c764c58ac9c5e9b085c3103ee27a0b57_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c764c58ac9c5e9b085c3103ee27a0b57_JaffaCakes118
Size

606KB
MD5

c764c58ac9c5e9b085c3103ee27a0b57
SHA1

9af44b615da79c9e936fb32bfdd9ba384d5302a4
SHA256

5cc4bea250c95a45d966a2e9c5992a0d0fbca7cb4013bd3c5787742787b7ba4a
SHA512

5e86c569fea5980de9f27866800866b1d1e2e21c3632b69dfbf679f46a5461ae83827bbeda1bafa20f42deefcb86acd262c626d48c321e8fdd1fbc082572a04b
SSDEEP

6144:iR8+KOgcTyi/TO5sSAOJeaELSUaHMZTmfla2QZODsj0A/T3wFUwKqUC1P7Ere:yvivi/TtSAOkazsFmfxQ9bqlZ78e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c764c58ac9c5e9b085c3103ee27a0b57_JaffaCakes118

Files

c764c58ac9c5e9b085c3103ee27a0b57_JaffaCakes118
.exe windows:4 windows x64 arch:x64

4603c5060f0775255f0970bd10276879

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

setupapi

SetupDiDestroyDeviceInfoList
SetupDiRemoveDevice
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiGetINFClassA
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoA
SetupDiSetDeviceRegistryPropertyA
SetupDiCallClassInstaller
CM_Reenumerate_DevNode
CM_Locate_DevNodeA
SetupFreeSourceListA
SetupQuerySourceListA
SetupCopyOEMInfA
SetupAddToSourceListA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupGetFieldCount
SetupGetStringFieldA
SetupOpenInfFileA
SetupFindFirstLineA
SetupCloseInfFile
SetupFindNextLine

winmm

mixerGetNumDevs
mixerClose
mixerOpen
mixerGetDevCapsA

kernel32

EnterCriticalSection
InitializeCriticalSection
TlsAlloc
GlobalReAlloc
GlobalHandle
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetThreadLocale
GetCurrentDirectoryA
GlobalFlags
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
GetCPInfo
GetOEMCP
SetErrorMode
GetFileTime
GetTickCount
TlsGetValue
HeapAlloc
RtlLookupFunctionEntry
RtlUnwindEx
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RaiseException
RtlPcToFileHeader
ExitProcess
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapSetInformation
HeapCreate
GetStdHandle
GetACP
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
LeaveCriticalSection
LocalAlloc
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetModuleFileNameW
FreeResource
GetCurrentProcessId
GlobalAddAtomA
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalDeleteAtom
GetModuleHandleA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindClose
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
DeviceIoControl
CreateFileA
GlobalAlloc
GlobalFree
CompareStringA
CompareStringW
CreateProcessA
WaitForSingleObject
TerminateThread
GetModuleFileNameA
CreateDirectoryA
GetCurrentThread
GetPrivateProfileIntA
GetVersion
MultiByteToWideChar
RemoveDirectoryA
GetCurrentProcess
CloseHandle
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
CreateThread
WinExec
Sleep
GetPrivateProfileStringA
GetFileAttributesA
WritePrivateProfileStringA
GetShortPathNameA
LoadLibraryA
GetProcAddress
FreeLibrary
GetSystemDirectoryA
lstrlenA
GetLastError
SetLastError
CopyFileA
GetWindowsDirectoryA
GetDriveTypeA
SetFileAttributesA
DeleteFileA
GetVersionExA
HeapFree

user32

IsRectEmpty
SetRect
InvalidateRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
UnregisterClassA
RegisterClipboardFormatA
PostThreadMessageA
CopyAcceleratorTableA
CharNextA
ReleaseCapture
SetCapture
LoadCursorA
GetSysColorBrush
DestroyMenu
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
PtInRect
DefWindowProcA
CallWindowProcA
OffsetRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
UnhookWindowsHookEx
ReleaseDC
GetDC
CopyRect
GetWindowTextLengthA
SetFocus
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
PostMessageA
FindWindowA
GetWindowTextA
EnumChildWindows
IntersectRect
GetClassNameA
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
SetCursor
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
EnumWindows
SendMessageA
ExitWindowsEx
DispatchMessageA
TranslateMessage
GetMessageA
MessageBoxA
UpdateWindow
GetSystemMetrics
DrawIcon
AppendMenuA
GetSystemMenu
IsIconic
GetClientRect
EnableWindow
LoadIconA
IsWindow
LoadImageA
SetTimer
KillTimer
CharUpperA
wsprintfA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
PostQuitMessage
CheckMenuItem
EnableMenuItem
ModifyMenuA

gdi32

GetMapMode
SetMapMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateRectRgnIndirect
CreateBitmap
GetDeviceCaps
GetTextColor
GetBkColor
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
GetRgnBox

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegDeleteValueA
RegDeleteKeyA
OpenSCManagerA
OpenServiceA
QueryServiceConfigA
ChangeServiceConfigA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegEnumKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA
SHGetPathFromIDListA

oledlg

ord8

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoFreeUnusedLibraries
CoRegisterMessageFilter

oleaut32

SysAllocString
OleCreateFontIndirect
SysFreeString
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
SystemTimeToVariantTime
VariantClear
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

Sections

.text
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�v �c
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4603c5060f0775255f0970bd10276879

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

oledlg

ole32

oleaut32

shlwapi

Sections

.text Size: 366KB - Virtual size: 365KB

.rdata Size: 127KB - Virtual size: 127KB

.data Size: 14KB - Virtual size: 38KB

.pdata Size: 27KB - Virtual size: 26KB

�v �c Size: 57KB - Virtual size: 56KB

.text
Size: 366KB - Virtual size: 365KB

.rdata
Size: 127KB - Virtual size: 127KB

.data
Size: 14KB - Virtual size: 38KB

.pdata
Size: 27KB - Virtual size: 26KB

�v �c
Size: 57KB - Virtual size: 56KB