d402004794b12010d4d585b98ec52023_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d402004794b12010d4d585b98ec52023_JaffaCakes118
Size

786KB
MD5

d402004794b12010d4d585b98ec52023
SHA1

b8dce3f8a3aa9f4cee490027e2f4463b89776da7
SHA256

69c0ae3be9da9dc0118987f35d0df0e06dfb1dddb2e5bb9cfb0a7e667c9dfbdc
SHA512

c242562bef3cd28e7e1b084c5badcbebe9b16ff7b8bed9e799c244771497fae5032e523b80e299179a670db0a84198303475407d40cdbda4e7e857fa574ca081
SSDEEP

24576:fQvwYFwXvogrWxNncek3GeXJw4LIHdFnibimcZWv9i:fQvwYovyNNk3PXJvLqjniGmSW9i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d402004794b12010d4d585b98ec52023_JaffaCakes118

Files

d402004794b12010d4d585b98ec52023_JaffaCakes118
.exe windows:5 windows x86 arch:x86

897f05fa6cd22413ef6ded8e1246762e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
LoadLibraryW
GetStdHandle
GetProcAddress
GetFullPathNameW
GetFullPathNameA
CreateFileA
GetFileSize
CreateMutexW
HeapCompact
SetFilePointer
TryEnterCriticalSection
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
SystemTimeToFileTime
QueryPerformanceCounter
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
Sleep
FormatMessageW
GetFileAttributesA
HeapCreate
HeapValidate
ReadFile
CreateFileW
FlushFileBuffers
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
OutputDebugStringA
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
DecodePointer
FindFirstFileW
FindNextFileW
FindClose
GetTempFileNameW
CopyFileW
GetModuleHandleW
CreateThread
lstrlenW
LocalAlloc
GetCommandLineW
GetVersionExW
GetVersion
VerSetConditionMask
VerifyVersionInfoW
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
GetTimeZoneInformation
SetStdHandle
GetOEMCP
GetACP
IsValidCodePage
GetFileType
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
GetCommandLineA
GetModuleHandleExW
ExitProcess
VirtualQuery
VirtualProtect
LoadLibraryExW
ExitThread
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
GetStringTypeW
EncodePointer
GlobalFree
GlobalHandle
lstrcmpW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FlushInstructionCache
GetCurrentProcess
GetModuleFileNameW
GetCurrentThreadId
SetLastError
SetEvent
lstrlenA
lstrcmpA
GetFileAttributesW
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetExitCodeProcess
WaitForSingleObject
ExpandEnvironmentStringsW
SetEnvironmentVariableA
CreateProcessW
GetTempPathW
CreateDirectoryW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteFileW
GetTickCount
CreateEventW
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
CloseHandle
GetCurrentThread
MultiByteToWideChar

user32

GetParent
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindow
SetWindowLongW
MessageBoxW
UnregisterClassW
MapWindowPoints
GetMessageA
DestroyMenu
SetMenuDefaultItem
GetDlgItem
SetWindowTextW
SendMessageW
LoadIconW
IsChild
SetWindowPos
AdjustWindowRectEx
DefWindowProcA
ShowWindow
GetWindowLongW
MoveWindow
GetClientRect
CreateWindowExA
InflateRect
UpdateWindow
MessageBoxA
PostMessageA
DestroyWindow
GetMonitorInfoA
RegisterClassExA
LoadMenuW
GetSubMenu
GetCursorPos
SetForegroundWindow
TrackPopupMenu
PostMessageW
GetMenuItemID
GetSystemMetrics
wvsprintfA
CharLowerBuffW
EndDialog
SendDlgItemMessageW
MapDialogRect
SetWindowContextHelpId
CreateDialogIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
BeginPaint
EndPaint
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
RegisterClassExW
LoadCursorW
DefWindowProcW
DestroyAcceleratorTable
GetDesktopWindow
ReleaseDC
GetDC
InvalidateRect
CallWindowProcW
InvalidateRgn
FillRect
ReleaseCapture
GetFocus
SetFocus
IsWindow
GetClassNameW
GetSysColor
CharNextW
RedrawWindow
GetClassInfoExW
CreateWindowExW
CreateAcceleratorTableW
ClientToScreen
ScreenToClient
SetCapture
KillTimer

advapi32

RegOpenKeyExW
CryptDestroyKey
CryptDecrypt
CryptSetKeyParam
CryptImportKey
CryptAcquireContextW
RegQueryValueExW
RegCloseKey
RegEnumKeyW
OpenThreadToken
OpenProcessToken
DuplicateToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
FreeSid
RegOpenKeyExA
RegQueryValueExA
GetUserNameW
LookupAccountNameW
GetWindowsAccountDomainSid
ConvertSidToStringSidA
CryptReleaseContext

comctl32

InitCommonControlsEx

ole32

OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
OleUninitialize
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoInitializeEx

ws2_32

WSAStartup
closesocket
WSACleanup
send
connect
socket
getaddrinfo
recv

shell32

SHGetFolderPathW
ShellExecuteW
ShellExecuteExW
Shell_NotifyIconW
CommandLineToArgvW
SHFileOperationW

shlwapi

PathRemoveFileSpecW
PathStripPathW
PathFindExtensionA
PathAppendW

crypt32

CryptUnprotectData

oleaut32

SafeArrayLock
SafeArrayDestroy
SafeArrayCreate
LoadTypeLi
LoadRegTypeLi
SysStringLen
OleCreateFontIndirect
SafeArrayGetLBound
SafeArrayGetUBound
VariantCopyInd
SysAllocStringLen
SysAllocString
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
VariantClear
VariantInit
SysFreeString
SafeArrayUnlock

gdi32

GetDeviceCaps
GetStockObject
DeleteDC
BitBlt
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
GetObjectW

winhttp

WinHttpCloseHandle
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpWriteData
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

sqlite3_completion_init
sqlite3_fileio_init
sqlite3_shathree_init

Sections

.text
Size: 618KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

897f05fa6cd22413ef6ded8e1246762e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

comctl32

ole32

ws2_32

shell32

shlwapi

crypt32

oleaut32

gdi32

winhttp

version

Exports

Exports

Sections

.text Size: 618KB - Virtual size: 618KB

.rdata Size: 111KB - Virtual size: 110KB

.data Size: 20KB - Virtual size: 29KB

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 24KB - Virtual size: 24KB

.text
Size: 618KB - Virtual size: 618KB

.rdata
Size: 111KB - Virtual size: 110KB

.data
Size: 20KB - Virtual size: 29KB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 24KB - Virtual size: 24KB