA
GetModuleFileNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement

user32

wsprintfA
GetClassLongA

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegSetValueExA

ole32

CoInitialize

shell32

ShellExecuteA

shlwapi

PathRemoveBlanksA
PathIsDirectoryA
PathFileExistsA
PathGetArgsA
PathFindFileNameA

ws2_32

recv
closesocket
__WSAFDIsSet
select
connect
ioctlsocket
htons
socket
gethostbyname
WSAStartup
send

netapi32

Netbios

comdlg32

GetFileTitleW
FindTextA
GetOpenFileNameW
CommDlgExtendedError
ChooseFontA
PrintDlgW
ReplaceTextA
ChooseFontW
PrintDlgA
PageSetupDlgA
PageSetupDlgW
ChooseColorA
GetSaveFileNameA
ReplaceTextW
FindTextW

comsvcs

CoEnterServiceDomain

crypt32

CryptMemRealloc
CertFindSubjectInSortedCTL
CertVerifyRevocation
CryptImportPublicKeyInfo
CertGetCRLFromStore
CertEnumCRLsInStore
CryptGetAsyncParam
CertFindCertificateInStore
CryptQueryObject
CertFreeCertificateChain
CryptHashPublicKeyInfo
CertCreateCertificateChainEngine
CertFindCTLInStore
CryptExportPublicKeyInfo
CertSetCertificateContextPropertiesFromCTLEntry
CertSetCTLContextProperty
CertDuplicateCRLContext
CertVerifyCertificateChainPolicy
CertEnumSystemStoreLocation
CryptMsgUpdate
CertRDNValueToStrA
CertAddSerializedElementToStore
CryptMsgDuplicate
CertEnumCTLContextProperties
CryptMsgCalculateEncodedLength
CryptStringToBinaryA
CryptMsgOpenToDecode
CryptVerifyMessageSignatureWithKey
CertGetValidUsages
CryptDecodeObject
CertCompareCertificateName
CertGetPublicKeyLength
CertEnumCertificateContextProperties
CryptRegisterOIDFunction
CryptSignMessage
CertOpenSystemStoreA
CryptMsgSignCTL
CertVerifySubjectCertificateContext
CertGetEnhancedKeyUsage
PFXImportCertStore
CertSerializeCertificateStoreElement
CryptInstallDefaultContext
CryptRegisterOIDInfo
CryptCreateAsyncHandle
CertGetIssuerCertificateFromStore
CertEnumCRLContextProperties
CryptMsgCountersignEncoded
CertEnumPhysicalStore
CryptProtectData
CertDuplicateStore
CertFindRDNAttr
CryptMsgControl
CertRemoveEnhancedKeyUsageIdentifier
CryptMsgClose
CertGetNameStringA
CryptSignMessageWithKey
CertVerifyTimeValidity
CertIsValidCRLForCertificate
CryptDecodeMessage
CryptSignCertificate
CertEnumSystemStore
CertGetCertificateContextProperty
CertRegisterPhysicalStore
CryptGetMessageSignerCount
CertIsRDNAttrsInCertificateName
CertSetEnhancedKeyUsage
CryptUnregisterOIDInfo
CertAddEncodedCertificateToSystemStoreW
CertEnumCTLsInStore
CertOIDToAlgId
CryptEncodeObject
CertFindCertificateInCRL
CertAddEnhancedKeyUsageIdentifier
PFXIsPFXBlob
CryptUninstallDefaultContext
CryptVerifyMessageSignature
CertFreeCertificateChainEngine
CertCompareIntegerBlob
CertDeleteCertificateFromStore
CertAddCRLLinkToStore
CertGetStoreProperty
CertNameToStrA

imm32

ImmUnregisterWordW
ImmInstallIMEA
ImmGetCompositionFontW
ImmGetDescriptionW
ImmEscapeA
ImmAssociateContext
ImmGetOpenStatus
ImmUnregisterWordA
ImmGetStatusWindowPos
ImmGetVirtualKey
ImmEnumInputContext
ImmRegisterWordW
ImmGetDefaultIMEWnd
ImmDestroyContext
ImmEscapeW
ImmEnumRegisterWordW
ImmSetCompositionStringW
ImmSetCandidateWindow
ImmGetCompositionStringW
ImmCreateContext
ImmGetCompositionFontA
ImmIsUIMessageW
ImmGetCandidateWindow
ImmSetCompositionStringA
ImmGetConversionListA
ImmGetCandidateListCountA
ImmGetCompositionStringA
ImmGetRegisterWordStyleA
ImmGetConversionStatus
ImmGetCandidateListW
ImmGetCandidateListCountW
ImmGetIMEFileNameW
ImmGetGuideLineA
ImmSimulateHotKey
ImmSetStatusWindowPos
ImmRegisterWordA
ImmGetRegisterWordStyleW

iphlpapi

GetIpStatisticsEx
SetIpStatistics
GetIpStatistics
GetExtendedUdpTable
CreateIpForwardEntry
GetBestRoute
GetIpForwardTable
GetIpErrorString
GetIfEntry
GetPerAdapterInfo
GetNumberOfInterfaces
DeleteIpNetEntry
GetUniDirectionalAdapterInfo
GetRTTAndHopCount
DeleteProxyArpEntry
SetIpForwardEntry
GetIfTable
RestoreMediaSense
GetNetworkParams
FlushIpNetTable
GetIcmpStatistics
SetIpTTL
GetInterfaceInfo
CreateProxyArpEntry
SetIpNetEntry
UnenableRouter
NotifyAddrChange
IpRenewAddress
GetTcpStatisticsEx
GetUdpStatistics
NotifyRouteChange
GetTcpStatistics

msi

ord195
ord219
ord211
ord179
ord38
ord214
ord174
ord263
ord67
ord87
ord5
ord226
ord272
ord70
ord266
ord129
ord68
ord246
ord204
ord101
ord41
ord157
ord237
ord230
ord213
ord178
ord42
ord239
ord95
ord252
ord82
ord247
ord273
ord203
ord270
ord113
ord189
ord276
ord89
ord104
ord228
ord109
ord208
ord218
ord275
ord107
ord176
ord210
ord69
ord45
ord244
ord126
ord90
ord84
ord168
ord131
ord111
ord15
ord267
ord81
ord65
ord11
ord209
ord55
ord194
ord255
ord71
ord190
ord227
ord260
ord241
ord59
ord265
ord224
ord94
ord240
ord40
ord212
ord202
ord10
ord72
ord259
ord231
ord245
ord136
ord181
ord229
ord66

msvfw32

DrawDibClose
ICDecompress
ICRemove
ICDraw

mswsock

TransmitFile

Sections

.text
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95f8e0dd395d4691088afbf27adc9e60

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

shlwapi

ws2_32

netapi32

comdlg32

comsvcs

crypt32

imm32

iphlpapi

msi

msvfw32

mswsock

Sections

.text Size: 170KB - Virtual size: 169KB

.rdata Size: 66KB - Virtual size: 66KB

.data Size: 4KB - Virtual size: 21KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 170KB - Virtual size: 169KB

.rdata
Size: 66KB - Virtual size: 66KB

.data
Size: 4KB - Virtual size: 21KB

.reloc
Size: 17KB - Virtual size: 17KB