a926a6444876724f8f43ff845f2028e7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a926a6444876724f8f43ff845f2028e7_JaffaCakes118
Size

196KB
MD5

a926a6444876724f8f43ff845f2028e7
SHA1

c9fc197e32f9778d95663f54c7ccbf8e5f51cd2e
SHA256

c151a78f31402b849266818a99e01d01c2b12c0b34d164575753d1b8667a9e07
SHA512

6047d3e8bd5984700027ab8f7a089a06256fb49db36a473bcb8bbc12a2866aca2a349c766644a08f88c6bcf3cc11da59eae740572289ac5efbaa2b7e428fefb0
SSDEEP

3072:qtidasSFaw4Uq1owFK6R64HPgpqNbdppvP/p/VMMCRnykDviACdxILy7e5qTFzN:JdasSFy3gpi/D/VMMCRyMaV6YTFzN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a926a6444876724f8f43ff845f2028e7_JaffaCakes118

Files

a926a6444876724f8f43ff845f2028e7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

23cdf06da0af5176f03f06f545f5952a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dnsapi

DnsQuery_A
DnsFree

kernel32

TlsSetValue
LocalReAlloc
TlsFree
GetCurrentProcessId
GetModuleHandleW
InterlockedIncrement
WritePrivateProfileStringA
GlobalFlags
GetCPInfo
GetOEMCP
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
GetTimeFormatA
GetDateFormatA
GetStartupInfoA
HeapAlloc
HeapFree
VirtualAlloc
HeapReAlloc
SetStdHandle
GetFileType
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
VirtualFree
QueryPerformanceCounter
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
Sleep
SizeofResource
LockResource
LoadResource
FindResourceA
WideCharToMultiByte
GetWindowsDirectoryA
DeleteFileA
CreateThread
ExitProcess
SetCurrentDirectoryA
ResetEvent
CreateEventA
OpenEventA
GetLastError
SetEvent
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
CloseHandle
CreateFileMappingA
CreateFileA
GetTickCount
GetTimeZoneInformation
LocalFree
LocalAlloc
FormatMessageA
GetSystemTime
CreateProcessA
GetModuleFileNameA
GetCommandLineA
SetLastError
FreeLibrary
lstrlenA
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcmpW
GetVersionExA
InterlockedDecrement
MultiByteToWideChar
GlobalUnlock
GlobalLock
GetModuleFileNameW
GetFileTime
GetFileSizeEx
GetFileAttributesA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
CompareStringA
InterlockedExchange
lstrcmpA
SetErrorMode
GlobalAlloc
GetModuleHandleA
GetProcAddress
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LoadLibraryA
GlobalFree

user32

DestroyMenu
SetCursor
GetSysColorBrush
GetWindowThreadProcessId
IsWindowEnabled
SetWindowTextA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
MessageBoxA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
GetParent
CopyRect
PtInRect
GetDlgCtrlID
CallWindowProcA
GetMenu
GetWindowLongA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
GetSysColor
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
UnhookWindowsHookEx
CharUpperA
GetSystemMetrics
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
EnableWindow
PostMessageA
PeekMessageA
wsprintfA
SendMessageA
LoadStringA
GetMessageA
TranslateMessage
DispatchMessageA
LoadIconA
LoadCursorA
RegisterClassExA
DefWindowProcA
BeginPaint
GetClientRect
DrawTextA
EndPaint
PostQuitMessage
KillTimer
SetTimer
CreateWindowExA
ShowWindow
UpdateWindow
GetClassInfoExA

gdi32

DeleteObject
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
GetClipBox
DeleteDC
CreateBitmap
GetStockObject
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
ScaleWindowExtEx
GetDeviceCaps

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCloseKey
RegQueryValueExA
RegEnumKeyA
RegDeleteKeyA
RegQueryValueA
RegCreateKeyExA
RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA

shlwapi

PathStripToRootA
PathFindExtensionA
PathIsUNCA
PathFindFileNameA

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
VariantClear
VariantChangeType
VariantInit

ws2_32

accept
closesocket
WSACleanup
WSAStartup
WSASetLastError
sendto
recvfrom
htonl
select
recv
send
connect
socket
gethostbyname
inet_ntoa
gethostname
inet_addr
gethostbyaddr
bind
WSAGetLastError
htons
WSAAsyncSelect

Sections

.text
Size: 112KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.depack
Size: 406B - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

23cdf06da0af5176f03f06f545f5952a

Headers

DLL Characteristics

File Characteristics

Imports

dnsapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shlwapi

oleaut32

ws2_32

Sections

.text Size: 112KB - Virtual size: 204KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 9KB - Virtual size: 51KB

.rsrc Size: 3KB - Virtual size: 2KB

.depack Size: 406B - Virtual size: 208KB

.text
Size: 112KB - Virtual size: 204KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 9KB - Virtual size: 51KB

.rsrc
Size: 3KB - Virtual size: 2KB

.depack
Size: 406B - Virtual size: 208KB