c06d4a8855971be9e1c834f8ee045137_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c06d4a8855971be9e1c834f8ee045137_JaffaCakes118
Size

224KB
MD5

c06d4a8855971be9e1c834f8ee045137
SHA1

8fbe8ba5459cfe3effa0ec32627ed15a8c7f0ea8
SHA256

abb239fc351fc80c70efed1d6cf4b64b4c4e4de9d27e4a532e967b3c7ea6a8b9
SHA512

9ab7c347e627dd849056a1e9c1f1978fdc97c3a6dd59157016ef315abd6a8327a60bbbf6ed564f4ce9dc203201d916820f1b87f4dc54032b8037760716470f64
SSDEEP

6144:B5qqDLDdOIzbaolZesOEbPgpvodPHFxVpoa9KRH:B0qnDdjzbHHPSvk/oUKJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c06d4a8855971be9e1c834f8ee045137_JaffaCakes118

Files

c06d4a8855971be9e1c834f8ee045137_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1b32a91ff833ad7e8aac566bbd4af7b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLogicalDriveStringsW
HeapFree
GetProcessHeap
IsBadReadPtr
SetFileTime
VirtualQueryEx
OpenProcess
Thread32First
WideCharToMultiByte
ReadProcessMemory
HeapDestroy
HeapCreate
lstrcpynW
Thread32Next
ReadFile
GetTimeZoneInformation
MultiByteToWideChar
lstrlenW
GetTempPathW
GetFileSizeEx
OpenMutexW
VirtualProtectEx
VirtualAllocEx
FindClose
RemoveDirectoryW
CreateDirectoryW
FindNextFileW
VirtualProtect
CreateToolhelp32Snapshot
GetFileTime
SetFilePointerEx
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
WriteProcessMemory
GetCommandLineW
SetErrorMode
GetComputerNameW
OpenEventW
DuplicateHandle
GetCurrentProcessId
CreateRemoteThread
Process32FirstW
Process32NextW
SetHandleInformation
CreatePipe
MoveFileExW
GetUserDefaultUILanguage
GetModuleHandleA
TlsGetValue
TlsSetValue
TerminateProcess
FlushFileBuffers
CreateFileW
GetFileAttributesW
WriteFile
ExpandEnvironmentStringsW
GetPrivateProfileIntW
LoadLibraryW
GetPrivateProfileStringW
VirtualFree
GetModuleFileNameW
GetCurrentProcess
SystemTimeToFileTime
HeapAlloc
CreateProcessW
SetEndOfFile
FindFirstFileW
HeapReAlloc
GetTempFileNameW
FileTimeToDosDateTime
GetEnvironmentVariableW
WaitForMultipleObjects
SetFileAttributesW
WTSGetActiveConsoleSessionId
lstrcmpiA
ReleaseMutex
Sleep
GetModuleHandleW
ExitThread
ResetEvent
SetLastError
GetFileAttributesExW
GetProcessId
VirtualAlloc
VirtualFreeEx
SetThreadContext
GetThreadContext
ExitProcess
CreateThread
GetSystemTime
GetLocalTime
GetLastError
EnterCriticalSection
GlobalUnlock
LeaveCriticalSection
InitializeCriticalSection
CreateMutexW
GetTickCount
GlobalLock
lstrcmpiW
LoadLibraryA
GetProcAddress
FreeLibrary
LocalFree
GetVersionExW
GetNativeSystemInfo
TlsFree
CloseHandle
TlsAlloc
GetCurrentThreadId
CreateEventW
CreateFileMappingW
SetThreadPriority
GetCurrentThread
SetEvent
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
QueryDosDeviceW

user32

MapVirtualKeyW
PostMessageW
EndPaint
GetMessageA
GetUpdateRgn
GetMessageW
GetWindowDC
SetCapture
BeginPaint
GetUpdateRect
GetCapture
SetCursorPos
PeekMessageW
GetDCEx
PeekMessageA
ReleaseCapture
OpenWindowStationW
GetKeyboardState
GetClipboardData
ToUnicode
DrawIcon
GetIconInfo
GetCursorPos
RegisterClassExA
RegisterWindowMessageW
GetThreadDesktop
CharUpperW
SetKeyboardState
GetSubMenu
DefDlgProcW
DefFrameProcA
OpenInputDesktop
OpenDesktopW
SetThreadDesktop
CloseDesktop
GetProcessWindowStation
CreateWindowStationW
CloseWindowStation
FillRect
DrawEdge
IntersectRect
EqualRect
PrintWindow
CharLowerBuffA
GetSystemMetrics
GetWindowRect
GetParent
GetWindowInfo
GetClassLongW
GetAncestor
SetWindowPos
IsWindow
MapWindowPoints
IsRectEmpty
CharLowerW
MessageBoxA
GetKeyboardLayoutList
GetTopWindow
LoadImageW
WindowFromPoint
MsgWaitForMultipleObjects
GetWindowLongW
CharLowerA
TranslateMessage
MenuItemFromPoint
GetDC
GetMenu
SetWindowLongW
SendMessageTimeoutW
GetWindow
DispatchMessageW
CharToOemW
ExitWindowsEx
RegisterClassExW
GetMenuItemRect
TrackPopupMenuEx
SystemParametersInfoW
GetClassNameW
ReleaseDC
GetMenuState
DefWindowProcA
DefMDIChildProcW
SwitchDesktop
GetMenuItemCount
DefDlgProcA
PostThreadMessageW
DefMDIChildProcA
HiliteMenuItem
RegisterClassW
GetUserObjectInformationW
SendMessageW
CreateDesktopW
GetMenuItemID
SetProcessWindowStation
CallWindowProcA
EndMenu
CallWindowProcW
DefWindowProcW
DefFrameProcW
GetWindowThreadProcessId
RegisterClassA
GetShellWindow
GetMessagePos

advapi32

ConvertSidToStringSidW
CreateProcessAsUserA
CreateProcessAsUserW
RegCreateKeyW
RegEnumKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSecurityDescriptorSacl
InitiateSystemShutdownExW
EqualSid
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptCreateHash
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegSetValueExW
CryptHashData
IsWellKnownSid
GetLengthSid
RegDeleteValueW
RegEnumValueW

shlwapi

SHDeleteKeyW
PathQuoteSpacesW
wvnsprintfA
StrCmpNIA
PathMatchSpecW
PathRemoveBackslashW
PathUnquoteSpacesW
PathAddExtensionW
PathCombineW
StrStrIA
PathSkipRootW
SHDeleteValueW
PathAddBackslashW
PathFindFileNameW
PathIsDirectoryW
wvnsprintfW
UrlUnescapeA
PathRenameExtensionW
StrCmpNIW
PathIsURLW
StrStrIW
PathRemoveFileSpecW

shell32

CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW

secur32

GetUserNameExW

ole32

CoSetProxyBlanket
CoUninitialize
CLSIDFromString
StringFromGUID2
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoCreateInstance

gdi32

CreateCompatibleBitmap
SelectObject
DeleteObject
GetDeviceCaps
DeleteDC
GetDIBits
CreateDIBSection
RestoreDC
SaveDC
SetRectRgn
GdiFlush
SetViewportOrgEx
CreateCompatibleDC

ws2_32

getsockname
select
getaddrinfo
recvfrom
getpeername
send
gethostbyname
closesocket
WSASend
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
WSAGetLastError
shutdown
setsockopt
sendto
recv
freeaddrinfo
accept
WSAEventSelect
listen
WSASetLastError
socket
bind
inet_addr

crypt32

PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
CryptUnprotectData
PFXImportCertStore

wininet

HttpAddRequestHeadersA
InternetOpenA
InternetCloseHandle
HttpSendRequestExA
InternetQueryDataAvailable
InternetSetOptionA
InternetQueryOptionW
InternetQueryOptionA
HttpEndRequestW
HttpSendRequestA
HttpEndRequestA
InternetSetFilePointer
HttpOpenRequestW
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpSendRequestW
InternetReadFile
InternetReadFileExA
HttpOpenRequestA
HttpSendRequestExW
InternetConnectA
InternetSetStatusCallbackA
InternetCrackUrlA
HttpQueryInfoA

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

waveOutGetVolume
PlaySoundA
PlaySoundW
waveOutSetVolume

Sections

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b32a91ff833ad7e8aac566bbd4af7b0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

version

winmm

Sections

.text Size: 192KB - Virtual size: 192KB

.data Size: 12KB - Virtual size: 12KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 192KB - Virtual size: 192KB

.data
Size: 12KB - Virtual size: 12KB

.reloc
Size: 16KB - Virtual size: 16KB