ddfbc75f4b046be192ec5fa0d6a4e632_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ddfbc75f4b046be192ec5fa0d6a4e632_JaffaCakes118
Size

256KB
MD5

ddfbc75f4b046be192ec5fa0d6a4e632
SHA1

883ade331c52ac45b18d033c8f7ca51d022ef4ca
SHA256

f255d7d44113826c5115e669d86309764498a21a5e8939d0ddb63e0d4e704d49
SHA512

f754b68b30d8a95c4491a8d55b691152c6548b95e77389fe80184db8a81eada6cc0c922e943cafda6155d6301d3f3eae4a015d3932c1bfd761c5a3909f8ba815
SSDEEP

6144:fHY/YW9T6YblYpuiFp0pq1wru7WctAY4z97qO:f4nhJYrFp0pqWlCADzl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ddfbc75f4b046be192ec5fa0d6a4e632_JaffaCakes118

Files

ddfbc75f4b046be192ec5fa0d6a4e632_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cf1527ebc9aa02d55a247f729db4c464

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetFilePointer
InitializeCriticalSectionAndSpinCount
VirtualAlloc
HeapReAlloc
HeapSize
HeapAlloc
FlushFileBuffers
GetStringTypeW
GetLocaleInfoA
VirtualFree
HeapFree
HeapCreate
HeapDestroy
SetHandleCount
GetEnvironmentStringsW
LoadLibraryA
SetEndOfFile
GetProcessHeap
ReadFile
GetTickCount
GetLocalTime
Sleep
GetModuleFileNameA
GetCommandLineA
GetTempPathA
CreateDirectoryA
DeleteFileA
RemoveDirectoryA
MoveFileA
CreateMutexA
WriteFile
GetLastError
lstrcpyA
lstrcatA
lstrlenA
ExpandEnvironmentStringsA
GetFileAttributesExA
CreateThread
WaitForSingleObject
TerminateThread
CloseHandle
GetStringTypeA
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryW
ExitProcess
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetLastError
TlsFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetModuleHandleW
TlsGetValue
GetProcAddress
IsBadReadPtr
HeapValidate
GetStartupInfoA
GetModuleFileNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement

user32

wsprintfA
GetClassLongA

advapi32

RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey

ole32

CoInitialize

shell32

ShellExecuteA

shlwapi

PathIsDirectoryA
PathRemoveBlanksA
PathGetArgsA
PathFindFileNameA
PathFileExistsA

gdi32

CreatePatternBrush
GdiTransparentBlt
GetCharWidthW
GetTextExtentPoint32W
GetTextExtentPointA
PlayEnhMetaFile
OffsetWindowOrgEx
GetTextExtentPoint32A
CreateCompatibleDC
FillPath
GetOutlineTextMetricsA
GetCharWidthFloatA
EnumFontsA
CreateBitmap
GdiFlush
ScaleWindowExtEx
RemoveFontResourceExA
EndPage
CreateEllipticRgn
AddFontResourceExW
CreateColorSpaceW
CreateScalableFontResourceA
CreateEnhMetaFileA
CreateSolidBrush
CheckColorsInGamut
SetBkMode
SetDCPenColor
CopyEnhMetaFileA
CloseEnhMetaFile
GetEnhMetaFileW
GetEnhMetaFileHeader
CreateDIBitmap
GetWinMetaFileBits
SetROP2
EnumFontFamiliesA
CreateFontIndirectW
CreateFontW
GetFontUnicodeRanges
GetTextCharacterExtra
GetMetaFileW
GetMiterLimit
SetPixelFormat
GetViewportOrgEx
SetStretchBltMode
SetTextAlign
CopyEnhMetaFileW
GetBrushOrgEx
GetCharABCWidthsFloatA
GetDIBColorTable
Polygon
SetDeviceGammaRamp
StartDocW
MaskBlt
TextOutA
SetBitmapBits
SetTextColor
PolyTextOutW
DeleteMetaFile
GetWorldTransform
Ellipse
FillRgn
GetGlyphOutlineW
GetGlyphOutlineA
SetColorSpace
CreateDIBPatternBrushPt
BeginPath
EnumFontsW
CreateMetaFileA
WidenPath
GetTextColor
GetCharWidth32W
CombineRgn
Escape
SetWindowOrgEx
ExtTextOutA
GetEnhMetaFileBits
CreateRoundRectRgn
ChoosePixelFormat
ScaleViewportExtEx
SetTextJustification
CopyMetaFileW
EnumFontFamiliesExW
GetFontLanguageInfo
GetOutlineTextMetricsW
SetTextCharacterExtra

ws2_32

recv
closesocket
__WSAFDIsSet
select
connect
ioctlsocket
htons
socket
gethostbyname
WSAStartup
send

netapi32

Netbios

comdlg32

PrintDlgW
ChooseFontW
ReplaceTextA
GetSaveFileNameA
GetOpenFileNameA
ReplaceTextW
ChooseFontA

comsvcs

RecycleSurrogate
CoEnterServiceDomain
MTSCreateActivity
CoLeaveServiceDomain
SafeRef

crypt32

CryptHashPublicKeyInfo
CryptVerifyCertificateSignatureEx
CryptInitOIDFunctionSet
CertUnregisterPhysicalStore
CryptCreateAsyncHandle
CertCreateCertificateContext
CertCreateCTLEntryFromCertificateContextProperties
CertEnumCRLsInStore
CryptFindLocalizedName
CryptHashCertificate
CryptVerifyMessageHash
CertIsRDNAttrsInCertificateName
CryptMsgCalculateEncodedLength
CertSetCRLContextProperty
PFXExportCertStoreEx
CertResyncCertificateChainEngine
CryptMsgSignCTL
CryptGetAsyncParam
CryptAcquireCertificatePrivateKey
CertFindAttribute
CryptVerifyDetachedMessageHash
CertFreeCertificateChainEngine
CryptGetDefaultOIDFunctionAddress
CryptProtectData
CertAddSerializedElementToStore
CertAddEncodedCTLToStore
CertAddEncodedCRLToStore
CryptFormatObject
CryptDecryptMessage
CryptDecodeObjectEx
CertOpenStore
CertVerifyCRLTimeValidity

msi

ord195
ord238
ord259
ord229
ord84
ord8
ord110
ord85
ord16
ord239
ord86
ord15
ord126
ord205
ord211
ord68
ord11
ord82
ord231
ord9
ord208
ord83
ord69
ord40
ord190
ord270
ord194
ord172
ord168
ord176
ord253
ord102
ord267
ord237
ord251
ord6
ord249
ord141
ord265
ord244
ord263
ord241
ord255
ord246
ord177
ord219
ord157
ord245
ord87
ord129
ord154
ord202
ord36

msimg32

TransparentBlt

msvfw32

DrawDibStart
ord2
DrawDibProfileDisplay
DrawDibChangePalette
MCIWndRegisterClass
DrawDibSetPalette
ICInstall
ICDraw
ICImageCompress
ICInfo
ICSeqCompressFrameStart
DrawDibClose
DrawDibOpen
ICLocate
MCIWndCreateA
ICCompress
ICSeqCompressFrame
ICSendMessage
ICOpenFunction
ICOpen

mswsock

AcceptEx
GetAcceptExSockaddrs
WSARecvEx

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf1527ebc9aa02d55a247f729db4c464

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

shlwapi

gdi32

ws2_32

netapi32

comdlg32

comsvcs

crypt32

msi

msimg32

msvfw32

mswsock

Sections

.text Size: 168KB - Virtual size: 167KB

.rdata Size: 65KB - Virtual size: 64KB

.data Size: 4KB - Virtual size: 21KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 168KB - Virtual size: 167KB

.rdata
Size: 65KB - Virtual size: 64KB

.data
Size: 4KB - Virtual size: 21KB

.reloc
Size: 17KB - Virtual size: 17KB