b1d6da187e8a7cbb2dc18dda382aaea5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b1d6da187e8a7cbb2dc18dda382aaea5_JaffaCakes118
Size

354KB
MD5

b1d6da187e8a7cbb2dc18dda382aaea5
SHA1

04b5cccebb7c600819c77e0509e3ffcaa76d8702
SHA256

1a060f4d84f4e48f1288b5b42cd30e3ef496d0ec6622a4a52cce3bdede333446
SHA512

be424667d7d7fce4036c3550e21b1c6937d41d9b78ce19ffe6162941843ed1027f04490e7662f90fbcfa37b52964749e3c69ad3c9a3cffb5204733f47df1ce5a
SSDEEP

6144:y7JDu5qZWzDGqLmQA2K8wqb1SgKp1FcME5vpZ5bBoDp9J5MMx+wT:ZqszXip2bboS5v/96Dpz1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1d6da187e8a7cbb2dc18dda382aaea5_JaffaCakes118

Files

b1d6da187e8a7cbb2dc18dda382aaea5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

07732ea840ac67c5f978dad89d86257c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

mscms

DeleteColorTransform
InstallColorProfileA
CheckBitmapBits
InternalGetPS2ColorRenderingDictionary
CreateProfileFromLogColorSpaceA
EnumColorProfilesW
IsColorProfileTagPresent
GetPS2ColorRenderingDictionary
AssociateColorProfileWithDeviceA
ConvertColorNameToIndex
GetColorDirectoryW
InternalSetDeviceConfig
GetPS2ColorRenderingIntent
InternalGetPS2PreviewCRD
GetColorProfileElementTag
GetColorProfileFromHandle
GetCMMInfo
DisassociateColorProfileFromDeviceW
IsColorProfileValid
GetNamedProfileInfo
CreateMultiProfileTransform
SpoolerCopyFileEvent
GetStandardColorSpaceProfileA
InternalGetPS2CSAFromLCS
UninstallColorProfileW
RegisterCMMA
SetColorProfileHeader
SetColorProfileElementSize

wintrust

SoftpubAuthenticode
CryptCATEnumerateAttr
CryptCATEnumerateCatAttr
WintrustAddDefaultForUsage
WintrustAddActionID
WVTAsn1SpcStatementTypeDecode
WVTAsn1SpcPeImageDataEncode
mssip32DllUnregisterServer
WVTAsn1SpcFinancialCriteriaInfoDecode
DriverCleanupPolicy
CryptCATCDFEnumMembersByCDFTagEx
CryptSIPGetSignedDataMsg
WTHelperGetFileHandle
WTHelperGetProvSignerFromChain
WinVerifyTrustEx
CryptCATOpen
CryptCATCDFOpen
WTHelperOpenKnownStores
CryptCATCDFEnumCatAttributes
WVTAsn1CatMemberInfoDecode
TrustDecode
SoftpubLoadSignature
WintrustGetDefaultForUsage
WVTAsn1SpcLinkEncode
WintrustRemoveActionID
SoftpubCleanup
CryptCATGetMemberInfo

imm32

ImmGetCompositionFontA
ImmDestroyIMCC
ImmGetCandidateListW
ImmGetCompositionFontW
ImmIsUIMessageW
ImmRegisterWordW
ImmRegisterWordA
ImmGetGuideLineW
ImmGetCompositionStringA
ImmGetIMCLockCount
ImmLockIMCC
ImmSetHotKey
ImmUnlockIMCC
ImmGetDescriptionW
ImmShowSoftKeyboard
ImmGetStatusWindowPos
ImmIsUIMessageA
ImmSetCompositionFontW
ImmAssociateContextEx
ImmSimulateHotKey
ImmSetCompositionWindow
ImmSetCompositionFontA
ImmGetCandidateListCountW
ImmLockIMC
ImmUnregisterWordA
ImmGetConversionListW
ImmGetOpenStatus

samlib

SamAddMemberToAlias
SamConnect
SamChangePasswordUser2
SamGetAliasMembership
SamCreateUser2InDomain
SamShutdownSamServer
SamRemoveMemberFromForeignDomain
SamTestPrivateFunctionsDomain
SamRemoveMemberFromAlias
SamTestPrivateFunctionsUser
SamiEncryptPasswords

mswsock

WSARecvEx
GetAcceptExSockaddrs
rcmd
inet_network
rexec
EnumProtocolsW
NPLoadNameSpaces
SetServiceA

rpcrt4

NdrProxyErrorHandler
RpcServerInqBindings
NdrInterfacePointerFree
NdrSimpleStructMemorySize
NdrByteCountPointerBufferSize
RpcSsSetThreadHandle
NdrConformantVaryingArrayMarshall
RpcNetworkIsProtseqValidW
NdrGetBuffer
RpcMgmtEpEltInqDone
MesEncodeDynBufferHandleCreate
NdrVaryingArrayMarshall
RpcNsBindingInqEntryNameW
I_RpcTransConnectionReallocPacket
RpcSsSetClientAllocFree
UuidFromStringW
I_RpcTransConnectionFreePacket
NdrMesTypeEncode
NdrServerMarshall
RpcMgmtStatsVectorFree
I_RpcNsBindingSetEntryNameA
I_RpcTransIoCancelled
RpcBindingToStringBindingW
I_RpcBindingInqDynamicEndpointW
NdrRpcSmSetClientToOsf
NdrSimpleStructFree
MesEncodeFixedBufferHandleCreate
RpcAsyncAbortCall
I_RpcServerUseProtseq2W
I_RpcReallocPipeBuffer
NdrXmitOrRepAsMarshall
NdrOleAllocate

wininet

GetUrlCacheEntryInfoExA
DeleteUrlCacheGroup
HttpSendRequestExA
DeleteUrlCacheContainerA
FindNextUrlCacheContainerA
InternetSetOptionExW
InternetOpenUrlW
GopherGetAttributeW
InternetUnlockRequestFile
FreeUrlCacheSpaceW
InternetGetConnectedState
InternetShowSecurityInfoByURLW
FtpOpenFileW
RetrieveUrlCacheEntryStreamW
InternetOpenUrlA
UnlockUrlCacheEntryFileA
UnlockUrlCacheEntryStream
FindFirstUrlCacheEntryW
GetUrlCacheEntryInfoA
InternetQueryDataAvailable
InternetQueryOptionW
InternetDialA
CreateUrlCacheGroup
ShowCertificate
CreateUrlCacheEntryW
FtpOpenFileA
InternetOpenW
SetUrlCacheConfigInfoW
IsUrlCacheEntryExpiredW

msacm32

acmFilterDetailsW
acmDriverDetailsW
XRegThunkEntry
acmMetrics
acmFilterTagDetailsA
acmStreamUnprepareHeader
acmFilterTagEnumW
acmStreamOpen
acmGetVersion
acmFilterChooseW
acmStreamMessage
acmStreamConvert
acmFormatChooseW
acmDriverAddW
acmFormatTagDetailsA
acmStreamPrepareHeader
acmFilterEnumW
acmDriverMessage
acmStreamSize
acmFormatTagEnumW

secur32

GetUserNameExA
InitializeSecurityContextW
AcceptSecurityContext
EncryptMessage
VerifySignature
SaslGetProfilePackageW
LsaRegisterLogonProcess
AddCredentialsW
AcquireCredentialsHandleA
DeleteSecurityContext
ExportSecurityContext
AddSecurityPackageA
QueryContextAttributesA
QuerySecurityContextToken
AddSecurityPackageW
AddCredentialsA
SealMessage
UnsealMessage
QuerySecurityPackageInfoA
InitSecurityInterfaceA
FreeContextBuffer
SaslIdentifyPackageW
LsaGetLogonSessionData
QueryCredentialsAttributesW
ImportSecurityContextW
QuerySecurityPackageInfoW
SaslInitializeSecurityContextA

kernel32

IsDBCSLeadByteEx
GetSystemDefaultLangID
GetLocalTime
FileTimeToDosDateTime
WaitForSingleObjectEx
CreateWaitableTimerW
SetWaitableTimer
SetThreadLocale
GlobalCompact
GetDriveTypeW
DnsHostnameToComputerNameA
GetFileTime
ConvertDefaultLocale
_hwrite
DuplicateHandle
SetFileApisToOEM
GetFileAttributesExW
CancelWaitableTimer
LockFile
GetMailslotInfo
GetCurrencyFormatW
FindFirstFileA
GetProcessAffinityMask
SetTapePosition
GetProcessHeaps
GetFileInformationByHandle
SetProcessShutdownParameters
GlobalDeleteAtom
SetHandleInformation
FormatMessageW
_hread

query

CITextToFullTree
DoneFILTERPerformanceData
BindIFilterFromStream
DoneCIPerformanceData
SetupCacheEx
InitializeFILTERPerformanceData
CICreateCommand
BindIFilterFromStorage
InitializeCIPerformanceData
CIRestrictionToFullTree
EndCacheTransaction
CIMakeICommand
LoadTextFilter
SetCatalogState
CITextToSelectTreeEx
CiSvcMain
CITextToFullTreeEx
CITextToSelectTree
SvcEntry_CiSvc
CollectFILTERPerformanceData
CIBuildQueryTree
LoadBinaryFilter
LocateCatalogsW
CIBuildQueryNode

user32

IsClipboardFormatAvailable

comctl32

ImageList_Destroy
ImageList_EndDrag
ImageList_SetIconSize
ImageList_ReplaceIcon
ImageList_Merge
DrawStatusTextA
FlatSB_SetScrollInfo
ImageList_DrawIndirect
CreatePropertySheetPageW
ShowHideMenuCtl
InitCommonControlsEx
ImageList_GetImageRect
ImageList_SetOverlayImage
ImageList_Duplicate
ImageList_DragLeave
ImageList_Replace
DrawInsert
InitializeFlatSB
ImageList_Copy
FlatSB_SetScrollProp
ImageList_GetImageInfo
ImageList_SetFilter
GetEffectiveClientRect
ImageList_BeginDrag
FlatSB_GetScrollProp
InitCommonControls

advapi32

ElfOpenEventLogW
DeleteAce
InstallApplication
IsValidAcl
GetAccessPermissionsForObjectW
RevertToSelf
OpenBackupEventLogW
CreatePrivateObjectSecurityEx
CryptGetProvParam
QueryServiceConfig2W
OpenEncryptedFileRawA
LockServiceDatabase
CryptSignHashA
StartServiceCtrlDispatcherA
SetSecurityInfoExA
SystemFunction031
RegFlushKey
ClearEventLogW
SystemFunction018
LsaClose
SystemFunction027
ElfClearEventLogFileA
RegSetValueExW
UnregisterTraceGuids
RegSetValueA
ConvertSecurityDescriptorToAccessNamedW
CreateServiceW
QueryServiceConfig2A
GetExplicitEntriesFromAclW
SystemFunction021
RegQueryInfoKeyA

comdlg32

GetSaveFileNameA
ReplaceTextW
GetFileTitleW
PrintDlgExW
ChooseFontA
FindTextA
GetOpenFileNameA
GetFileTitleA
GetSaveFileNameW
PrintDlgExA
ChooseFontW
ReplaceTextA
Ssync_ANSI_UNICODE_Struct_For_WOW
PrintDlgA
GetOpenFileNameW
WantArrows
PageSetupDlgA

rasapi32

RasGetConnectionStatistics
RasGetEntryHrasconnW
RasQuerySharedAutoDial
RasGetAutodialParamA
RasSetCustomAuthDataA
RasSetEntryDialParamsW
UnInitializeRAS
RasGetEntryPropertiesA
RasEnumDevicesW
RasEnumEntriesW
RasGetAutodialAddressW
RasGetConnectStatusA
RasInvokeEapUI
RasGetHport
RasEditPhonebookEntryW
RasSetEntryDialParamsA
RasValidateEntryNameA
RasGetAutodialAddressA
RasSetCredentialsW
RasGetErrorStringW
RasSetEapUserDataA
RasGetSubEntryHandleA
RasGetCredentialsW
RasIsSharedConnection
RasEditPhonebookEntryA
RasValidateEntryNameW
RasGetConnectStatusW
RasGetEapUserDataA
RasGetEntryPropertiesW

Sections

.text
Size: 297KB - Virtual size: 297KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07732ea840ac67c5f978dad89d86257c

Headers

File Characteristics

Imports

mscms

wintrust

imm32

samlib

mswsock

rpcrt4

wininet

msacm32

secur32

kernel32

query

user32

comctl32

advapi32

comdlg32

rasapi32

Sections

.text Size: 297KB - Virtual size: 297KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 33KB - Virtual size: 117KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 297KB - Virtual size: 297KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 33KB - Virtual size: 117KB

.rsrc
Size: 2KB - Virtual size: 1KB