bf149b918c23fc43a7b9fa412c331177_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bf149b918c23fc43a7b9fa412c331177_JaffaCakes118
Size

292KB
MD5

bf149b918c23fc43a7b9fa412c331177
SHA1

aa8b3675108b23fed9dd065511b2d3255c019158
SHA256

9eebf8a3e21cbbc53fd423b18ff1eb120b5177a56dbbd70d2730c97aef6a0276
SHA512

ec6bc3de7ea0e327394a6fdb65ef67656fff362a22a1e64d995094af88ddc59ed788aa62f01e49406243af627d0cdd20931ee1244ce670b0d8808bb741e2567b
SSDEEP

6144:/qsl3QOD5/PYZs0QD0naaIyQ37CvuYKUDeTs3JGyBvnmiG:/qsl33HYZfQD0aaQ3mPzesJGyo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf149b918c23fc43a7b9fa412c331177_JaffaCakes118

Files

bf149b918c23fc43a7b9fa412c331177_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b06a62109125c7fc6c616ff473dba590

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcslen
_adjust_fdiv
malloc
_initterm
free
wcschr
wcsrchr
_vsnwprintf
_purecall
memmove
strtoul
_wcsnicmp
_ltow
_wtol
swprintf
iswspace
iswprint
strtok
_stricmp
wcsncpy
_wcsicmp
_itow
wcscat
wcscmp
wcscpy
??3@YAXPAX@Z
??2@YAPAXI@Z
_except_handler3

kernel32

MapViewOfFile
DeleteFileW
GetCurrentDirectoryW
GetComputerNameW
SystemTimeToFileTime
WriteFile
LoadLibraryExA
lstrcatA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
WideCharToMultiByte
GetUserDefaultLCID
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
MultiByteToWideChar
LocalReAlloc
lstrlenA
lstrcpyA
LoadLibraryA
FormatMessageW
lstrlenW
lstrcmpA
FindResourceA
LoadResource
LockResource
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetVersionExA
DisableThreadLibraryCalls
FreeLibrary
OutputDebugStringA
LoadLibraryW
CompareFileTime
GetSystemTimeAsFileTime
CreateFileMappingA
InitializeCriticalSection
GetModuleFileNameW
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
LocalFree
GetCurrentThread
GetCurrentProcess
CloseHandle
SetLastError
GetProcAddress
GetModuleHandleW
GetLastError
GetModuleHandleA
SetEndOfFile
SetFilePointer
GetLocalTime
CreateFileA
ExpandEnvironmentStringsA
Sleep
DelayLoadFailureHook
GetFileSize
UnmapViewOfFile
GetComputerNameExW
ExpandEnvironmentStringsW
CreateFileW
GetACP
MulDiv
CompareStringA
CompareStringW
GetDateFormatA
GetTimeFormatA
DeleteCriticalSection

advapi32

GetUserNameW
FreeSid
EqualSid
AllocateAndInitializeSid
CloseServiceHandle
StartServiceW
UnlockServiceDatabase
CryptGetUserKey
CryptDestroyKey
CryptSetProvParam
CryptAcquireContextW
CryptGetProvParam
CryptReleaseContext
RegQueryValueExA
RegCreateKeyExW
RegSetValueExW
RegSetValueExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenThreadToken
OpenProcessToken
GetTokenInformation
CryptGetKeyParam
RegOpenKeyExA
DuplicateToken
RegCreateKeyExA
RegEnumKeyExA
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
RegQueryInfoKeyA
QueryServiceStatus
StartServiceA
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceConfigA
LockServiceDatabase
ChangeServiceConfigA
CryptAcquireContextA

wintrust

WinVerifyTrustEx
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WintrustGetDefaultForUsage
WTHelperGetKnownUsages
TrustIsCertificateSelfSigned

crypt32

CertFindCertificateInStore
CertSetEnhancedKeyUsage
CryptInitOIDFunctionSet
CryptGetDefaultOIDDllList
CryptGetDefaultOIDFunctionAddress
CryptFreeOIDFunctionAddress
CryptFindOIDInfo
CertGetValidUsages
CertFreeCertificateContext
CertDuplicateCertificateContext
CertDuplicateStore
CertGetEnhancedKeyUsage
CertFindExtension
CryptDecodeObject
CryptEncodeObject
CertGetSubjectCertificateFromStore
CertOpenStore
CertCloseStore
CertGetCertificateContextProperty
CertGetPublicKeyLength
CertGetCTLContextProperty
CryptMsgGetParam
CryptMsgClose
CryptMsgUpdate
CryptMsgOpenToDecode
CryptMsgVerifyCountersignatureEncoded
CertFindAttribute
CryptMsgControl
CryptFormatObject
CertGetNameStringW
CertGetStoreProperty
CryptMsgDuplicate
CertFreeCTLContext
CryptQueryObject
CryptFindLocalizedName
CertEnumSystemStore
CertEnumPhysicalStore
CertCompareCertificate
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertSaveStore
CertDeleteCertificateFromStore
CryptEnumOIDInfo
CryptMsgEncodeAndSignCTL
CertAddCTLContextToStore
CertSetCTLContextProperty
CertCreateCTLContext
CryptSIPRetrieveSubjectGuid
CryptDecodeObjectEx
CertEnumCTLsInStore
CertVerifyTimeValidity
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertGetCertificateChain
CertCreateCertificateChainEngine
PFXExportCertStore
PFXExportCertStoreEx
CryptAcquireCertificatePrivateKey
CertFreeCRLContext
CertGetCRLFromStore
PFXVerifyPassword
CertAddCRLContextToStore
CertFindCTLInStore
CertFindCRLInStore
CryptFindCertificateKeyProvInfo
PFXImportCertStore
CertCreateCertificateContext
CertNameToStrW
CertSetCertificateContextProperty

user32

MapDialogRect
SetRect
CreateWindowExW
PostMessageW
DestroyIcon
CheckRadioButton
IsDlgButtonChecked
GetSysColor
IsWindowVisible
GetDialogBaseUnits
GetFocus
UpdateWindow
GetNextDlgTabItem
GetClientRect
DrawFocusRect
LoadCursorA
SetCursor
GetWindowRect
MapWindowPoints
FillRect
InvalidateRect
GetSysColorBrush
LoadBitmapW
GetDesktopWindow
LoadStringA
SendDlgItemMessageA
SetDlgItemTextW
SendMessageA
SetWindowTextA
GetDC
ReleaseDC
WinHelpW
ShowWindow
GetDlgItem
GetWindowTextW
EnableWindow
SetFocus
DialogBoxParamW
PeekMessageA
IsWindowEnabled
LoadIconA
GetUpdateRect
CallWindowProcA
BeginPaint
EndPaint
DrawIcon
wsprintfA
SetWindowPos
GetParent
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
GetDlgItemTextA
SetClassLongA
GetWindowLongA
MonitorFromWindow
GetMonitorInfoW
GetWindow
CopyRect
LoadCursorW
DestroyWindow
SystemParametersInfoA
MessageBoxExW
PostMessageA
RegisterClipboardFormatA
CreateWindowExA
MoveWindow
GetWindowDC
SetCapture
SetWindowLongA
ReleaseCapture
GetWindowLongW
DrawTextExW
SendDlgItemMessageW
EndDialog
SetWindowLongW
SetWindowTextW
SendMessageW
LoadStringW
MessageBoxW

gdi32

CreatePalette
CreateDIBitmap
RealizePalette
SelectPalette
SelectObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
SetBkColor
CreateBitmap
GetObjectA
GetTextExtentPoint32W
GetBkColor
CreateFontIndirectA
GetDeviceCaps
CreateFontIndirectW
GetObjectW
SetPixel
DeleteObject

rpcrt4

RpcNetworkIsProtseqValidA
RpcBindingFromStringBindingA
RpcBindingFree
UuidCreate
UuidToStringA
RpcStringFreeA
NdrClientCall2
RpcStringBindingComposeA
RpcEpResolveBinding

netapi32

DsGetDcNameW
NetGetDCName
NetApiBufferFree

wininet

InternetCrackUrlW
InternetCanonicalizeUrlW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Exports

Exports

pnihdalldack
RunmmfocxPokiesc

Sections

.text
Size: 41KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 232KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b06a62109125c7fc6c616ff473dba590

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

advapi32

wintrust

crypt32

user32

gdi32

rpcrt4

netapi32

wininet

version

Exports

Exports

Sections

.text Size: 41KB - Virtual size: 43KB

.data Size: 232KB - Virtual size: 418KB

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 41KB - Virtual size: 43KB

.data
Size: 232KB - Virtual size: 418KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 8KB - Virtual size: 8KB