c12d2f2cc1eb3563e54e53ba572a0b15_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c12d2f2cc1eb3563e54e53ba572a0b15_JaffaCakes118
Size

241KB
MD5

c12d2f2cc1eb3563e54e53ba572a0b15
SHA1

467c11815ab99f1abbed368b19de8c5934094ddb
SHA256

7682b9305a47110048b9aae75294a1a64d47526be173c1f3bde0a8dfba28bc69
SHA512

db2a1911fbae698a4a0c757c4724683bdf94f9c04ec9a7f6de9b5436f528b2cf0a8594cd27c634b34b25819f4da1cd4c62878ecde01d1466c836ce9f61e21ca4
SSDEEP

6144:iSIml4lFxO+lf1G+eA6sHJ3Sqqll7iEe:iSp2DXF4FA6sHQqql5i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c12d2f2cc1eb3563e54e53ba572a0b15_JaffaCakes118

Files

c12d2f2cc1eb3563e54e53ba572a0b15_JaffaCakes118
.exe windows:5 windows x86 arch:x86

42c4c090ccbec7d859769fdb78d743d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
SetHandleCount
HeapDestroy
HeapCreate
HeapFree
VirtualFree
FlushFileBuffers
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
InitializeCriticalSectionAndSpinCount
SetFilePointer
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
SetEndOfFile
GetProcessHeap
ReadFile
GetTickCount
GetLocalTime
Sleep
GetModuleFileNameA
GetCommandLineA
GetTempPathA
CreateDirectoryA
DeleteFileA
RemoveDirectoryA
MoveFileA
CreateMutexA
GetLastError
lstrcpyA
lstrcatA
lstrlenA
ExpandEnvironmentStringsA
GetFileAttributesExA
CreateThread
WaitForSingleObject
TerminateThread
CloseHandle
GetStringTypeA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryW
ExitProcess
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetLastError
TlsFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetModuleHandleW
TlsGetValue
GetProcAddress
IsBadReadPtr
HeapValidate
GetStartupInfoA
GetModuleFileNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement

user32

wsprintfA

advapi32

RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

CoInitialize
GetClassFile

shell32

ShellExecuteA

shlwapi

PathFileExistsA
PathRemoveBlanksA
PathGetArgsA
PathFindFileNameA
PathIsDirectoryA

gdi32

CombineTransform
GdiTransparentBlt
CreateFontIndirectW
CreateRectRgnIndirect
CancelDC
InvertRgn
SetBitmapBits
CreateColorSpaceW
GetEnhMetaFilePixelFormat
GetMapMode
GetTextColor
CreateICA
GetColorSpace
TranslateCharsetInfo
GetTextExtentPoint32A
FixBrushOrgEx
SetBrushOrgEx
GetDIBColorTable
CreateDiscardableBitmap
CreatePolygonRgn
Rectangle
EnumFontFamiliesExW
CombineRgn
CreatePenIndirect
ExtEscape
AddFontMemResourceEx
SetDeviceGammaRamp
CreatePalette
IntersectClipRect
SelectObject
EnumEnhMetaFile
SetBoundsRect
ExtSelectClipRgn
SetMetaFileBitsEx
CopyMetaFileA
SetColorAdjustment
SelectClipPath
SetMapMode
GetStockObject
StartDocA
Escape
GetPolyFillMode
GetNearestPaletteIndex
PaintRgn
GetROP2
GetBrushOrgEx
CreatePatternBrush
RemoveFontMemResourceEx
GetSystemPaletteUse
GetGlyphIndicesW
RemoveFontResourceW
ChoosePixelFormat
CreateDIBitmap
PlgBlt
CreateHatchBrush
SetTextCharacterExtra
GetGlyphOutlineA
GetCharWidthFloatW
GetWindowOrgEx
PolyTextOutA
PlayMetaFileRecord
PolylineTo
ColorCorrectPalette
SetPixelFormat
LineTo
CreateMetaFileW
EnumICMProfilesW
GetLogColorSpaceW
CreateRectRgn
LineDDA
GetTextExtentPoint32W
GetICMProfileA
EndPath
RealizePalette
GetArcDirection
PathToRegion
EnumFontFamiliesA
RemoveFontResourceA
CreateDIBPatternBrush
EndDoc
SetTextColor
SetStretchBltMode
SetArcDirection
GetFontUnicodeRanges
GetPixelFormat
GetOutlineTextMetricsA
SetLayout
GetGlyphIndicesA
SetAbortProc
SetICMProfileW

ws2_32

recv
closesocket
__WSAFDIsSet
select
connect
ioctlsocket
htons
socket
gethostbyname
WSAStartup
send

netapi32

Netbios

comdlg32

PrintDlgA
PageSetupDlgW
ChooseColorA
GetOpenFileNameW
CommDlgExtendedError

comsvcs

CoLeaveServiceDomain
MTSCreateActivity
SafeRef
RecycleSurrogate

crypt32

CryptRegisterOIDFunction
CryptGetOIDFunctionValue
CryptUnregisterOIDFunction
CertGetCertificateContextProperty
CertRDNValueToStrA
CryptGetKeyIdentifierProperty
CertIsRDNAttrsInCertificateName
CryptMsgOpenToEncode
CertGetIntendedKeyUsage
CertCreateCertificateContext
CertVerifyValidityNesting
CertFindCTLInStore
CryptBinaryToStringW
CryptInstallDefaultContext
CryptExportPublicKeyInfoEx
CertEnumPhysicalStore
CertAddStoreToCollection
CertNameToStrW
CertUnregisterPhysicalStore
CryptMsgDuplicate
CertAddCTLLinkToStore
CryptHashMessage
CertVerifyCTLUsage
CryptImportPublicKeyInfo
CertCompareCertificate
CryptCloseAsyncHandle
CertDuplicateCRLContext
CryptGetMessageCertificates
CryptFindOIDInfo
CryptProtectData
CryptQueryObject
CryptVerifyCertificateSignatureEx
CertFindSubjectInCTL
CryptEnumOIDFunction
CryptVerifyDetachedMessageSignature
CryptVerifyMessageSignatureWithKey
PFXIsPFXBlob
CertGetValidUsages
CryptMsgUpdate
CertFreeCRLContext
CertAlgIdToOID
CertUnregisterSystemStore
CryptBinaryToStringA
CertGetCTLContextProperty
CertSetStoreProperty
CryptEnumKeyIdentifierProperties
CertAddEncodedCRLToStore
CryptMemFree
CryptCreateAsyncHandle
CertFreeCertificateContext
PFXImportCertStore
CertCreateCTLEntryFromCertificateContextProperties
CertCreateContext
CryptSetAsyncParam
CryptGetOIDFunctionAddress
CertEnumCRLContextProperties
CryptInitOIDFunctionSet
CryptStringToBinaryW
CertIsValidCRLForCertificate
CertGetEnhancedKeyUsage
CertRegisterPhysicalStore
CryptExportPublicKeyInfo
CertFindAttribute
CertAddCRLLinkToStore
CertAddSerializedElementToStore
CryptDecodeMessage
CryptUninstallDefaultContext
CertAddEncodedCertificateToSystemStoreA
CertGetNameStringW
CertDuplicateCTLContext
CryptUnprotectData
CertVerifySubjectCertificateContext
CertRemoveEnhancedKeyUsageIdentifier
CertGetPublicKeyLength
CertRDNValueToStrW
CryptSignMessage
CertSetCertificateContextPropertiesFromCTLEntry
CertGetCRLContextProperty
CertEnumCertificatesInStore

imm32

ImmGetCandidateListW
ImmEnumInputContext
ImmGetVirtualKey
ImmGetConversionListA
ImmEscapeW
ImmDisableTextFrameService
ImmCreateContext
ImmIsIME
ImmEscapeA
ImmSimulateHotKey
ImmGetCompositionFontW
ImmGetDescriptionW
ImmGetGuideLineW
ImmRegisterWordA
ImmGetCompositionStringA
ImmGetImeMenuItemsA
ImmGetRegisterWordStyleA
ImmIsUIMessageW
ImmGetConversionStatus
ImmGetCompositionStringW
ImmGetContext
ImmGetRegisterWordStyleW

iphlpapi

RestoreMediaSense
GetNetworkParams
GetIpNetTable
GetIpForwardTable
FlushIpNetTable
GetIfEntry
GetIpAddrTable
GetBestInterfaceEx
GetFriendlyIfIndex
GetIpErrorString
DeleteIpForwardEntry
UnenableRouter

msi

ord168
ord65
ord45
ord267
ord72
ord60
ord129
ord211
ord247
ord264
ord66
ord266
ord249
ord126
ord272
ord251
ord218
ord95
ord14
ord175
ord169
ord190
ord230
ord90
ord101
ord255
ord157
ord204
ord203
ord16
ord268
ord112
ord252
ord38
ord8
ord89
ord104
ord263
ord109
ord6
ord229
ord193
ord242
ord243
ord245
ord88
ord41
ord254
ord276

msimg32

TransparentBlt
AlphaBlend

msvfw32

ICCompress
DrawDibClose
ICInstall
ord2
ICOpenFunction
DrawDibGetPalette
ICGetInfo
ICSendMessage
DrawDibEnd
ICSeqCompressFrameStart
DrawDibTime
DrawDibSetPalette
ICSeqCompressFrameEnd
ICDraw
ICRemove
MCIWndRegisterClass
ICOpen

Sections

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

42c4c090ccbec7d859769fdb78d743d6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

shlwapi

gdi32

ws2_32

netapi32

comdlg32

comsvcs

crypt32

imm32

iphlpapi

msi

msimg32

msvfw32

Sections

.text Size: 168KB - Virtual size: 168KB

.rdata Size: 67KB - Virtual size: 67KB

.data Size: 4KB - Virtual size: 21KB

.text
Size: 168KB - Virtual size: 168KB

.rdata
Size: 67KB - Virtual size: 67KB

.data
Size: 4KB - Virtual size: 21KB