dba78e0effd337081651ec97068b46ed_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dba78e0effd337081651ec97068b46ed_JaffaCakes118
Size

464KB
MD5

dba78e0effd337081651ec97068b46ed
SHA1

1de98636a20b840418e3c25657f6248490e7e8ea
SHA256

b1d883627f0c900983c2d50124eb68c5d943fcf76aeae07909dd895bb3ebc8c0
SHA512

65f82d8f2312112b6b8264b657903849a26ba8607f23e825dac0035bffe7d05806f50e7ee0768fef757512723ae54b4a3bc8a9859c949d2dd0f4b2db3fc34b90
SSDEEP

12288:ddpX6NSv/KGyytyhzrto9hi9AowkAAlXj8Q229:NMSGyt0iiyo13zb22

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dba78e0effd337081651ec97068b46ed_JaffaCakes118

Files

dba78e0effd337081651ec97068b46ed_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d77c9af2bc12d24d63d9ba4062aceb75

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dhcpcsvc

DhcpRegisterOptions

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

user32

wsprintfA
PeekMessageA
GetSysColorBrush
MessageBoxW
GetDlgItemTextA
WinHelpW
SetWindowTextW
GetDC
CreateWindowExW
SetFocus
ShowWindow
DestroyWindow
UpdateWindow
DialogBoxParamW
PostMessageW
ReleaseCapture
MoveWindow
DrawIcon
GetClientRect
GetDlgItemInt
GetWindowRect
SetRect
SetCapture
GetDesktopWindow
GetSysColor
EndPaint
SetDlgItemTextW
SetWindowLongW
SendDlgItemMessageW
LoadStringW
GetFocus
GetWindowLongW
SetWindowPos
BeginPaint
GetUpdateRect
IsWindowVisible
GetWindowTextW
LoadStringA
SystemParametersInfoA
IsWindowEnabled
LoadIconA
FillRect
GetDialogBaseUnits
LoadBitmapW
CopyRect
MonitorFromWindow
MapDialogRect
ReleaseDC
CallWindowProcA
SetDlgItemInt
PostMessageA
InvalidateRect
SetCursor
GetNextDlgTabItem
EnableWindow
SendDlgItemMessageA
SendMessageA
MapWindowPoints
CheckRadioButton
GetParent
LoadCursorA
DestroyIcon
LoadCursorW
SetWindowLongA
GetMonitorInfoW
GetDlgItemTextW
SetWindowTextA
CreateWindowExA
DrawTextExW
SetClassLongA
DrawFocusRect
SendMessageW
GetDlgItem
EndDialog
RegisterClipboardFormatA
GetWindowDC
MessageBoxExW
IsDlgButtonChecked
GetWindow
GetWindowLongA

netapi32

NetGetDCName
DsGetDcNameW
NetApiBufferFree

rpcrt4

NdrClientCall2
UuidCreate
RpcStringFreeA
RpcStringBindingComposeA
UuidToStringA
RpcBindingFree
RpcNetworkIsProtseqValidA
RpcBindingFromStringBindingA
RpcEpResolveBinding

gdi32

RealizePalette
CreatePalette
CreateFontIndirectW
CreateCompatibleDC
GetBkColor
CreateCompatibleBitmap
GetDeviceCaps
SetPixel
CreateBitmap
BitBlt
DeleteDC
CreateFontIndirectA
GetObjectW
GetObjectA
SetBkColor
SelectPalette
CreateDIBitmap
GetTextExtentPoint32W
SelectObject
DeleteObject

wininet

InternetCanonicalizeUrlW
InternetCrackUrlW

kernel32

LoadLibraryExA
GetDateFormatA
GetCurrentDirectoryW
LoadLibraryA
GlobalAlloc
lstrcatA
SetEndOfFile
MapViewOfFile
SetFilePointer
GetComputerNameExW
CreateFileW
GetSystemTimeAsFileTime
GetFileSize
SetUnhandledExceptionFilter
lstrcmpA
GlobalLock
GlobalFree
TerminateProcess
GetModuleHandleW
MultiByteToWideChar
GetACP
GetModuleHandleA
lstrlenA
GetUserDefaultLCID
UnmapViewOfFile
lstrcpyA
MulDiv
GetLastError
LoadLibraryW
Sleep
DisableThreadLibraryCalls
LoadResource
LeaveCriticalSection
GetCurrentThread
GetComputerNameW
FindResourceA
CompareStringW
FileTimeToLocalFileTime
GetCurrentProcess
ExpandEnvironmentStringsA
CompareStringA
GlobalUnlock
GetDateFormatW
DeleteCriticalSection
FileTimeToSystemTime
SystemTimeToFileTime
GetTimeFormatW
InterlockedCompareExchange
WideCharToMultiByte
GetTimeFormatA
GetProcAddress
lstrlenW
GetTickCount
FreeResource
GetLocalTime
FormatMessageW
SetLastError
LocalReAlloc
CloseHandle
GetCurrentThreadId
WriteFile
QueryPerformanceCounter
ExpandEnvironmentStringsW
DelayLoadFailureHook
InitializeCriticalSection
UnhandledExceptionFilter
GetCurrentProcessId
LocalAlloc
GetModuleFileNameW
OutputDebugStringA
DeleteFileW
EnterCriticalSection
GetVersionExA
CreateFileMappingA
FreeLibrary
LocalFree
LockResource
CreateFileA
CompareFileTime

shlwapi

PathFindFileNameW
StrCmpNIW
PathUndecorateW

wintrust

WTHelperGetKnownUsages
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WintrustGetDefaultForUsage
WinVerifyTrustEx
TrustIsCertificateSelfSigned

advapi32

RegOpenKeyExW
OpenThreadToken
StartServiceA
GetTokenInformation
OpenProcessToken
LockServiceDatabase
RegCreateKeyExW
RegCreateKeyExA
ChangeServiceConfigA
CryptGetUserKey
UnlockServiceDatabase
CryptGetProvParam
RegEnumKeyExA
CryptReleaseContext
AllocateAndInitializeSid
RegCloseKey
CryptDestroyKey
CryptAcquireContextW
RegEnumValueA
RegSetValueExA
RegEnumValueW
RegQueryValueExA
DuplicateToken
OpenSCManagerW
CryptGetKeyParam
QueryServiceConfigA
CryptAcquireContextA
RegQueryInfoKeyA
CloseServiceHandle
OpenServiceW
QueryServiceStatus
GetUserNameW
RegQueryValueExW
EqualSid
RegOpenKeyExA
RegEnumKeyExW
FreeSid
RegSetValueExW
ControlService
StartServiceW
CryptSetProvParam

ntdll

NtAllocateVirtualMemory
NtFilterToken

crypt32

CertGetCertificateChain
CryptMsgUpdate
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertDuplicateStore
CryptMsgClose
CryptFreeOIDFunctionAddress
CryptFindLocalizedName
CryptMsgControl
CertFreeCertificateChain
CertFindCRLInStore
CertCreateCTLContext
CertFreeCTLContext
CertAddCTLContextToStore
CertGetCRLFromStore
CertDuplicateCertificateContext
CryptEncodeObject
CertSaveStore
CryptAcquireCertificatePrivateKey
CertSetCertificateContextProperty
CryptMsgOpenToDecode
CryptFormatObject
CertGetSubjectCertificateFromStore
CertFindExtension
CertGetCertificateContextProperty
CryptGetDefaultOIDDllList
CertGetNameStringW
CertGetValidUsages
PFXExportCertStoreEx
CryptDecodeObjectEx
CertEnumCertificatesInStore
CertSetEnhancedKeyUsage
CryptSIPRetrieveSubjectGuid
CertCreateCertificateContext
CertNameToStrW
CertFindCertificateInStore
CertGetPublicKeyLength
CertGetStoreProperty
CryptMsgEncodeAndSignCTL
CryptBinaryToStringA
CertCompareCertificate
CertOpenStore
CryptInitOIDFunctionSet
CryptEnumOIDInfo
CryptGetDefaultOIDFunctionAddress
CertAddCertificateContextToStore
CryptMsgDuplicate
PFXImportCertStore
CertEnumPhysicalStore
CryptMsgVerifyCountersignatureEncoded
CertVerifyTimeValidity
CertFreeCRLContext
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertCloseStore
CryptFindCertificateKeyProvInfo
CertDeleteCertificateFromStore
CryptQueryObject
CryptDecodeObject
CertSetCTLContextProperty
CertEnumCTLsInStore
CertFindCTLInStore
CryptFindOIDInfo
CertGetCTLContextProperty
PFXExportCertStore
CertEnumSystemStore
CertFindAttribute
PFXVerifyPassword
CryptMsgGetParam
CertAddCRLContextToStore

msvcrt

_except_handler3
_itow
free
wcsrchr
_vsnwprintf
strtoul
wcscpy
_purecall
wcslen
_initterm
strtok
_ltow
wcscat
swprintf
iswspace
wcscmp
malloc
iswprint
wcsncpy
_stricmp
_adjust_fdiv
_wcsicmp
wcschr
_wtol
_wcsnicmp
memmove

Sections

.text
Size: 350KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 944KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d77c9af2bc12d24d63d9ba4062aceb75

Headers

File Characteristics

Imports

dhcpcsvc

version

user32

netapi32

rpcrt4

gdi32

wininet

kernel32

shlwapi

wintrust

advapi32

ntdll

crypt32

msvcrt

Sections

.text Size: 350KB - Virtual size: 349KB

.data Size: 18KB - Virtual size: 944KB

.rsrc Size: 85KB - Virtual size: 85KB

.rdata Size: 9KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 20B

.text
Size: 350KB - Virtual size: 349KB

.data
Size: 18KB - Virtual size: 944KB

.rsrc
Size: 85KB - Virtual size: 85KB

.rdata
Size: 9KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 20B