b27a95ba65854272bc0f8bd87fd39135_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b27a95ba65854272bc0f8bd87fd39135_JaffaCakes118
Size

203KB
MD5

b27a95ba65854272bc0f8bd87fd39135
SHA1

5bd42ecc4b7833a7c0dea60ba58635af6803f9ed
SHA256

0456cbaa297f88139475fbc55593c20029a565a69cdb607c57c0cc49de0f7749
SHA512

cb541aa80004156db3599f0c72abe16916aab13ed6e4b16163f2d489273c1602ae7d050d0e3226a9456b6770dc1c2025343e860a098be94efad58f6d428990bd
SSDEEP

6144:y4qqDLMLb5s2a5Ftf176bSWHSic+yEF+6m0u8SvKUw4weKduVWdr1:ydqnMpsFf176bSiKq+6mp7xwp4VW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b27a95ba65854272bc0f8bd87fd39135_JaffaCakes118

Files

b27a95ba65854272bc0f8bd87fd39135_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1df4c391ac85b23a0011ab2170a9e053

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DuplicateHandle
GetCurrentProcessId
WriteProcessMemory
CreateRemoteThread
CreateDirectoryW
LoadLibraryW
lstrcmpiA
WTSGetActiveConsoleSessionId
SetFileAttributesW
GetLocalTime
GetThreadContext
SetThreadContext
GetProcessId
GetEnvironmentVariableW
FileTimeToDosDateTime
GetTempFileNameW
HeapReAlloc
FindFirstFileW
SetEndOfFile
HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
GetLogicalDriveStringsW
HeapFree
GetProcessHeap
SetFileTime
VirtualQueryEx
Thread32First
GetModuleFileNameW
ReadProcessMemory
HeapDestroy
HeapCreate
OpenEventW
Thread32Next
GetTimeZoneInformation
MultiByteToWideChar
lstrlenW
GetTempPathW
GetFileSizeEx
OpenMutexW
VirtualProtectEx
VirtualAllocEx
FindClose
RemoveDirectoryW
QueryDosDeviceW
FindNextFileW
VirtualProtect
GetFileTime
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
GetFileInformationByHandle
GlobalLock
GlobalUnlock
GetFileAttributesW
GetTickCount
TlsSetValue
TlsGetValue
VirtualAlloc
VirtualFree
LocalFree
GetVersionExW
GetNativeSystemInfo
DeleteFileW
GetFileAttributesExW
VirtualFreeEx
GetComputerNameW
SetErrorMode
GetCommandLineW
ExitProcess
GetPrivateProfileIntW
FlushFileBuffers
CreateFileW
GetPrivateProfileStringW
GetModuleHandleW
GetModuleHandleA
IsBadReadPtr
lstrcpynW
GetUserDefaultUILanguage
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
TerminateProcess
Sleep
OpenProcess
MoveFileExW
WaitForMultipleObjects
CreatePipe
ReadFile
WriteFile
SetHandleInformation
CreateProcessW
ReleaseMutex
LoadLibraryA
GetProcAddress
FreeLibrary
CreateThread
GetSystemTime
ExitThread
lstrcmpiW
GetCurrentProcess
ResetEvent
EnterCriticalSection
SetLastError
GetLastError
LeaveCriticalSection
InitializeCriticalSection
TlsFree
TlsAlloc
GetCurrentThreadId
CreateEventW
CreateFileMappingW
SetThreadPriority
GetCurrentThread
SetEvent
UnmapViewOfFile
MapViewOfFile
CreateMutexW
WaitForSingleObject
ExpandEnvironmentStringsW
CloseHandle
WideCharToMultiByte

user32

CharLowerBuffA
MessageBoxA
EndPaint
GetUpdateRgn
GetMessageW
GetWindowDC
FillRect
GetWindowInfo
DrawEdge
BeginPaint
GetUpdateRect
IntersectRect
GetDCEx
EqualRect
PrintWindow
IsRectEmpty
GetKeyboardLayoutList
PostMessageW
GetSystemMetrics
DrawIcon
GetIconInfo
GetCursorPos
RegisterClassExA
RegisterWindowMessageW
GetThreadDesktop
GetMenuItemID
GetClassLongW
GetSubMenu
DefDlgProcW
DefFrameProcA
OpenInputDesktop
OpenDesktopW
MenuItemFromPoint
CharToOemW
GetMessagePos
MapWindowPoints
ReleaseCapture
IsWindow
GetKeyboardState
ToUnicode
CreateDesktopW
SetProcessWindowStation
CloseWindowStation
CreateWindowStationW
GetProcessWindowStation
CloseDesktop
SetThreadDesktop
OpenWindowStationW
GetTopWindow
LoadImageW
MsgWaitForMultipleObjects
WindowFromPoint
CharLowerA
CharUpperW
SetWindowLongW
GetWindow
DispatchMessageW
TranslateMessage
GetMessageA
GetClipboardData
GetWindowRect
SetCapture
MapVirtualKeyW
GetParent
GetDC
GetMenu
RegisterClassExW
GetCapture
SetCursorPos
GetWindowLongW
GetAncestor
PeekMessageW
PeekMessageA
GetMenuItemRect
TrackPopupMenuEx
SystemParametersInfoW
GetClassNameW
ReleaseDC
GetMenuState
DefWindowProcA
DefMDIChildProcW
SwitchDesktop
GetMenuItemCount
DefDlgProcA
PostThreadMessageW
DefMDIChildProcA
HiliteMenuItem
RegisterClassW
GetUserObjectInformationW
SendMessageW
CallWindowProcA
SetWindowPos
SetKeyboardState
SendMessageTimeoutW
EndMenu
CallWindowProcW
DefWindowProcW
DefFrameProcW
GetWindowThreadProcessId
RegisterClassA
GetShellWindow
ExitWindowsEx
CharLowerW

advapi32

InitiateSystemShutdownExW
RegCreateKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumValueW
RegCloseKey
ConvertSidToStringSidW
IsWellKnownSid
GetLengthSid
RegEnumKeyW
RegQueryValueExW
EqualSid
CreateProcessAsUserA
CreateProcessAsUserW
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptCreateHash
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegSetValueExW
CryptHashData
SetSecurityInfo
RegEnumKeyExW

shlwapi

PathSkipRootW
StrStrIW
StrStrIA
wvnsprintfA
StrCmpNIA
PathMatchSpecW
PathAddExtensionW
PathCombineW
SHDeleteKeyW
PathIsURLW
SHDeleteValueW
PathAddBackslashW
PathFindFileNameW
PathIsDirectoryW
wvnsprintfW
UrlUnescapeA
StrCmpNIW
PathRenameExtensionW
PathRemoveFileSpecW
PathQuoteSpacesW
PathRemoveBackslashW
PathUnquoteSpacesW

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW

secur32

GetUserNameExW

ole32

CoSetProxyBlanket
CoUninitialize
CLSIDFromString
StringFromGUID2
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoCreateInstance

gdi32

CreateCompatibleBitmap
SelectObject
DeleteObject
GetDeviceCaps
DeleteDC
RestoreDC
SaveDC
SetRectRgn
GdiFlush
SetViewportOrgEx
GetDIBits
CreateDIBSection
CreateCompatibleDC

ws2_32

WSAEventSelect
send
gethostbyname
closesocket
WSASend
getaddrinfo
inet_addr
getpeername
freeaddrinfo
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
shutdown
setsockopt
getsockname
accept
WSAGetLastError
sendto
select
recvfrom
listen
WSASetLastError
socket
bind
recv

crypt32

CryptUnprotectData
PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore

wininet

InternetReadFileExA
InternetReadFile
HttpSendRequestW
GetUrlCacheEntryInfoW
HttpOpenRequestA
InternetSetOptionA
InternetQueryOptionW
InternetOpenA
InternetCrackUrlA
InternetSetStatusCallbackA
InternetConnectA
InternetQueryOptionA
InternetCloseHandle
HttpEndRequestW
HttpSendRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetSetFilePointer
HttpOpenRequestW
InternetQueryDataAvailable
HttpAddRequestHeadersW
HttpSendRequestExA
HttpQueryInfoA
HttpSendRequestExW
InternetSetStatusCallbackW

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

waveOutGetVolume
PlaySoundA
PlaySoundW
waveOutSetVolume

Sections

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1df4c391ac85b23a0011ab2170a9e053

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

version

winmm

Sections

.text Size: 192KB - Virtual size: 192KB

.data Size: 2KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 192KB - Virtual size: 192KB

.data
Size: 2KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 7KB