d7175428588d1bbc7bb95f9860951445_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d7175428588d1bbc7bb95f9860951445_JaffaCakes118
Size

317KB
MD5

d7175428588d1bbc7bb95f9860951445
SHA1

40eb8f7dfa493828b8781746f542deb5b3a2fa0c
SHA256

75d29a195dcd2809dad169a8189d64f088657cdcc433b6257437fb59477ddf84
SHA512

735a904715b4c00feff2b7ec3e06c4251db3a5f98aa59d02793faafc310870b87601e2c3c267522b56b6abc6e4479ddfe3ca9c8c761c3130675c6105d487185c
SSDEEP

6144:Lwt/mic3+J2UIrW8SNChPniCPMozp+39u2UD3Iqti5:LwsicOQ3rW8vKxQ24Ymi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d7175428588d1bbc7bb95f9860951445_JaffaCakes118

Files

d7175428588d1bbc7bb95f9860951445_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7318d1aa426b7b9a0f97652dd2354776

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAConnect
WSAEnumNetworkEvents
WSAEventSelect
shutdown
closesocket
WSAStartup
gethostname
gethostbyname
inet_ntoa
WSACreateEvent
htons
ntohs
WSAGetLastError
WSASocketW
WSACloseEvent
WSACleanup

shlwapi

PathFileExistsW

oleacc

AccessibleChildren
GetRoleTextW
AccessibleObjectFromWindow
ObjectFromLresult

psapi

GetModuleFileNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

GetSystemTimeAsFileTime
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
Sleep
RaiseException
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
LocalAlloc
lstrlenW
FormatMessageW
InterlockedDecrement
GetProcAddress
GetLastError
LoadLibraryW
GetLocalTime
GetComputerNameW
GetTickCount
WideCharToMultiByte
ResumeThread
SetPriorityClass
GetCurrentProcess
GetCurrentThread
SetThreadPriority
CreateProcessW
CloseHandle
WriteFile
lstrcpyW
GetShortPathNameW
GetModuleFileNameW
CreateFileW
GetTempFileNameW
GetTempPathW
MultiByteToWideChar
LocalFree
DuplicateHandle
OpenProcess
TerminateProcess
GetExitCodeProcess
Module32NextW
lstrcmpiW
CreateToolhelp32Snapshot
Process32NextW
GetPriorityClass
Process32FirstW
GetCompressedFileSizeW
FindClose
FindNextFileW
FindFirstFileW
OutputDebugStringA
CreateDirectoryW
GetLongPathNameW
FileTimeToSystemTime
DeleteFileW
SetFileAttributesW
GetSystemTime
FreeLibrary
GlobalUnlock
lstrlenA
GlobalLock
GetModuleHandleW
GetVersionExW
CreateThread
CopyFileW
EnumResourceNamesW
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
GetSystemDirectoryW
GetTimeFormatA
GetDateFormatA
LoadLibraryA
CancelIo
GetOverlappedResult
WaitForSingleObject
ReadFile
CreateEventW
CreateFileA
SetFilePointer
GetFileSize
VirtualAlloc
VirtualFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
CreateSemaphoreW
ReleaseSemaphore
InitializeCriticalSection
HeapAlloc
GetProcessHeap
HeapFree
DeviceIoControl
CreateMutexW
InterlockedExchange
GetVersionExA
HeapSize
HeapReAlloc
HeapDestroy
MoveFileW
UnhandledExceptionFilter
Module32FirstW
ReleaseMutex
GetCurrentThreadId
GetCurrentProcessId

advapi32

OpenProcessToken
RegOpenKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
GetUserNameW
GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
SetEntriesInAclW
SetSecurityInfo

user32

TranslateMessage
GetMessageW
SetTimer
CreateWindowExW
IsCharAlphaNumericW
GetForegroundWindow
UnregisterClassA
DispatchMessageW
CharUpperBuffW
DefWindowProcW
PostQuitMessage
GetKeyState
GetKeyboardState
ToUnicode
GetKeyNameTextW
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
GetWindowThreadProcessId
SystemParametersInfoW
GetDC
GetClientRect
ReleaseDC
IsWindow
RegisterWindowMessageW
RegisterClassExW
GetParent
IsWindowEnabled
SendMessageW
SendMessageTimeoutW
IsWindowVisible
GetClassNameW
EnumChildWindows
FindWindowExW
GetWindowTextW
wsprintfW

ole32

CoInitialize
CoCreateInstance

oleaut32

GetErrorInfo
SysStringLen
SysFreeString
VariantClear
SysAllocString
VariantCopy
VariantInit

shell32

SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteW
SHGetSpecialFolderPathW
SHGetPathFromIDListW

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFindChainInStore
CertFreeCertificateContext
CertFindCertificateInStore
CertOpenSystemStoreA
CertCloseStore

msvcrt

ftell
wcsncpy
malloc
_mbscmp
strcpy
rand
_mbsrchr
_mbsspn
_mbscspn
_vscprintf
vsprintf
atoi
_mbsstr
_mbsinc
_ismbcspace
_mbslwr
strncpy
strstr
strcat
_beginthreadex
isalnum
_mbschr
??0exception@@QAE@XZ
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_callnewh
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
realloc
_errno
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_controlfp
srand
_except_handler3
__CxxFrameHandler
mktime
fgetpos
fread
wcscat
wcscpy
sprintf
strlen
abs
_wtoi
memset
swprintf
_wfopen
fseek
fclose
time
fwrite
wcslen
vswprintf
_vscwprintf
_wcsupr
wcschr
_wcsicmp
wcscmp
iswspace
free
memmove
memcpy
_wcslwr
wcsrchr
wcsstr
_CxxThrowException
printf
_CIacos
_ftol
_CIpow

winmm

waveInAddBuffer
waveInUnprepareHeader
waveInStop
waveInOpen
waveInClose
waveInStart
waveInPrepareHeader

gdi32

GetPixel

Sections

.text
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7318d1aa426b7b9a0f97652dd2354776

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

shlwapi

oleacc

psapi

version

kernel32

advapi32

user32

ole32

oleaut32

shell32

crypt32

msvcrt

winmm

gdi32

Sections

.text Size: 216KB - Virtual size: 215KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 18KB - Virtual size: 83KB

.rsrc Size: 48KB - Virtual size: 48KB

.text
Size: 216KB - Virtual size: 215KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 18KB - Virtual size: 83KB

.rsrc
Size: 48KB - Virtual size: 48KB