c0c5265b9b05bb3a5befb3db45921c4a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c0c5265b9b05bb3a5befb3db45921c4a_JaffaCakes118
Size

2.6MB
MD5

c0c5265b9b05bb3a5befb3db45921c4a
SHA1

ec7f3c95dc190e591bd825bb7f734b77aecbbc22
SHA256

0120f2c8de8449ab44018c7066bd5cfe29e627774de71212a5b91e8b0d23962e
SHA512

3ae405ca0fb73009c20b4dd3fa6cbe95c2abff84611b618914b98ca6a78ab6accd2fb6ef9ae0f3cf433037f9a28134617c30d09173cdd903789ba48a278e353b
SSDEEP

49152:NFLYuNes+qun8+/O/NPgQQCikKsJtjR2Jfuq/d9jHplr6A:HLYuNes+qu8jRgQUQy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0c5265b9b05bb3a5befb3db45921c4a_JaffaCakes118

Files

c0c5265b9b05bb3a5befb3db45921c4a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

732ceec274c83bca54786a59e0e4e49b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FormatMessageW
GetSystemInfo
InitializeCriticalSection
SleepEx
GetSystemDirectoryA
WaitForMultipleObjects
PeekNamedPipe
ExpandEnvironmentStringsW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitThread
FreeLibraryAndExitThread
GetFullPathNameW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetACP
VerSetConditionMask
GetCurrentDirectoryW
VerifyVersionInfoW
FreeResource
LockResource
ExitProcess
MulDiv
OpenProcess
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
SetLastError
GetFileType
SetFilePointer
SetFileTime
DuplicateHandle
SystemTimeToFileTime
DosDateTimeToFileTime
GetLocalTime
GetTempPathW
GetLongPathNameW
GetFileAttributesW
GetTempFileNameW
CopyFileW
LocalAlloc
LocalFree
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
MoveFileExW
GetSystemDirectoryW
GetVolumeInformationW
FindClose
FindFirstFileW
FindNextFileW
GetVersion
VirtualAllocEx
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
lstrcpynW
ReleaseMutex
CreateMutexW
GetWindowsDirectoryW
VirtualAlloc
VirtualFree
VirtualProtect
HeapAlloc
HeapFree
GetProcessHeap
GetNativeSystemInfo
LoadLibraryA
IsBadReadPtr
DeviceIoControl
OutputDebugStringA
SetPriorityClass
GetLogicalDriveStringsW
QueryDosDeviceW
OutputDebugStringW
EncodePointer
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetStdHandle
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
HeapSize
HeapReAlloc
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetCommandLineA
GetCommandLineW
FindFirstFileExW
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
WriteConsoleW
SetEndOfFile
GetTickCount
MultiByteToWideChar
FindResourceW
GetModuleHandleW
LoadLibraryExW
lstrcmpiW
SizeofResource
LoadResource
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
InterlockedDecrement
InterlockedIncrement
DecodePointer
Sleep
DeleteFileW
CreateFileW
lstrcpyW
ReadFile
WriteFile
GetFileSize
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
CreateThread
WideCharToMultiByte
GetVersionExW
AreFileApisANSI
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetModuleFileNameW
LoadLibraryW
lstrlenW
CloseHandle
GetProcAddress
CreateDirectoryW
FreeLibrary

user32

CloseClipboard
SetClipboardData
EmptyClipboard
CreateCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
GetSysColor
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MoveWindow
CreateAcceleratorTableW
InvalidateRgn
FindWindowExW
GetShellWindow
GetWindowThreadProcessId
SystemParametersInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
PeekMessageW
wsprintfW
GetWindow
OpenClipboard
PtInRect
IsRectEmpty
MapWindowPoints
ScreenToClient
GetCursorPos
GetClientRect
GetUpdateRect
EndPaint
CharPrevW
ReleaseDC
GetDC
KillTimer
ReleaseCapture
SetCapture
GetKeyState
GetFocus
SetFocus
IsZoomed
UpdateLayeredWindow
DestroyWindow
IsWindow
CreateWindowExW
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadCursorW
OffsetRect
UnionRect
InflateRect
SetCursor
GetDesktopWindow
SetRect
FillRect
GetParent
DrawTextW
GetPropW
SetPropW
SetForegroundWindow
GetSystemMetrics
EnableWindow
MsgWaitForMultipleObjects
PostMessageW
PostQuitMessage
GetWindowRgn
IntersectRect
MessageBoxW
SetWindowRgn
IsIconic
ShowWindow
SetWindowPos
SetTimer
InvalidateRect
GetWindowLongW
SetWindowLongW
BringWindowToTop
LoadStringW
CharNextW
GetMonitorInfoW
MonitorFromWindow
BeginPaint
LoadImageW
IsWindowVisible
GetWindowRect
RegisterClassExW
GetClassInfoExW

comdlg32

GetOpenFileNameW

advapi32

SystemFunction036
RegEnumKeyW
DuplicateTokenEx
CreateProcessAsUserW
RegEnumValueA
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
ImpersonateLoggedOnUser
RevertToSelf
LookupAccountSidW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetTokenInformation
GetTokenInformation
OpenProcessToken
RegOpenKeyW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetFolderLocation
ord155
SHGetFileInfoW
SHBindToParent
ShellExecuteW

ole32

CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
RevokeDragDrop
RegisterDragDrop
CoUninitialize

oleaut32

VariantInit
SysAllocString
SysFreeString
VariantClear
VarUI4FromStr

netapi32

NetWkstaSetInfo

shlwapi

PathFileExistsW
StrRetToBufW
PathAppendW
ord219

comctl32

ord17
_TrackMouseEvent

gdi32

SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
CreateRectRgnIndirect
GetObjectA
MoveToEx
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
TextOutW
CreatePenIndirect
CombineRgn
PtInRegion
CreateRectRgn
GetDeviceCaps
GetDIBits
CreateCompatibleBitmap
CreateSolidBrush
CreateDCW
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
CreateDIBSection
GetTextMetricsW
SelectObject
SaveDC
RestoreDC
Rectangle
GetStockObject
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateCompatibleDC
SetTextColor
BitBlt

gdiplus

GdipGetPropertyItem
GdipDrawArcI
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipGetPropertyItemSize
GdipDrawImageRectI
GdipDeleteGraphics
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipCreateBitmapFromScan0
GdipCreateFromHDC
GdipAddPathLineI
GdipImageGetFrameDimensionsCount
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipCreateStringFormat
GdipCreateLineBrushI
GdiplusShutdown
GdiplusStartup
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawImageRectRect
GdipFillRectangleI
GdipDrawPath
GdipDrawRectangleI
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipSetCompositingMode
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipAddPathArcI
GdipDeletePath
GdipCreatePath

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

psapi

EnumProcesses
GetModuleFileNameExW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

InternetOpenW
InternetSetOptionW
InternetReadFile
InternetOpenUrlW
InternetCloseHandle
HttpQueryInfoW

urlmon

URLDownloadToFileW

ws2_32

setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
WSASetLastError
socket
closesocket
WSAGetLastError
send
recv
WSACleanup
WSAStartup
htonl
inet_addr
inet_ntoa
gethostbyaddr
gethostbyname
getservbyport
getservbyname
__WSAFDIsSet
recvfrom
select
sendto
accept
listen
ioctlsocket
gethostname
bind

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

732ceec274c83bca54786a59e0e4e49b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

shell32

ole32

oleaut32

netapi32

shlwapi

comctl32

gdi32

gdiplus

imm32

psapi

userenv

iphlpapi

version

wininet

urlmon

ws2_32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 11KB - Virtual size: 29KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 120KB - Virtual size: 120KB

.reloc Size: 66KB - Virtual size: 65KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 11KB - Virtual size: 29KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 120KB - Virtual size: 120KB

.reloc
Size: 66KB - Virtual size: 65KB