c08ed0175de9983674f527b550ef10ce_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c08ed0175de9983674f527b550ef10ce_JaffaCakes118
Size

240KB
MD5

c08ed0175de9983674f527b550ef10ce
SHA1

20e9f239fc15a51df39d328f18a620b38b7f10ec
SHA256

69c035a1163a685daffc8744c09efe8ffcb970a85b8cffb14e08bfb56074f5a7
SHA512

9c04973440908231a4a5c74aae3b3115181222213b2c156508b991b4f7d41b341ed2105ec9cf671351b7e2ba95248a0e451ad3a7d27d955d5651a63514adb160
SSDEEP

3072:pI+p6/q9goFbzfud2IVsmGW/zq+aHaGeuXYkllgzFXGoaWns3c7eyQA8MeMkMVjM:Mq3bzfu9VlZ/m+aHt+kl+zFXJsSZkM6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c08ed0175de9983674f527b550ef10ce_JaffaCakes118

Files

c08ed0175de9983674f527b550ef10ce_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d8f9af8feb05ede6399488ff54a7163e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
GetLocaleInfoA
LoadLibraryA
SetEndOfFile
GetProcessHeap
ReadFile
GetTickCount
GetStringTypeA
Sleep
GetModuleFileNameA
GetCommandLineA
GetTempPathA
CreateDirectoryA
DeleteFileA
RemoveDirectoryA
MoveFileA
CreateMutexA
GetLastError
lstrcpyA
lstrcatA
lstrlenA
ExpandEnvironmentStringsA
GetFileAttributesExA
CreateThread
WaitForSingleObject
TerminateThread
CloseHandle
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
WriteFile
SetFilePointer
InitializeCriticalSectionAndSpinCount
VirtualAlloc
HeapReAlloc
HeapSize
HeapAlloc
GetLocalTime
FlushFileBuffers
VirtualFree
HeapFree
HeapCreate
HeapDestroy
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryW
ExitProcess
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetLastError
TlsFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetModuleHandleW
TlsGetValue
GetProcAddress
IsBadReadPtr
HeapValidate
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetStartupInfoA

user32

wsprintfA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyA

ole32

CoInitialize
GetClassFile

shell32

ShellExecuteA

shlwapi

PathIsDirectoryA
PathRemoveBlanksA
PathGetArgsA
PathFileExistsA
PathFindFileNameA

gdi32

CopyEnhMetaFileA
GetTextFaceW
GetCharABCWidthsFloatA
CreateColorSpaceW
GetWindowExtEx
Arc
PolyBezierTo
EnumFontFamiliesExA
GetMetaRgn
CreateRoundRectRgn
EndPath
SetBrushOrgEx
GetFontData
GetROP2
GetEnhMetaFileDescriptionA
FrameRgn
CreateFontA
GetObjectA
GetRgnBox
GdiSetBatchLimit
GdiTransparentBlt
ExcludeClipRect
SetWinMetaFileBits
GetCharWidthA
DeleteColorSpace
ExtSelectClipRgn
CreateICA
GetCurrentObject
CreateDIBitmap
TranslateCharsetInfo
CreateHatchBrush
SetRectRgn
CreatePenIndirect
GetDeviceCaps
PolyPolygon
SetICMProfileW
GetOutlineTextMetricsA
AddFontResourceExW
GetRegionData
OffsetViewportOrgEx
GetClipBox
PolyDraw
PolyPolyline
GetTextExtentPointI
UpdateColors
GetColorSpace
CreateFontW
SetArcDirection
GetNearestColor
GetArcDirection
PtInRegion
CreateDiscardableBitmap
FlattenPath
CreateEllipticRgnIndirect
AddFontResourceA
PolylineTo
SetViewportExtEx
CancelDC
EnumMetaFile
CreateDIBSection
GetTextExtentPoint32A
PlgBlt
RectVisible
GetICMProfileA
SetTextJustification
IntersectClipRect
AngleArc
SetMetaFileBitsEx
CreateEllipticRgn
GetMapMode
GetEnhMetaFilePaletteEntries
ResetDCA
OffsetRgn
EnumFontFamiliesW
GetFontLanguageInfo
RemoveFontResourceA
GetCharacterPlacementW
CreateSolidBrush
GetStockObject
SelectClipRgn
GetDCOrgEx
SetColorSpace
SetStretchBltMode
CreateColorSpaceA
GetMiterLimit
GetTextFaceA
GdiComment
GetMetaFileBitsEx
GetTextCharacterExtra
GetBkMode
SetDCPenColor
GetDCBrushColor
GetLogColorSpaceW
CreateEnhMetaFileA
GetCharWidthI
PatBlt
GetRasterizerCaps
PolyTextOutA
CreateDCA
GetGlyphOutlineW
EnumFontFamiliesA
GetDeviceGammaRamp
FillPath
GetTextMetricsW
GetPaletteEntries
CombineRgn
SelectPalette
SetAbortProc
SetBoundsRect
GetCharWidth32W
CreateCompatibleBitmap

ws2_32

gethostbyname
socket
htons
ioctlsocket
connect
select
WSAStartup
closesocket
send
recv
__WSAFDIsSet

netapi32

Netbios

crypt32

CryptMsgControl
CryptMsgGetParam
CryptProtectData
CryptMemAlloc
CryptEnumKeyIdentifierProperties
CryptEncodeObject
CertUnregisterPhysicalStore
CryptSetKeyIdentifierProperty
CertVerifyCRLTimeValidity
CryptEnumOIDInfo
CryptHashPublicKeyInfo
CertDuplicateStore
CertSetStoreProperty
CryptGetKeyIdentifierProperty
CryptMsgOpenToEncode
CertVerifyRevocation
CryptHashCertificate
CryptUnregisterOIDFunction
CryptSignMessage
CertFindSubjectInSortedCTL
CertAddStoreToCollection
CryptSignCertificate
CertGetIntendedKeyUsage
CertSetCertificateContextProperty
CertFindCertificateInCRL
CertAddEncodedCTLToStore
CryptBinaryToStringA
PFXImportCertStore
CertVerifyTimeValidity
CertCreateCTLContext
CertUnregisterSystemStore
CryptFindOIDInfo
CryptVerifyDetachedMessageSignature
CertSetCertificateContextPropertiesFromCTLEntry
CertRDNValueToStrA
CryptGetDefaultOIDFunctionAddress
CryptAcquireCertificatePrivateKey
CryptGetMessageSignerCount
CertCreateCRLContext
CryptStringToBinaryA
CertEnumCRLsInStore
CryptHashToBeSigned
CertGetNameStringA
CryptRegisterDefaultOIDFunction
CertAddCTLLinkToStore
CryptCreateAsyncHandle
CertNameToStrW
CryptSetAsyncParam
CryptMsgVerifyCountersignatureEncoded
CryptSignAndEncryptMessage
CertSetEnhancedKeyUsage
CryptStringToBinaryW
CertGetCTLContextProperty
CertGetIssuerCertificateFromStore
CertStrToNameA
CertSerializeCertificateStoreElement
CryptEncodeObjectEx
CertRemoveEnhancedKeyUsageIdentifier
CryptGetOIDFunctionValue
CryptMemFree
CertGetCRLFromStore
CryptMsgUpdate

imm32

ImmRegisterWordW
ImmIsIME
ImmGetCompositionWindow
ImmGetCompositionStringA
ImmEnumRegisterWordA
ImmDestroyContext
ImmIsUIMessageA
ImmUnregisterWordA
ImmGetCompositionFontW
ImmSetConversionStatus
ImmGetCompositionStringW
ImmGetConversionListW

msi

ord240
ord193
ord211
ord86
ord205
ord156
ord37
ord155
ord202
ord178

msimg32

TransparentBlt
GradientFill
AlphaBlend

msvfw32

ICInstall
MCIWndCreateA
DrawDibBegin
ICOpenFunction
ICGetInfo
ICSeqCompressFrameEnd
ICImageCompress
DrawDibRealize
ICRemove
ICClose
DrawDibTime
ICDecompress
ord2
DrawDibGetBuffer
DrawDibProfileDisplay
DrawDibStop
DrawDibStart
DrawDibSetPalette
MCIWndRegisterClass
DrawDibChangePalette
ICCompress
DrawDibGetPalette
ICInfo
MCIWndCreateW

mswsock

TransmitFile
AcceptEx

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d8f9af8feb05ede6399488ff54a7163e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

shlwapi

gdi32

ws2_32

netapi32

crypt32

imm32

msi

msimg32

msvfw32

mswsock

Sections

.text Size: 168KB - Virtual size: 167KB

.rdata Size: 66KB - Virtual size: 66KB

.data Size: 4KB - Virtual size: 21KB

.text
Size: 168KB - Virtual size: 167KB

.rdata
Size: 66KB - Virtual size: 66KB

.data
Size: 4KB - Virtual size: 21KB