b4340082280513e07e304893ec2bcd7d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b4340082280513e07e304893ec2bcd7d_JaffaCakes118
Size

238KB
MD5

b4340082280513e07e304893ec2bcd7d
SHA1

976b5f71f02edc5b8c46971194a25f21c77c45ae
SHA256

5aa99ea0242fbf4f6d7aa1540be3e8113e195734a79eb6930adda190ddd6e1f1
SHA512

6760225cdaee6ff2ca4bf2530b40b1ecb3e797688ce8a98b121a36598c272baba3fbd8cb4036fce6d1e00f18a8abebf112e1a2fb377d3ce7a281bb270e004a29
SSDEEP

6144:3SVxfNA1tthRb1d0w7OGD+LbOiE5oeCbLxx8ok:iX+j6qEbOiE3CbLL8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4340082280513e07e304893ec2bcd7d_JaffaCakes118

Files

b4340082280513e07e304893ec2bcd7d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

93410a658fa1d0eec1546fcfccae060a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCreate
HeapFree
VirtualFree
FlushFileBuffers
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
InitializeCriticalSectionAndSpinCount
SetFilePointer
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
SetEndOfFile
GetProcessHeap
ReadFile
GetTickCount
GetLocalTime
Sleep
GetModuleFileNameA
GetCommandLineA
GetTempPathA
CreateDirectoryA
DeleteFileA
RemoveDirectoryA
MoveFileA
CreateMutexA
GetLastError
lstrcpyA
lstrcatA
lstrlenA
ExpandEnvironmentStringsA
GetFileAttributesExA
CreateThread
WaitForSingleObject
TerminateThread
CloseHandle
WriteFile
HeapDestroy
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryW
ExitProcess
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetLastError
TlsFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetModuleHandleW
TlsGetValue
GetProcAddress
IsBadReadPtr
HeapValidate
GetStartupInfoA
GetModuleFileNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement

user32

wsprintfA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyA

ole32

CoInitialize
GetClassFile

shell32

ShellExecuteA

shlwapi

PathFindFileNameA
PathFileExistsA
PathGetArgsA
PathRemoveBlanksA
PathIsDirectoryA

ws2_32

recv
closesocket
__WSAFDIsSet
select
connect
ioctlsocket
htons
socket
gethostbyname
WSAStartup
send

netapi32

Netbios

comsvcs

CoLeaveServiceDomain
CoCreateActivity

crypt32

CertSerializeCertificateStoreElement
CertGetPublicKeyLength
CryptMsgCalculateEncodedLength
CertFindAttribute
CertAddEncodedCertificateToSystemStoreW
CryptGetOIDFunctionAddress
CryptDecryptAndVerifyMessageSignature
CryptSetAsyncParam
CertOpenStore
CertOIDToAlgId
CertCloseStore
CryptUnregisterDefaultOIDFunction
CertFreeCertificateChainEngine
CryptSignAndEncodeCertificate
CryptDecodeMessage
CertControlStore
CryptSignMessageWithKey
CryptEnumOIDInfo
CryptGetOIDFunctionValue
CryptFindOIDInfo
PFXVerifyPassword
CertAddEncodedCTLToStore
CertAddEnhancedKeyUsageIdentifier
CertGetCertificateChain
CertGetIntendedKeyUsage
CryptVerifyMessageSignature
CertSetCertificateContextPropertiesFromCTLEntry
CryptEncryptMessage
CryptFindCertificateKeyProvInfo
CertAddCRLContextToStore
CryptHashToBeSigned
CryptUnregisterOIDInfo
CertEnumCTLContextProperties
CertDeleteCTLFromStore
CertDuplicateCertificateContext
CertIsRDNAttrsInCertificateName
CryptSignAndEncryptMessage
CryptSignMessage
CertRemoveStoreFromCollection
CertCreateCertificateChainEngine
CertFreeCertificateChain
CertVerifyCRLTimeValidity
CryptVerifyMessageSignatureWithKey
CertVerifyCRLRevocation
CertOpenSystemStoreW

iphlpapi

NotifyRouteChange
GetFriendlyIfIndex
SetIpNetEntry
EnableRouter
DeleteIPAddress
SetIpForwardEntry
GetPerAdapterInfo
GetBestInterfaceEx
GetInterfaceInfo
NhpAllocateAndGetInterfaceInfoFromStack
AddIPAddress
DeleteIpForwardEntry
SetIfEntry
CancelIPChangeNotify
IpReleaseAddress
GetExtendedUdpTable
GetExtendedTcpTable
GetIpErrorString
GetIpAddrTable
GetTcpStatisticsEx
GetIpStatistics
GetBestInterface
GetIpForwardTable
GetIcmpStatistics
SendARP
GetIpNetTable
GetBestRoute
GetUdpStatisticsEx
GetAdaptersInfo
NotifyAddrChange
DeleteIpNetEntry
CreateIpNetEntry
GetAdapterOrderMap
RestoreMediaSense
CreateIpForwardEntry
GetTcpTable
CreateProxyArpEntry
GetNumberOfInterfaces
GetUdpStatistics

msi

ord216
ord137
ord107
ord83
ord268
ord276
ord42
ord168
ord228
ord264
ord36
ord9
ord274
ord258
ord90
ord66
ord210
ord190
ord154
ord93
ord202
ord223
ord39
ord8
ord94
ord270
ord68
ord86
ord265
ord129
ord189
ord15
ord177
ord65
ord174
ord89
ord251
ord232
ord212
ord88
ord10
ord179
ord230
ord81
ord84
ord55
ord60
ord250
ord262
ord269
ord224
ord208
ord45
ord181
ord193
ord104
ord226
ord70
ord205
ord242
ord195
ord261
ord246
ord56
ord157
ord7
ord203
ord260
ord112
ord240
ord237
ord87
ord259
ord69
ord219
ord245
ord111
ord169
ord82
ord72
ord214
ord40
ord38
ord255
ord110
ord194
ord253
ord272

msimg32

TransparentBlt
GradientFill

msvfw32

ICDrawBegin
ICLocate
DrawDibDraw
DrawDibProfileDisplay
ICSeqCompressFrameEnd
ICImageDecompress
DrawDibOpen
ICSeqCompressFrameStart
ICGetInfo
ICSeqCompressFrame
DrawDibGetBuffer
ICCompress
ICSendMessage
ICGetDisplayFormat
ICOpen
ICCompressorFree
DrawDibTime
ICDraw
DrawDibBegin
ICOpenFunction
ord2
MCIWndCreateA
DrawDibGetPalette
DrawDibClose

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

93410a658fa1d0eec1546fcfccae060a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

shlwapi

ws2_32

netapi32

comsvcs

crypt32

iphlpapi

msi

msimg32

msvfw32

Sections

.text Size: 168KB - Virtual size: 167KB

.rdata Size: 64KB - Virtual size: 64KB

.data Size: 4KB - Virtual size: 21KB

.text
Size: 168KB - Virtual size: 167KB

.rdata
Size: 64KB - Virtual size: 64KB

.data
Size: 4KB - Virtual size: 21KB