ac4adf288ad6edec59e3f4562a945fc0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ac4adf288ad6edec59e3f4562a945fc0_JaffaCakes118
Size

1.0MB
MD5

ac4adf288ad6edec59e3f4562a945fc0
SHA1

edd35082abb0faea5d358e402dfbc2ba1c7b0242
SHA256

d57c524029b6cda08b69b5b0f3d2de7865b18b0a45dff6baf3f933cf16302648
SHA512

71d9a0d8db2d4eaec7c728f321af3a1c15b3924fbdf5467de3f357d74719aebe2b636d0cfcd7ebdffb0dd920b00b00d0466bb71051d311aaa7cfb91ff42a756b
SSDEEP

12288:63zBjjdKFfC9j0ikPBNJPQIQOqZRrFvPvumQqzllU227FilTnGi6Qjj7hnRu:63zNZKFKizP+FnWmpzM2milTnT3f7hk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac4adf288ad6edec59e3f4562a945fc0_JaffaCakes118

Files

ac4adf288ad6edec59e3f4562a945fc0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

67bd57f19a40101c388f37d08a956be8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

listen
accept
inet_addr
gethostname
send
closesocket
connect
getpeername
gethostbyname
WSAStartup
ioctlsocket
htonl
WSAGetLastError
htons
getsockname
shutdown
setsockopt
WSACleanup
recv
bind
socket

winmm

timeSetEvent
timeGetTime

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wtsapi32

WTSEnumerateSessionsA
WTSFreeMemory

userenv

CreateEnvironmentBlock
ExpandEnvironmentStringsForUserA
DestroyEnvironmentBlock

kernel32

GetExitCodeProcess
Process32Next
CreateToolhelp32Snapshot
OutputDebugStringA
GetVersionExA
GetCurrentProcessId
SetCurrentDirectoryA
GetComputerNameA
ResumeThread
CreateThread
IsBadReadPtr
IsBadWritePtr
CreateFileA
GetFileSize
GetSystemInfo
SetFilePointer
lstrlenA
MoveFileExA
SetEndOfFile
SetErrorMode
SystemTimeToFileTime
SetFileTime
WriteFile
GetDriveTypeA
FileTimeToSystemTime
ReadFile
FlushFileBuffers
CreateDirectoryA
GetLogicalDriveStringsA
MoveFileA
GetFileTime
GetSystemTime
GlobalLock
GetCurrentThread
GlobalAlloc
CreateProcessA
TerminateProcess
SetThreadPriority
GlobalUnlock
OpenEventA
SetProcessShutdownParameters
FindResourceA
LoadResource
SizeofResource
LockResource
AllocConsole
FormatMessageA
GetStdHandle
WriteConsoleA
GlobalDeleteAtom
GlobalGetAtomNameA
GetTempPathA
SetEvent
ResetEvent
GlobalFree
CreateEventA
GetACP
HeapSize
ExitThread
RaiseException
GetTimeZoneInformation
HeapReAlloc
PeekNamedPipe
GetFileInformationByHandle
GetCPInfo
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
RtlUnwind
GetCurrentDirectoryA
SetEnvironmentVariableA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetCommandLineA
SetStdHandle
ExitProcess
GetModuleHandleW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
TlsAlloc
DuplicateHandle
TlsSetValue
TlsFree
TlsGetValue
CreateSemaphoreA
ReleaseSemaphore
DeleteCriticalSection
SetVolumeLabelA
SetFileAttributesA
GetLocaleInfoA
GetLocalTime
lstrcmpiA
lstrcpynA
InterlockedExchange
InitializeCriticalSection
GetProcessHeap
HeapAlloc
HeapFree
GetFileType
GetVersion
DosDateTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetFullPathNameA
GetVolumeInformationA
GetFileAttributesA
lstrcpyA
lstrcatA
Sleep
HeapCreate
VirtualFree
LCMapStringW
Process32First
SetLastError
GetCurrentProcess
OpenFileMappingA
ReleaseMutex
CreateMutexA
CreateFileMappingA
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
CloseHandle
GetPrivateProfileStructA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
OpenProcess
WritePrivateProfileSectionA
WritePrivateProfileStructA
WinExec
DeleteFileA
FindNextFileA
FindClose
EnterCriticalSection
CopyFileA
GetLastError
FindFirstFileA
LeaveCriticalSection
FreeLibrary
WideCharToMultiByte
GetCurrentThreadId
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
VirtualAlloc
SetHandleCount
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetConsoleOutputCP
WriteConsoleW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableW
GetLocaleInfoW
CompareStringA
CompareStringW
GetOEMCP
IsValidCodePage
LCMapStringA
GlobalAddAtomA
RemoveDirectoryA

user32

IsDlgButtonChecked
TrackPopupMenu
GetMenuItemID
GetSubMenu
LoadMenuA
EnableMenuItem
SetMenuDefaultItem
DestroyMenu
EnableWindow
ToAscii
GetKeyState
GetAsyncKeyState
MapVirtualKeyA
VkKeyScanA
SetRect
WaitMessage
PeekMessageA
IsIconic
DestroyWindow
EnumDesktopWindows
CloseClipboard
CheckDlgButton
OpenDesktopA
DrawIconEx
WaitForInputIdle
WindowFromPoint
RegisterWindowMessageA
EnumWindows
GetIconInfo
GetWindowTextA
GetClipboardData
EmptyClipboard
ChangeClipboardChain
IsWindow
OpenClipboard
IsWindowVisible
SetClipboardData
SetClipboardViewer
GetClipboardOwner
keybd_event
GetKeyboardState
mouse_event
SetActiveWindow
MessageBeep
SetDlgItemInt
GetDlgItemInt
ExitWindowsEx
GetProcessWindowStation
GetClassNameA
FlashWindow
ChangeDisplaySettingsExA
EnumDisplaySettingsA
SetCursor
ScreenToClient
GetWindowRect
SendDlgItemMessageA
SetCapture
SetForegroundWindow
LoadStringA
GetParent
GetClientRect
SetFocus
GetDC
GetScrollInfo
InvalidateRect
ReleaseDC
GetDlgItem
EndDialog
GetCursorPos
PostMessageA
SetCaretBlinkTime
ReleaseCapture
SetWindowTextA
CallWindowProcA
GetDlgItemTextA
DialogBoxParamA
GetCaretBlinkTime
SetDlgItemTextA
MoveWindow
MessageBoxA
wsprintfA
FindWindowA
GetWindowThreadProcessId
SystemParametersInfoA
GetForegroundWindow
SendMessageA
GetMessageA
GetUserObjectInformationA
SetTimer
RegisterClassExA
PostQuitMessage
GetThreadDesktop
KillTimer
LoadIconA
OpenInputDesktop
CloseDesktop
TranslateMessage
SetWindowLongA
GetWindowLongA
CreateWindowExA
DefWindowProcA
SetWindowPos
ShowWindow
SetThreadDesktop
DispatchMessageA
GetSystemMetrics
LoadImageA
AdjustWindowRect
LoadCursorA
IsRectEmpty
wvsprintfA
OemToCharA
CharToOemA
GetDesktopWindow

gdi32

GetBitmapBits
GetObjectA
CreateDIBSection
SetDIBColorTable
GdiFlush
CreatePalette
CreateCompatibleBitmap
RealizePalette
SelectPalette
GetPixel
BitBlt
ExtEscape
GetSystemPaletteEntries
MoveToEx
LineTo
SetROP2
PatBlt
DeleteDC
StretchBlt
CreateSolidBrush
GetStockObject
GetClipBox
CreateCompatibleDC
SelectObject
DeleteObject
SetBkMode
GetDeviceCaps
GetDIBits
CreateDCA

advapi32

GetSecurityDescriptorControl
SetKernelObjectSecurity
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
IsValidAcl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
IsValidSid
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetKernelObjectSecurity
LookupAccountSidA
RegCreateKeyA
SetServiceStatus
QueryServiceStatus
RegCreateKeyExA
CreateServiceA
RegisterServiceCtrlHandlerA
DeleteService
StartServiceCtrlDispatcherA
AdjustTokenPrivileges
DuplicateTokenEx
LookupPrivilegeValueA
SetTokenInformation
FreeSid
RevertToSelf
AllocateAndInitializeSid
ImpersonateLoggedOnUser
EqualSid
GetTokenInformation
OpenProcessToken
CreateProcessAsUserA
RegCloseKey
RegOpenKeyExA
GetUserNameA
RegQueryValueExA
RegSetValueExA
QueryServiceConfigA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
EnumServicesStatusA

shell32

SHAppBarMessage
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA
ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

imm32

ImmGetDefaultIMEWnd

Sections

.text
Size: 604KB - Virtual size: 603KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 438KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 335KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67bd57f19a40101c388f37d08a956be8

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

winmm

version

wtsapi32

userenv

kernel32

user32

gdi32

advapi32

shell32

ole32

imm32

Sections

.text Size: 604KB - Virtual size: 603KB

.rdata Size: 111KB - Virtual size: 111KB

.data Size: 14KB - Virtual size: 438KB

.rsrc Size: 335KB - Virtual size: 335KB

.text
Size: 604KB - Virtual size: 603KB

.rdata
Size: 111KB - Virtual size: 111KB

.data
Size: 14KB - Virtual size: 438KB

.rsrc
Size: 335KB - Virtual size: 335KB