dc007bfbf347828dbc8dfa8ccef043e6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dc007bfbf347828dbc8dfa8ccef043e6_JaffaCakes118
Size

312KB
MD5

dc007bfbf347828dbc8dfa8ccef043e6
SHA1

4f9999de0b2785a21cc958def28dcc53aa31d40e
SHA256

9481942e6db2269b10527f193f1157d343d615bb17d742d64221aa10b09f41b3
SHA512

21cc38909cc87ef357e25361fccc760d975945875e0adb59b50c8e34d5231cde4dd6adde5c6c0a1d6d70f3c65c08db39f5f45d312cd581bd48f22907a6155c1d
SSDEEP

6144:bEizgWYzo5D5OvCmu05wfyXQC+J0cBvb18V1Vsw:Ytqcuz6XQvmSvx86w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc007bfbf347828dbc8dfa8ccef043e6_JaffaCakes118

Files

dc007bfbf347828dbc8dfa8ccef043e6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

127f478366ab9fc30c9d04a7e3e02899

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
GetFileAttributesA
SetFileAttributesA
FindNextFileA
FindClose
DeleteFileA
GetModuleFileNameA
GetLocalTime
GetModuleFileNameW
ResetEvent
WaitForSingleObject
SetEvent
CreateEventA
GetComputerNameA
CreateThread
TlsAlloc
TlsSetValue
ResumeThread
GetCurrentThread
GetCurrentThreadId
TlsGetValue
ExitProcess
EnterCriticalSection
OpenProcess
FormatMessageA
GetCurrentProcess
ExpandEnvironmentStringsA
CreateDirectoryA
lstrcatA
QueryPerformanceFrequency
QueryPerformanceCounter
WaitForMultipleObjects
CreateFileA
GetProcAddress
LoadLibraryA
FreeLibrary
GetVersionExA
GetCurrentProcessId
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
GetVersion
GetTimeZoneInformation
GetSystemTime
MoveFileA
InterlockedDecrement
InterlockedIncrement
HeapFree
HeapReAlloc
HeapAlloc
HeapSize
SetLastError
SetUnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
FlushFileBuffers
LCMapStringA
LCMapStringW
ReadFile
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
SetFilePointer
GetStringTypeA
GetStringTypeW
SetStdHandle
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
GetExitCodeThread
CloseHandle
TerminateThread
LeaveCriticalSection
Sleep
DeleteCriticalSection
InitializeCriticalSection
GetLastError
TerminateProcess
GetModuleHandleA
GetSystemTimeAsFileTime

user32

GetProcessWindowStation
SetWindowPos
GetDesktopWindow
GetParent
GetSystemMetrics
GetWindowRect
ExitWindowsEx
EndPaint
DrawIcon
BeginPaint
LoadIconA
MsgWaitForMultipleObjects
PeekMessageA
IsWindowVisible
DefWindowProcA
SystemParametersInfoA
ClientToScreen
GetClientRect
IsRectEmpty
IsIconic
IsWindow
KillTimer
mouse_event
GetAsyncKeyState
MapVirtualKeyA
EnumDesktopsA
VkKeyScanA
ToAscii
GetWindowThreadProcessId
ChangeClipboardChain
CloseClipboard
GetClipboardData
SetThreadDesktop
GetClipboardOwner
SetClipboardData
EmptyClipboard
DrawIconEx
GetIconInfo
GetDC
ReleaseDC
GetForegroundWindow
EnumWindows
EndDialog
SetWindowLongA
GetWindowLongA
SetDlgItemTextA
DialogBoxParamA
EnumDesktopWindows
GetClassNameA
CreateWindowExA
UnregisterClassA
keybd_event
RegisterClassA
CloseDesktop
SetTimer
DestroyWindow
PostThreadMessageA
DispatchMessageA
TranslateMessage
SetClipboardViewer
OpenDesktopA
GetMessageA
SetWindowTextA
PostMessageA
TrackPopupMenu
GetCursorPos
SetForegroundWindow
EnableMenuItem
GetThreadDesktop
OpenInputDesktop
GetUserObjectInformationA
OpenClipboard
SetMenuDefaultItem
GetSubMenu
LoadMenuA
SendMessageA
LoadStringA
MessageBoxA
PostQuitMessage
LoadImageA
FindWindowA

advapi32

OpenProcessToken
ImpersonateLoggedOnUser
RevertToSelf
GetUserNameA
RegCreateKeyA
RegDeleteValueA
RegNotifyChangeKeyValue
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumValueA
RegQueryInfoKeyA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysStringLen
SysAllocString
SysFreeString

ws2_32

WSAStartup
socket
gethostbyname
WSAGetLastError
inet_ntoa
getsockname
getpeername
ntohs
htons
setsockopt
listen
bind
htonl
accept
WSACloseEvent
WSAEventSelect
WSACreateEvent
WSAIoctl
WSAResetEvent
WSAEnumNetworkEvents
recv
select
send
inet_addr
connect
closesocket
shutdown

shell32

Shell_NotifyIconA

wininet

HttpOpenRequestA
InternetConnectA
InternetOpenA
HttpSendRequestA
InternetCloseHandle

shlwapi

PathRemoveExtensionA
PathAppendA
PathRemoveFileSpecA
PathRemoveBackslashA
PathFindFileNameA

gdi32

CreateDIBSection
SetDIBColorTable
SelectObject
CreateCompatibleDC
DeleteDC
CreateDCA
BitBlt
GetClipBox
CreateCompatibleBitmap
GetDIBits
GetObjectA
GetBitmapBits
DeleteObject
GetSystemPaletteEntries
GdiFlush
GetDeviceCaps

Sections

.text
Size: 228KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

127f478366ab9fc30c9d04a7e3e02899

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

ws2_32

shell32

wininet

shlwapi

gdi32

Sections

.text Size: 228KB - Virtual size: 226KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 36KB - Virtual size: 43KB

.rsrc Size: 16KB - Virtual size: 12KB

.text
Size: 228KB - Virtual size: 226KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 36KB - Virtual size: 43KB

.rsrc
Size: 16KB - Virtual size: 12KB