d4d5c9676a7b13bdf43d1b8feceeb072_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d4d5c9676a7b13bdf43d1b8feceeb072_JaffaCakes118
Size

698KB
MD5

d4d5c9676a7b13bdf43d1b8feceeb072
SHA1

dffb8f4a7a903422461db695a955096c52a77994
SHA256

fc224d7b3b799d4d280821570b5abbb8ae876584223e9338f6eaeec1a0e522c1
SHA512

9868ec2ebd8d5f0027cbb704a9096bc8d211c1c26cf2aa1f43262c4f7fd5225d3342392c2921c4611b6db98439c42dbe7ac69ac0e3eec64cffbf8507ce83e9a4
SSDEEP

12288:Vj5QBGxzmsepfA1WswUZyNLKPwSMUMcNyPdScygB0G83zAO+QQMCb246F:4BlsepfAcswUZyNqGMrgBs3zF5Q7b24U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
d4d5c9676a7b13bdf43d1b8feceeb072_JaffaCakes118

Files

d4d5c9676a7b13bdf43d1b8feceeb072_JaffaCakes118
.exe windows:6 windows x86 arch:x86

21fd7a8e66b864e55bbebfb189880e95

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadConsoleW
WriteConsoleW
SetStdHandle
OutputDebugStringW
FlushFileBuffers
GetStringTypeW
LCMapStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
LoadLibraryExW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GlobalMemoryStatus
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameW
GetProcessHeap
GetStartupInfoW
CreateFileW
GetStdHandle
DeleteCriticalSection
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
IsDebuggerPresent
GetCurrentThreadId
SetLastError
HeapSize
WideCharToMultiByte
GetVersion
LocalAlloc
GetCurrentProcess
GetEnvironmentStringsW
SetEndOfFile
SetConsoleTitleW
GetPriorityClass
CancelIoEx
GetCommandLineW
LoadLibraryA
CreateEventW
CreateEventA
GetTickCount
GetSystemInfo
MulDiv
CloseHandle
ReadFile
WriteFile
Sleep
WaitForSingleObject
GlobalAlloc
GetProcAddress
FreeLibrary
FindNextFileA
FindFirstFileA
GetFileAttributesExA
lstrcmpA
GetVolumeInformationA
lstrcpyA
AreFileApisANSI
GetModuleHandleExW
ExitProcess
HeapFree
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
IsProcessorFeaturePresent
RaiseException
RtlUnwind
DecodePointer
EncodePointer
GetOverlappedResult
GetLastError
GetFileType
FreeEnvironmentStringsA
GetDriveTypeA
GetModuleHandleA
GetLogicalDriveStringsA
lstrcatA
GetSystemTimeAsFileTime

user32

GetProcessWindowStation
MessageBoxA
DestroyWindow
PostQuitMessage
RegisterClassExW
GetUserObjectInformationW
ShowWindow
DialogBoxParamA
EndDialog
LoadAcceleratorsA
TranslateAcceleratorA
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExW
LoadBitmapA
GetWindow
GetClassNameA
GetParent
GetDesktopWindow
SetWindowLongA
OffsetRect
CopyRect
GetSysColor
GetCursorPos
EndPaint
GetWindowTextA
SetWindowTextA
SetScrollPos
ScrollWindowEx
InvalidateRect
GetClientRect
BeginPaint
ReleaseDC
GetDC
DrawIcon
CreatePopupMenu
DrawMenuBar
GetSystemMetrics
EnableWindow
SendInput
SetFocus
SendDlgItemMessageW
SendDlgItemMessageA
CheckDlgButton
GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
DialogBoxIndirectParamA
SetWindowPos
MoveWindow
CallWindowProcA
wsprintfA
CreateWindowExA
SendMessageA
LoadIconA
LoadCursorA
GetWindowRect
UpdateWindow

gdi32

CreateFontIndirectA
CreateCompatibleDC
StretchBlt
SetWindowExtEx
GetObjectA
SetAbortProc
CreateHalftonePalette
SetTextColor
BitBlt
SetMapMode
SelectObject
GetTextExtentPoint32A
GetStockObject
GetPixel
GetDeviceCaps
FillRgn
DeleteObject
DeleteDC

comdlg32

ChooseFontA
GetSaveFileNameW

advapi32

ReportEventA
DeregisterEventSource
OpenProcessToken
GetTokenInformation
LsaNtStatusToWinError
CredEnumerateA
CryptGenRandom
CryptGenKey
CryptReleaseContext
CryptAcquireContextA
RegisterEventSourceA

shell32

CommandLineToArgvW
SHCreateShellItem
SHBrowseForFolderA
ShellExecuteA

ole32

CreateFileMoniker
BindMoniker
CoInitializeEx
CoUninitialize

odbc32

ord12
ord24
ord39
ord75
ord72
ord19
ord7

comctl32

ImageList_Add
InitCommonControlsEx
ImageList_Create
ord17

shlwapi

StrStrA
StrNCatA

ws2_32

WSALookupServiceBeginA
WSALookupServiceNextA
WSALookupServiceEnd
inet_addr
WSAGetLastError
WSAStartup
WSACleanup

netapi32

NetShareGetInfo

iphlpapi

SendARP

secur32

LsaEnumerateLogonSessions
LsaGetLogonSessionData
LsaFreeReturnBuffer

imm32

ImmGetDefaultIMEWnd

winhttp

WinHttpCloseHandle
WinHttpAddRequestHeaders
WinHttpCheckPlatform

Exports

Exports

Try

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21fd7a8e66b864e55bbebfb189880e95

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

odbc32

comctl32

shlwapi

ws2_32

netapi32

iphlpapi

secur32

imm32

winhttp

Exports

Exports

Sections

.text Size: 125KB - Virtual size: 125KB

.rdata Size: 165KB - Virtual size: 165KB

.data Size: 26KB - Virtual size: 43KB

.rsrc Size: 360KB - Virtual size: 360KB

.reloc Size: 19KB - Virtual size: 19KB

.text
Size: 125KB - Virtual size: 125KB

.rdata
Size: 165KB - Virtual size: 165KB

.data
Size: 26KB - Virtual size: 43KB

.rsrc
Size: 360KB - Virtual size: 360KB

.reloc
Size: 19KB - Virtual size: 19KB