a4130b2271d9d9ade6392fa697ab819e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a4130b2271d9d9ade6392fa697ab819e_JaffaCakes118
Size

268KB
MD5

a4130b2271d9d9ade6392fa697ab819e
SHA1

12cda2c951832b116bb10de09ced41a3edf55637
SHA256

cb4920662b3f09133b073c8ddaabcbde214c50c7ae75d33407d7d9a7a8fac397
SHA512

35a6207329816c33a8870b4330599036a72139666d319643985d96577ea6b56b4fdaa4229d548bb609f5738952f905598252b186574392f17b0d2786cd718dbb
SSDEEP

6144:TnK9TB5rvZGfXo42Fi+5cmIWZ94VZqlQT0OcQXZCR0uU5ze:TnK9Tf4flKilg0Zz0OcQXZhucze

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4130b2271d9d9ade6392fa697ab819e_JaffaCakes118

Files

a4130b2271d9d9ade6392fa697ab819e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

168af8d5085396f3ba86956eb2ffe0f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

LdrGetDllHandle
LdrLoadDll
NtQueryInformationProcess
RtlUnwind

kernel32

GetThreadContext
SetThreadContext
GetProcessId
GetCurrentThread
SetThreadPriority
lstrlenW
LoadLibraryW
GetExitCodeThread
CreateDirectoryW
WTSGetActiveConsoleSessionId
lstrcpyW
ResetEvent
DosDateTimeToFileTime
VirtualProtect
VirtualFree
VirtualAlloc
GetDriveTypeW
GetLogicalDrives
HeapReAlloc
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
MapViewOfFile
UnmapViewOfFile
CreateProcessW
CreateFileMappingW
InterlockedIncrement
InterlockedDecrement
GetSystemTime
lstrcpyA
GetNativeSystemInfo
GetCurrentThreadId
ExpandEnvironmentStringsW
GetHandleInformation
SystemTimeToFileTime
GetTimeZoneInformation
GetLocalTime
CreateMutexW
WriteProcessMemory
ReleaseMutex
lstrcmpA
TryEnterCriticalSection
VirtualAllocEx
GetSystemDefaultUILanguage
GetProcessTimes
lstrcmpW
GlobalMemoryStatusEx
GetUserDefaultUILanguage
GetDiskFreeSpaceExW
GetVolumeInformationW
GlobalLock
GlobalUnlock
GetEnvironmentVariableW
OpenProcess
Thread32First
Thread32Next
CreateToolhelp32Snapshot
CreateRemoteThread
Process32FirstW
Process32NextW
GetTempFileNameW
MoveFileExW
GetTempPathW
RemoveDirectoryW
VirtualQuery
GetCurrentProcess
InterlockedCompareExchange
FlushInstructionCache
lstrcmpiA
FileTimeToDosDateTime
lstrcpynA
FileTimeToLocalFileTime
GetPrivateProfileStringW
GetPrivateProfileIntW
UnregisterWait
RegisterWaitForSingleObject
GetCurrentProcessId
LocalFree
OpenEventW
lstrcatW
GetModuleFileNameW
Sleep
VirtualFreeEx
SetErrorMode
GetCommandLineW
ExitProcess
FindNextFileW
FindClose
FindFirstFileW
IsBadReadPtr
MultiByteToWideChar
WideCharToMultiByte
GetVolumeNameForVolumeMountPointW
GetVersionExW
OpenMutexW
CreateEventW
SetEvent
QueryPerformanceCounter
TlsSetValue
TlsGetValue
lstrcmpiW
LoadLibraryA
FreeLibrary
lstrlenA
TlsFree
TlsAlloc
CreateThread
ResumeThread
DuplicateHandle
DeleteCriticalSection
WaitForMultipleObjects
EnterCriticalSection
GetLastError
LeaveCriticalSection
TerminateThread
InitializeCriticalSection
GetTickCount
WaitForSingleObject
SetFileAttributesW
GetFileInformationByHandle
DeleteFileW
CloseHandle
GetFileTime
GetProcAddress
SetLastError
GetFileSizeEx
FlushFileBuffers
CreateFileW
ReadFile
GetFileAttributesW
WriteFile
SetFileTime
GetModuleHandleW
SetFilePointerEx
SetEndOfFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetComputerNameW
SetFilePointer
OutputDebugStringA
TerminateProcess

user32

GetSystemMetrics
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
GetLastInputInfo
TranslateMessage
GetClipboardData
CharToOemW
ToUnicode
GetIconInfo
GetKeyboardState
GetCursorPos
DrawIcon
LoadCursorW
CharLowerW
ExitWindowsEx
CharLowerA
CharUpperW

advapi32

CryptHashData
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptGetKeyParam
CryptVerifySignatureW
AdjustTokenPrivileges
LookupPrivilegeValueW
CreateProcessAsUserW
GetSidSubAuthorityCount
OpenThreadToken
GetSidSubAuthority
OpenProcessToken
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
RegCloseKey
RegCreateKeyExW
EqualSid
ConvertSidToStringSidW
GetLengthSid
IsWellKnownSid
InitiateSystemShutdownExW

shlwapi

PathUnquoteSpacesW
StrRChrA
StrCmpIW
StrChrW
PathSkipRootW
PathAddExtensionW
StrCmpNIA
PathRenameExtensionW
UrlUnescapeA
PathGetDriveNumberW
StrCmpNA
PathIsURLW
PathIsDirectoryW
StrCmpNW
PathFindExtensionW
StrCmpNIW
wvnsprintfA
ord14
PathRemoveBackslashW
PathAddBackslashW
PathRemoveFileSpecW
PathQuoteSpacesW
wvnsprintfW
PathFindFileNameW
PathRemoveExtensionW
StrChrA
PathMatchSpecW

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW

secur32

GetUserNameExW
DecryptMessage
EncryptMessage
DeleteSecurityContext

ole32

CoCreateInstance
CoUninitialize
CoInitializeSecurity
CLSIDFromString
CreateStreamOnHGlobal
CoSetProxyBlanket
CoInitializeEx
CoTaskMemFree
StringFromGUID2

gdi32

BitBlt
DeleteDC
GetDeviceCaps
CreateDCW
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC

ws2_32

shutdown
WSACleanup
WSAGetLastError
bind
select
getaddrinfo
connect
gethostbyname
WSACloseEvent
GetAddrInfoW
WSAIoctl
WSAAddressToStringW
WSAEnumNetworkEvents
WSAEventSelect
setsockopt
WSACreateEvent
getsockopt
WSAAddressToStringA
WSAStringToAddressW
recvfrom
getsockname
sendto
FreeAddrInfoW
WSARecv
WSASend
WSAGetOverlappedResult
recv
socket
freeaddrinfo
closesocket
send
listen
accept
getpeername
WSASetLastError
getservbyname
WSAStartup

crypt32

CryptUnprotectData
PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
PFXImportCertStore

wininet

InternetOpenA
HttpAddRequestHeadersA
HttpEndRequestA
HttpOpenRequestA
InternetWriteFile
InternetSetOptionA
InternetReadFile
InternetCrackUrlA
InternetConnectA
HttpQueryInfoA
HttpSendRequestExA
InternetQueryOptionA
InternetCloseHandle

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

netapi32

NetApiBufferFree
NetUserGetInfo
NetUserEnum

iphlpapi

GetAdaptersAddresses

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

msvcrt

_except_handler3
_errno
memcpy
memset
strcmp
strtoul
_purecall
memcmp
memmove
_vsnwprintf
_vsnprintf
memchr
_ultow

Sections

.text
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

168af8d5085396f3ba86956eb2ffe0f3

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

iphlpapi

version

msvcrt

Sections

.text Size: 252KB - Virtual size: 251KB

.data Size: 1024B - Virtual size: 8KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 252KB - Virtual size: 251KB

.data
Size: 1024B - Virtual size: 8KB

.reloc
Size: 13KB - Virtual size: 13KB