a3b6a8db879744857860386da5add2f8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a3b6a8db879744857860386da5add2f8_JaffaCakes118
Size

464KB
MD5

a3b6a8db879744857860386da5add2f8
SHA1

e25bc50534b1af621bc09764cec600c85d1fd643
SHA256

430bd58526e26cd19915486acdc94c2c2fad3decba1e776675502aa0542e70f6
SHA512

ef86e530168a30403f45a0470f0ca490a3457930c4dbfc66125e3d67bfe033f76a17cc86a38914042233ee2852406aeec081e26f7f087698b0183d8b06608fdd
SSDEEP

12288:J3FqENB5eSSYBtAlriGylmbCoqzgcSbj:JDNBAYB6ylvnSb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3b6a8db879744857860386da5add2f8_JaffaCakes118

Files

a3b6a8db879744857860386da5add2f8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bf4033c9873d26a1b6fba6f00fa75570

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
BitBlt
GetObjectA
SelectObject
SetBkColor
GetBkColor
CreateBitmap
DeleteDC
SelectPalette
DeleteObject
CreateCompatibleDC
GetObjectW
GetDeviceCaps
RealizePalette
CreateCompatibleBitmap
CreateDIBitmap
CreatePalette
CreateFontIndirectW
CreateFontIndirectA
GetTextExtentPoint32W

ntdll

NtAllocateVirtualMemory

msvcrt

iswprint
_except_handler3
strtoul
_stricmp
wcsncpy
wcscpy
_initterm
_wcsicmp
malloc
strtok
memmove
_wtol
_purecall
free
_ltow
_wcsnicmp
wcscat
wcscmp
wcsrchr
swprintf
wcschr
wcslen
iswspace
_itow
_vsnwprintf
_adjust_fdiv

crypt32

CertVerifyTimeValidity
PFXImportCertStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CryptEnumOIDInfo
PFXVerifyPassword
CertFindCertificateInStore
CryptFormatObject
CertCreateCertificateContext
CertGetCRLFromStore
CertSetCTLContextProperty
CertFindCTLInStore
CertFindCRLInStore
CertFreeCTLContext
CryptFindOIDInfo
CertGetNameStringW
CertEnumSystemStore
CryptMsgGetParam
CertCreateCTLContext
CryptSIPRetrieveSubjectGuid
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CryptMsgUpdate
PFXExportCertStore
CryptQueryObject
CryptFindCertificateKeyProvInfo
CryptMsgDuplicate
CryptGetDefaultOIDFunctionAddress
CertGetPublicKeyLength
CertFreeCertificateChainEngine
CryptAcquireCertificatePrivateKey
CryptFindLocalizedName
CertAddCTLContextToStore
CryptMsgClose
CertGetStoreProperty
CertGetCertificateContextProperty
CryptBinaryToStringA
CertGetCertificateChain
CertEnumCTLsInStore
CertCreateCertificateChainEngine
PFXExportCertStoreEx
CryptInitOIDFunctionSet
CertCloseStore
CertDeleteCertificateFromStore
CertNameToStrW
CertGetCTLContextProperty
CertFindAttribute
CryptGetDefaultOIDDllList
CertGetSubjectCertificateFromStore
CertFreeCertificateChain
CertCompareCertificate
CertSetEnhancedKeyUsage
CryptFreeOIDFunctionAddress
CertFindExtension
CertAddCertificateContextToStore
CertOpenStore
CertDuplicateStore
CertSaveStore
CryptDecodeObjectEx
CryptMsgControl
CertGetValidUsages
CertEnumPhysicalStore
CertSetCertificateContextProperty
CryptMsgEncodeAndSignCTL
CryptDecodeObject
CryptEncodeObject
CryptMsgOpenToDecode
CryptMsgVerifyCountersignatureEncoded
CertFreeCRLContext
CertAddCRLContextToStore

netapi32

NetApiBufferFree
NetGetDCName
DsGetDcNameW

wintrust

WinVerifyTrustEx
WTHelperGetProvSignerFromChain
WTHelperGetKnownUsages
WintrustGetDefaultForUsage
TrustIsCertificateSelfSigned
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData

shlwapi

PathUndecorateW
PathFindFileNameW
StrCmpNIW

wininet

InternetCanonicalizeUrlW
InternetCrackUrlW

kernel32

LoadLibraryExA
DeleteCriticalSection
DelayLoadFailureHook
LockResource
QueryPerformanceCounter
MulDiv
LoadLibraryA
InterlockedCompareExchange
GetDateFormatW
GlobalAlloc
OutputDebugStringA
FreeResource
GetProcAddress
GetLastError
DisableThreadLibraryCalls
GetCurrentThreadId
CreateFileMappingA
GetVersionExA
WideCharToMultiByte
GetCurrentDirectoryW
lstrlenW
GetTimeFormatW
GetModuleHandleW
InitializeCriticalSection
FormatMessageW
GetSystemTimeAsFileTime
CreateFileW
MultiByteToWideChar
GetCurrentThread
GetCurrentProcess
GetLocalTime
SetLastError
GetModuleFileNameW
GlobalUnlock
LocalFree
TerminateProcess
lstrcpyA
GetACP
ExpandEnvironmentStringsW
SetUnhandledExceptionFilter
lstrcatA
DeleteFileW
FileTimeToSystemTime
GetDateFormatA
CompareStringA
LoadLibraryW
GetUserDefaultLCID
UnmapViewOfFile
LocalAlloc
lstrlenA
SetFilePointer
SetEndOfFile
Sleep
CreateFileA
lstrcmpA
CompareFileTime
CompareStringW
LoadResource
GetTimeFormatA
GlobalLock
GetComputerNameExW
WriteFile
FileTimeToLocalFileTime
CloseHandle
MapViewOfFile
LeaveCriticalSection
EnterCriticalSection
GlobalFree
FreeLibrary
UnhandledExceptionFilter
FindResourceA
GetCurrentProcessId
GetFileSize
GetComputerNameW
GetModuleHandleA
GetTickCount
SystemTimeToFileTime
LocalReAlloc
ExpandEnvironmentStringsA

advapi32

OpenProcessToken
StartServiceA
RegCreateKeyExA
AllocateAndInitializeSid
RegQueryValueExA
CryptGetUserKey
RegEnumValueW
RegEnumValueA
ChangeServiceConfigA
RegCloseKey
CryptAcquireContextW
CryptReleaseContext
GetTokenInformation
CryptAcquireContextA
QueryServiceConfigA
FreeSid
DuplicateToken
CryptGetKeyParam
OpenSCManagerW
CloseServiceHandle
ControlService
RegCreateKeyExW
StartServiceW
LockServiceDatabase
OpenServiceW
CryptDestroyKey
RegQueryInfoKeyA
RegQueryValueExW
OpenThreadToken
RegEnumKeyExA
RegEnumKeyExW
QueryServiceStatus
CryptSetProvParam
UnlockServiceDatabase
RegOpenKeyExW
GetUserNameW
RegSetValueExA
CryptGetProvParam
RegSetValueExW
RegOpenKeyExA
EqualSid

user32

SystemParametersInfoA
GetDesktopWindow
SendMessageW
GetDlgItemTextW
DialogBoxParamW
DrawIcon
LoadIconA
LoadStringA
GetDlgItemInt
IsDlgButtonChecked
SetCursor
DrawFocusRect
CreateWindowExA
SetWindowTextA
SetClassLongA
SetDlgItemInt
IsWindowEnabled
SetWindowLongA
GetWindowTextW
MessageBoxW
MonitorFromWindow
GetUpdateRect
GetWindowRect
ReleaseDC
DestroyWindow
IsWindowVisible
wsprintfA
MoveWindow
UpdateWindow
GetDlgItemTextA
LoadBitmapW
GetFocus
MapDialogRect
SetWindowTextW
GetWindowDC
GetSysColor
LoadStringW
SetWindowPos
GetMonitorInfoW
GetParent
GetWindowLongW
SetFocus
LoadCursorW
SendDlgItemMessageW
RegisterClipboardFormatA
FillRect
SetDlgItemTextW
ReleaseCapture
GetSysColorBrush
GetWindow
MessageBoxExW
SendMessageA
CallWindowProcA
SetCapture
GetNextDlgTabItem
EndPaint
ShowWindow
SetWindowLongW
DestroyIcon
DrawTextExW
SetRect
CreateWindowExW
WinHelpW
InvalidateRect
PostMessageW
PeekMessageA
EnableWindow
GetDialogBaseUnits
CheckRadioButton
GetDC
LoadCursorA
BeginPaint
PostMessageA
GetWindowLongA
SendDlgItemMessageA
GetClientRect
CopyRect
EndDialog
MapWindowPoints
GetDlgItem

rpcrt4

RpcNetworkIsProtseqValidA
NdrClientCall2
RpcEpResolveBinding
RpcStringBindingComposeA
RpcStringFreeA
UuidToStringA
RpcBindingFromStringBindingA
RpcBindingFree
UuidCreate

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 952KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 428KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bf4033c9873d26a1b6fba6f00fa75570

Headers

File Characteristics

Imports

gdi32

ntdll

msvcrt

crypt32

netapi32

wintrust

shlwapi

wininet

kernel32

advapi32

user32

rpcrt4

version

Sections

.text Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 20B

.rsrc Size: 10KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 952KB

.rdata Size: 428KB - Virtual size: 428KB

.text
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 20B

.rsrc
Size: 10KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 952KB

.rdata
Size: 428KB - Virtual size: 428KB