b27ef32b591993f602568578935a1935_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b27ef32b591993f602568578935a1935_JaffaCakes118
Size

425KB
MD5

b27ef32b591993f602568578935a1935
SHA1

2aea8161924bf2ac0f16504b5315d8d2593081ec
SHA256

032f66989980d4e02b7ecbeda7be1602cd1ed4ae999250463faa3f0a17cd31f7
SHA512

c0b306609cc7bfed81295a21ed12f20d4d270fff483d3965ae93dda5489772379cc7725d61f8c159752fb924910b96e588dbb2fd516db8060f083ee6d9ac2b34
SSDEEP

6144:55C6rScJmaaxtqxFuSaUjBtEayRdByZwtI8jbV2sA1KLs0rH+bMKhimalVtEE+:ntSBjKFuEHv6yZweiV2spxH+bMESl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b27ef32b591993f602568578935a1935_JaffaCakes118

Files

b27ef32b591993f602568578935a1935_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ced461204210a772528e1f2fe5326e92

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2help

WahCloseThread

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

rpcrt4

NdrClientCall2
RpcNetworkIsProtseqValidA
UuidCreate
UuidToStringA
RpcStringFreeA
RpcBindingFree
RpcBindingFromStringBindingA
RpcEpResolveBinding
RpcStringBindingComposeA

msvcrt

memmove
_ltow
wcschr
strtoul
wcscmp
_wtol
_initterm
free
_wcsnicmp
iswspace
_except_handler3
_wcsicmp
wcsrchr
_purecall
wcslen
wcscpy
swprintf
_adjust_fdiv
_vsnwprintf
wcscat
wcsncpy
strtok
_stricmp
malloc
iswprint
_itow

ntdll

NtAllocateVirtualMemory

gdi32

GetDeviceCaps
SetBkColor
CreateCompatibleBitmap
GetObjectA
CreateBitmap
DeleteObject
GetBkColor
GetTextExtentPoint32W
BitBlt
DeleteDC
GetObjectW
SelectObject
CreateCompatibleDC
CreateFontIndirectW
CreateDIBitmap
SetPixel
RealizePalette
CreatePalette
CreateFontIndirectA
SelectPalette

wininet

InternetCanonicalizeUrlW
InternetCrackUrlW

kernel32

WideCharToMultiByte
GetLastError
CreateFileA
GetVersionExA
FindResourceA
LoadLibraryExA
GetDateFormatA
lstrcatA
LeaveCriticalSection
lstrlenA
Beep
lstrcpyA
DeleteFileW
GetCurrentProcessId
GetFileSize
InitializeCriticalSection
FormatMessageW
SetFilePointer
QueryPerformanceCounter
GetModuleHandleA
SetEndOfFile
LockResource
GetModuleHandleW
SystemTimeToFileTime
GetLocalTime
lstrlenW
LoadResource
GetTickCount
CloseHandle
GetTimeFormatA
MapViewOfFile
SetUnhandledExceptionFilter
EnterCriticalSection
FileTimeToLocalFileTime
MulDiv
GetSystemTimeAsFileTime
GlobalFree
InterlockedCompareExchange
LocalAlloc
SetLastError
GetModuleFileNameW
Sleep
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
CompareStringW
GetDateFormatW
GetACP
GetProcAddress
UnmapViewOfFile
LocalFree
GetCurrentProcess
LocalReAlloc
OutputDebugStringA
DeleteCriticalSection
CompareStringA
GetComputerNameExW
GlobalAlloc
CreateFileW
GetUserDefaultLCID
GetComputerNameW
FreeResource
GetCurrentThreadId
GetCurrentDirectoryW
LoadLibraryW
MultiByteToWideChar
FileTimeToSystemTime
GetTimeFormatW
TerminateProcess
DisableThreadLibraryCalls
CompareFileTime
CreateFileMappingA
GlobalLock
DelayLoadFailureHook
UnhandledExceptionFilter
GlobalUnlock
LoadLibraryA
GetCurrentThread
lstrcmpA
WriteFile

netapi32

NetApiBufferFree
DsGetDcNameW
NetGetDCName

wintrust

TrustIsCertificateSelfSigned
WTHelperGetProvSignerFromChain
WTHelperGetKnownUsages
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WintrustGetDefaultForUsage
WinVerifyTrustEx

advapi32

RegEnumKeyExW
FreeSid
GetTokenInformation
RegQueryInfoKeyA
QueryServiceConfigA
CryptGetKeyParam
RegQueryValueExA
CryptAcquireContextW
CryptGetProvParam
AllocateAndInitializeSid
GetUserNameW
RegSetValueExA
RegCreateKeyExW
RegOpenKeyExW
RegEnumValueA
CloseServiceHandle
ChangeServiceConfigA
StartServiceW
RegEnumValueW
LockServiceDatabase
OpenProcessToken
UnlockServiceDatabase
CryptDestroyKey
OpenSCManagerW
RegSetValueExW
RegCreateKeyExA
RegCloseKey
OpenThreadToken
CryptReleaseContext
CryptAcquireContextA
StartServiceA
RegQueryValueExW
RegOpenKeyExA
EqualSid
RegEnumKeyExA
ControlService
CryptSetProvParam
QueryServiceStatus
OpenServiceW
DuplicateToken
CryptGetUserKey

crypt32

CertEnumSystemStore
CertGetStoreProperty
CertFindCertificateInStore
CryptFormatObject
CertGetCRLFromStore
CertGetSubjectCertificateFromStore
CertFreeCTLContext
PFXVerifyPassword
CryptEnumOIDInfo
CryptFindOIDInfo
CertFindExtension
CertAddCertificateContextToStore
CertGetCTLContextProperty
CertFindCTLInStore
CertFreeCertificateChainEngine
CertCreateCTLContext
CryptMsgControl
CertFindAttribute
CryptSIPRetrieveSubjectGuid
CertEnumCTLsInStore
CertSetEnhancedKeyUsage
CryptGetDefaultOIDFunctionAddress
CertGetCertificateChain
CertOpenStore
CryptMsgVerifyCountersignatureEncoded
CertDuplicateStore
PFXExportCertStore
CertFreeCertificateChain
CertFreeCRLContext
CryptAcquireCertificatePrivateKey
PFXImportCertStore
CertFreeCertificateContext
CryptGetDefaultOIDDllList
CryptMsgClose
CertGetEnhancedKeyUsage
CryptMsgGetParam
CertCompareCertificate
CertSetCTLContextProperty
CryptBinaryToStringA
CertEnumCertificatesInStore
CertSaveStore
CryptDecodeObject
CertGetCertificateContextProperty
CryptFindLocalizedName
CryptDecodeObjectEx
CertDeleteCertificateFromStore
PFXExportCertStoreEx
CryptInitOIDFunctionSet
CertGetPublicKeyLength
CertDuplicateCertificateContext
CryptEncodeObject
CryptQueryObject
CryptMsgDuplicate
CertFindCRLInStore
CertEnumPhysicalStore
CertCloseStore
CertAddCRLContextToStore
CertSetCertificateContextProperty
CryptMsgOpenToDecode
CertAddCTLContextToStore
CertNameToStrW
CertVerifyTimeValidity
CryptMsgUpdate
CryptFindCertificateKeyProvInfo
CryptFreeOIDFunctionAddress
CertCreateCertificateContext
CertGetValidUsages
CertCreateCertificateChainEngine
CertGetNameStringW
CryptMsgEncodeAndSignCTL

shlwapi

PathUndecorateW
PathFindFileNameW
StrCmpNIW

user32

GetDialogBaseUnits
GetWindow
LoadStringW
PostMessageA
PostMessageW
UpdateWindow
SetWindowTextW
CopyRect
GetWindowTextW
LoadCursorA
LoadStringA
IsWindowVisible
ShowWindow
SetDlgItemTextW
BeginPaint
SetDlgItemInt
GetFocus
GetWindowLongA
CreateWindowExW
GetUpdateRect
ReleaseDC
FillRect
GetDlgItem
GetParent
SetRect
CheckRadioButton
GetSysColor
IsDlgButtonChecked
RegisterClipboardFormatA
SendMessageW
DrawTextExW
MessageBoxExW
EndDialog
MessageBoxW
GetClientRect
DestroyIcon
DrawIcon
EndPaint
LoadBitmapW
ReleaseCapture
InvalidateRect
SendMessageA
LoadIconA
GetWindowRect
CreateWindowExA
LoadCursorW
DestroyWindow
DialogBoxParamW
SetClassLongA
MoveWindow
PeekMessageA
GetWindowDC
GetDesktopWindow
SetWindowPos
MapDialogRect
GetDlgItemTextA
SetCapture
MapWindowPoints
SystemParametersInfoA
EnableWindow
DrawFocusRect
SetWindowLongA
GetMonitorInfoW
GetWindowLongW
MonitorFromWindow
GetSysColorBrush
SendDlgItemMessageA
GetDlgItemInt
SetCursor
WinHelpW
SendDlgItemMessageW
CallWindowProcA
SetFocus
GetDlgItemTextW
GetNextDlgTabItem
SetWindowLongW
IsWindowEnabled
GetDC
wsprintfA
SetWindowTextA

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 936KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 273KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ced461204210a772528e1f2fe5326e92

Headers

File Characteristics

Imports

ws2help

version

rpcrt4

msvcrt

ntdll

gdi32

wininet

kernel32

netapi32

wintrust

advapi32

crypt32

shlwapi

user32

Sections

.text Size: 51KB - Virtual size: 51KB

.reloc Size: 512B - Virtual size: 28B

.rsrc Size: 29KB - Virtual size: 28KB

.data Size: 69KB - Virtual size: 936KB

.rdata Size: 273KB - Virtual size: 273KB

.text
Size: 51KB - Virtual size: 51KB

.reloc
Size: 512B - Virtual size: 28B

.rsrc
Size: 29KB - Virtual size: 28KB

.data
Size: 69KB - Virtual size: 936KB

.rdata
Size: 273KB - Virtual size: 273KB