bf9cf30cb9009be8a332a687505906a1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bf9cf30cb9009be8a332a687505906a1_JaffaCakes118
Size

866KB
MD5

bf9cf30cb9009be8a332a687505906a1
SHA1

b3ea42a4329670f5415a451fea0aa2f1a18a1939
SHA256

2313d81886cf37d1af701ad4d2f6082056b17d89e41f7260e75beb403cd8624c
SHA512

6a67eaa7ded3650b4693fe990ce67a6c91fe440b92d275ba106197850b0799a9dac0e93bbba64e75377faeb4c749d8f41a2585c809c9be64fb24cfa183b47e79
SSDEEP

24576:y8GJkUPnQrXyq7408wL4FNEJ6CHeK0xYhmBsr:y8GqOQzK5wuS6eoxYhks

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf9cf30cb9009be8a332a687505906a1_JaffaCakes118

Files

bf9cf30cb9009be8a332a687505906a1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

58e8ec3c05eb0dbb6e915a289584241b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryW
GetConsoleMode
CompareStringW
lstrcmpiW
InterlockedExchange
QueryPerformanceCounter
LCMapStringA
LoadResource
GetShortPathNameW
SetEvent
GetOEMCP
GetProcessIoCounters
HeapAlloc
InitializeCriticalSectionAndSpinCount
GetProcessHeap
GetCurrentThreadId
GetLocaleInfoA
GetModuleFileNameW
DuplicateHandle
WideCharToMultiByte
DeleteFileW
WriteConsoleA
ReadProcessMemory
GetCurrentThread
GlobalUnlock
MoveFileW
CreateEventW
SetPriorityClass
GetLastError
TlsSetValue
FormatMessageW
GetCurrentProcessId
GetComputerNameW
GetStartupInfoA
VirtualFree
VirtualFreeEx
FindFirstFileW
SetVolumeLabelW
GetFileAttributesW
GetSystemTimeAsFileTime
TlsFree
Process32FirstW
GetCPInfo
SetFileAttributesW
WaitForSingleObject
Sleep
SetEnvironmentVariableW
GetPrivateProfileStringW
FreeLibrary
CompareStringA
CreateFileW
SetStdHandle
OutputDebugStringW
FindNextFileW
CopyFileW
SystemTimeToFileTime
MulDiv
ReadFile
GetSystemInfo
TlsAlloc
GetConsoleOutputCP
GetConsoleCP
QueryPerformanceFrequency
GlobalMemoryStatusEx
WritePrivateProfileStringW
GetFullPathNameW
GetStartupInfoW
ExitProcess
VirtualProtect
GlobalLock
IsValidCodePage
GetLocalTime
GetPrivateProfileSectionNamesW
UnhandledExceptionFilter
DeleteCriticalSection
LockResource
LoadLibraryExW
GetStdHandle
GetPrivateProfileSectionW
GetFileType
SetFilePointer
SetHandleCount
RemoveDirectoryW
ResumeThread
GetDiskFreeSpaceExW
GetTimeZoneInformation
GetDiskFreeSpaceW
CreateToolhelp32Snapshot
GetDateFormatA
IsDebuggerPresent
RtlUnwind
DeviceIoControl
RaiseException
GetModuleFileNameA
GetTempFileNameW
HeapSize
VirtualAlloc
LocalFileTimeToFileTime
FindClose
TerminateThread
SetEnvironmentVariableA
OpenProcess
LCMapStringW
FileTimeToSystemTime
Beep
WritePrivateProfileSectionW
GetTimeFormatA
CreatePipe
FileTimeToLocalFileTime
GetCommandLineW
GetVersionExW
GetWindowsDirectoryW
CreateThread
SetLastError
SetUnhandledExceptionFilter
GetDriveTypeW
GetCurrentDirectoryW
GetSystemDirectoryW
GetTempPathW
ExitThread
GlobalAlloc
GetProcAddress
GetExitCodeProcess
SetFilePointerEx
SetErrorMode
SetCurrentDirectoryW
CloseHandle
CreateFileA
LoadLibraryA
GetEnvironmentVariableW
Process32NextW
GlobalFree
FlushFileBuffers
GetTickCount
SizeofResource
MultiByteToWideChar
EnterCriticalSection
HeapFree
HeapReAlloc
GetCurrentProcess
GetACP
GetStringTypeA
FreeEnvironmentStringsW
CreateProcessW
InterlockedIncrement
GetFileSize
SetFileTime
LeaveCriticalSection
GetModuleHandleA
SetEndOfFile
InterlockedDecrement
WriteConsoleW
TlsGetValue
WriteFile
TerminateProcess
CreateHardLinkW
GetEnvironmentStringsW
LoadLibraryW
GetModuleHandleW
FindResourceW

user32

IsMenu
MessageBoxA
SetMenuDefaultItem
SetWindowPos
SetRect
IsZoomed
SetUserObjectSecurity
CreateWindowExW
LoadCursorW
DeleteMenu
DrawFocusRect
ReleaseDC
FrameRect
GetWindowRect
LoadStringW
MoveWindow
CloseDesktop
AdjustWindowRectEx
GetWindowThreadProcessId
WindowFromPoint
GetCursorPos
OpenWindowStationW
ReleaseCapture
IsWindowEnabled
GetDlgCtrlID
GetAsyncKeyState
TranslateMessage
SetForegroundWindow
GetKeyboardState
GetMenuStringW
ShowWindow
GetClientRect
IsClipboardFormatAvailable
GetClipboardData
DrawFrameControl
GetWindowTextLengthW
DefDlgProcW
PeekMessageW
KillTimer
GetMonitorInfoW
SetProcessWindowStation
UnregisterHotKey
OpenDesktopW
IsCharLowerW
EnumWindows
CloseWindowStation
CharLowerBuffW
CreateAcceleratorTableW
LockWindowUpdate
FillRect
IsCharUpperW
IsWindowVisible
SetWindowTextW
EnableWindow
IsDlgButtonChecked
SendInput
GetSysColor
GetClassNameW
wsprintfW
SetMenu
keybd_event
PostQuitMessage
SetKeyboardState
GetWindowTextW
SetActiveWindow
ClientToScreen
SetClipboardData
DefWindowProcW
RegisterWindowMessageW
GetClassLongW
DrawTextW
BeginPaint
EnumChildWindows
TrackPopupMenuEx
FindWindowExW
CharNextW
GetSubMenu
AttachThreadInput
CopyRect
FlashWindow
DestroyAcceleratorTable
CharUpperBuffW
SetFocus
DestroyIcon
GetMenu
GetKeyState
SetWindowLongW
GetDC
LoadImageW
CheckMenuRadioItem
GetForegroundWindow
GetWindowLongW
CopyImage
DrawMenuBar
LoadIconW
GetFocus
PostMessageW
CloseClipboard
IsWindow
VkKeyScanW
MonitorFromRect
ScreenToClient
CreateMenu
TranslateAcceleratorW
MessageBoxW
GetCursorInfo
GetMenuItemCount
IsDialogMessageW
GetActiveWindow
SendMessageTimeoutW
IsIconic
EndPaint
SetCapture
CountClipboardFormats
ExitWindowsEx
GetWindowDC
DestroyWindow
SendDlgItemMessageW
BlockInput
MessageBeep
EndDialog
MonitorFromPoint
EnumThreadWindows
GetMessageW
SetLayeredWindowAttributes
RegisterClassExW
GetUserObjectSecurity
GetSystemMetrics
RedrawWindow
DispatchMessageW
FindWindowW
InflateRect
RegisterHotKey
PtInRect
GetMenuItemID
SetCursor
OpenClipboard
mouse_event
EmptyClipboard
DestroyMenu
CreateIconFromResourceEx
IsCharAlphaW
GetMenuItemInfoW
GetKeyboardLayoutNameW
SetTimer
SetMenuItemInfoW
GetDesktopWindow
GetCaretPos
GetDlgItem
DialogBoxParamW
GetParent
MapVirtualKeyW
SendMessageW
SystemParametersInfoW
CreatePopupMenu
InvalidateRect
InsertMenuItemW
GetProcessWindowStation

gdi32

Ellipse
CreateFontW
CreateCompatibleBitmap
SelectObject
LineTo
CreateDCW
StrokePath
EndPath
GetPixel
DeleteObject
BeginPath
SetPixel
GetTextFaceW
StretchBlt
CloseFigure
SetViewportOrgEx
GetObjectW
ExtCreatePen
CreatePen
MoveToEx
SetBkColor
DeleteDC
StrokeAndFillPath
GetStockObject
CreateCompatibleDC
GetDeviceCaps
AngleArc
SetBkMode
SetTextColor
Rectangle
RoundRect
CreateSolidBrush
GetTextExtentPoint32W
PolyDraw
GetDIBits

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegConnectRegistryW
GetAclInformation
RegCreateKeyExW
GetLengthSid
InitiateSystemShutdownExW
RegDeleteValueW
CreateProcessWithLogonW
OpenThreadToken
OpenSCManagerW
AddAce
RegSetValueExW
RegOpenKeyExW
CreateProcessAsUserW
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
OpenProcessToken
LockServiceDatabase
RegEnumKeyExW
AdjustTokenPrivileges
LogonUserW
CopySid
RegCloseKey
GetTokenInformation
UnlockServiceDatabase
GetAce
LookupPrivilegeValueW
InitializeSecurityDescriptor
RegEnumValueW
RegDeleteKeyW
CloseServiceHandle
DuplicateTokenEx
RegQueryValueExW
InitializeAcl
GetUserNameW

shell32

SHGetFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ExtractIconExW
DragQueryFileW
SHBrowseForFolderW
SHFileOperationW
DragQueryPoint
DragFinish
SHEmptyRecycleBinW
ShellExecuteW
SHGetDesktopFolder
ShellExecuteExW
SHGetMalloc
Shell_NotifyIconW

ole32

CLSIDFromProgID
CreateStreamOnHGlobal
MkParseDisplayName
CoCreateInstance
IIDFromString
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
StringFromIID
CoInitializeSecurity
OleInitialize
CreateBindCtx
CoCreateInstanceEx
CoUninitialize
OleSetMenuDescriptor
CoSetProxyBlanket
OleSetContainedObject
OleUninitialize
CoInitialize
CLSIDFromString

oleaut32

OACreateTypeLib2
OleLoadPicture
GetActiveObject
SafeArrayAccessData
SafeArrayAllocData
VariantCopy
SafeArrayGetVartype
SafeArrayAllocDescriptorEx
LoadRegTypeLi
SafeArrayDestroyDescriptor
VariantInit
VarR8FromDec
SafeArrayUnaccessData
SysAllocString
VariantClear
VariantTimeToSystemTime

comctl32

InitCommonControlsEx
ImageList_DragMove
ImageList_Remove
ImageList_DragEnter
ImageList_Create
ImageList_Destroy
ImageList_EndDrag
ImageList_DragLeave
ImageList_ReplaceIcon
ImageList_BeginDrag
ImageList_SetDragCursorImage

shlwapi

SHQueryInfoKeyA

winmm

waveOutSetVolume
timeGetTime
mciSendStringW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

InternetReadFile
InternetQueryDataAvailable
InternetCloseHandle
InternetQueryOptionW
HttpQueryInfoW
InternetOpenUrlW
FtpGetFileSize
HttpSendRequestW
HttpOpenRequestW
InternetCrackUrlW
InternetConnectW
InternetSetOptionW
FtpOpenFileW
InternetOpenW

wsock32

WSACleanup
bind
gethostbyname
closesocket
listen
connect
sendto
WSAStartup
gethostname
inet_addr
htons
ntohs
ioctlsocket
send
__WSAFDIsSet
accept
socket
recv
select
WSAGetLastError
recvfrom
setsockopt

mpr

WNetGetConnectionW
WNetAddConnection2W
WNetUseConnectionW
WNetCancelConnection2W

psapi

EnumProcesses
EnumProcessModules
GetProcessMemoryInfo
GetModuleBaseNameW

userenv

CreateEnvironmentBlock
LoadUserProfileW
DestroyEnvironmentBlock
UnloadUserProfile

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kyup
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ryuw
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kyupl
Size: 512B - Virtual size: 386B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kuyul
Size: 491KB - Virtual size: 491KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58e8ec3c05eb0dbb6e915a289584241b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

winmm

version

wininet

wsock32

mpr

psapi

userenv

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 183KB

.kyup Size: 311KB - Virtual size: 311KB

.ryuw Size: 12KB - Virtual size: 11KB

.kyupl Size: 512B - Virtual size: 386B

.kuyul Size: 491KB - Virtual size: 491KB

.rsrc Size: 1024B - Virtual size: 640B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 183KB

.kyup
Size: 311KB - Virtual size: 311KB

.ryuw
Size: 12KB - Virtual size: 11KB

.kyupl
Size: 512B - Virtual size: 386B

.kuyul
Size: 491KB - Virtual size: 491KB

.rsrc
Size: 1024B - Virtual size: 640B

.reloc
Size: 5KB - Virtual size: 4KB