e0d027c16f1fd18c2e2d016b0d334398_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e0d027c16f1fd18c2e2d016b0d334398_JaffaCakes118
Size

239KB
MD5

e0d027c16f1fd18c2e2d016b0d334398
SHA1

12375354cad393ed65e3863b727650f70c312289
SHA256

4f6f456ad267ec2f522918d482090452efa937a5353494bd57cf997e769b26c4
SHA512

522337e5c2d1c154bad758b79f2f8c3c3c1f5cc979b5ecc176173d0fa5297c7bc1f9f285818d21c1ef7d97f03d02b26950325664e8c172553700576c590b93cf
SSDEEP

3072:ZOePc0KJiUK1/hFhSazMd+sdfsP6TJ+eTje3GctbNMqH/Ivw7sD8/7+yQA8U/McD:7fJU4hFhjMEcfsi+eTC3TbSqffa8UcD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0d027c16f1fd18c2e2d016b0d334398_JaffaCakes118

Files

e0d027c16f1fd18c2e2d016b0d334398_JaffaCakes118
.exe windows:5 windows x86 arch:x86

52eb3ab8a43adffdf2e3f15b0631dfc1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
InitializeCriticalSectionAndSpinCount
SetFilePointer
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
SetEndOfFile
GetProcessHeap
ReadFile
GetTickCount
GetLocalTime
Sleep
GetModuleFileNameA
GetCommandLineA
GetTempPathA
CreateDirectoryA
DeleteFileA
RemoveDirectoryA
MoveFileA
CreateMutexA
GetLastError
lstrcpyA
lstrcatA
WriteFile
lstrlenA
ExpandEnvironmentStringsA
GetFileAttributesExA
CreateThread
WaitForSingleObject
TerminateThread
CloseHandle
FlushFileBuffers
VirtualFree
HeapFree
HeapCreate
HeapDestroy
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryW
ExitProcess
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetLastError
TlsFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetModuleHandleW
TlsGetValue
GetProcAddress
IsBadReadPtr
HeapValidate
GetStartupInfoA
GetModuleFileNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement

user32

wsprintfA

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegSetValueExA

ole32

CoInitialize
GetClassFile

shell32

ShellExecuteA

shlwapi

PathFindFileNameA
PathGetArgsA
PathRemoveBlanksA
PathIsDirectoryA
PathFileExistsA

ws2_32

recv
closesocket
__WSAFDIsSet
select
connect
ioctlsocket
htons
socket
gethostbyname
WSAStartup
send

netapi32

Netbios

comdlg32

PageSetupDlgW
ChooseColorA
PrintDlgW
ChooseColorW
GetOpenFileNameW
GetSaveFileNameA
GetFileTitleW
GetSaveFileNameW

crypt32

CryptVerifyCertificateSignatureEx
CertFindCRLInStore
CertSetCertificateContextProperty
CertGetIssuerCertificateFromStore
CryptHashMessage
CertDuplicateCTLContext
CryptDecodeObject
CertAddEncodedCRLToStore
CryptDecodeMessage
CryptHashPublicKeyInfo
CertEnumCertificateContextProperties
CryptBinaryToStringA
CryptUnprotectData
CertVerifyTimeValidity
CertDuplicateStore
CertGetEnhancedKeyUsage
CertAlgIdToOID
CertGetCRLFromStore
CryptUnregisterOIDFunction
CryptEnumOIDInfo
CertFreeCertificateChain
CryptMsgCalculateEncodedLength
CertVerifyCertificateChainPolicy
PFXExportCertStoreEx
CertSerializeCRLStoreElement
CertCompareCertificate
CertDuplicateCertificateContext
CertRDNValueToStrA
CertAddEncodedCertificateToSystemStoreW
CertFindExtension
CertOpenSystemStoreW
CertUnregisterSystemStore
CertGetStoreProperty
CertEnumSubjectInSortedCTL
CryptMsgCountersignEncoded
CertGetCRLContextProperty
CryptSignMessageWithKey
CertNameToStrA
CryptMsgUpdate
CryptMsgDuplicate
CryptFormatObject
CertCreateCertificateContext
CryptEnumOIDFunction
CryptMsgVerifyCountersignatureEncoded
CertFindChainInStore
CryptFindOIDInfo
CertVerifySubjectCertificateContext
CryptStringToBinaryA
CryptUnregisterDefaultOIDFunction
CryptEncryptMessage
CertAddCTLContextToStore
CertControlStore
CryptHashCertificate
CertAddCRLContextToStore
CryptBinaryToStringW
CryptGetMessageSignerCount
CertCloseStore
CertGetCTLContextProperty
CertUnregisterPhysicalStore
CryptHashToBeSigned
CryptEncodeObject
PFXVerifyPassword
CertCreateCRLContext
CryptMsgSignCTL
CertAddStoreToCollection
CertDeleteCertificateFromStore
CertVerifyCRLTimeValidity
CryptMemAlloc
CertOIDToAlgId
CertEnumSystemStoreLocation

imm32

ImmGetCandidateWindow
ImmGetIMEFileNameA
ImmGetDescriptionA
ImmGetDefaultIMEWnd
ImmEscapeW
ImmGetIMEFileNameW
ImmAssociateContextEx
ImmConfigureIMEW
ImmGetStatusWindowPos
ImmGetGuideLineW
ImmGetCompositionStringA
ImmRegisterWordA
ImmDisableTextFrameService
ImmSimulateHotKey
ImmSetCompositionWindow
ImmGetCandidateListW
ImmCreateContext
ImmSetCompositionStringA
ImmSetConversionStatus
ImmNotifyIME
ImmGetCompositionFontW
ImmGetCandidateListCountW
ImmConfigureIMEA
ImmInstallIMEW
ImmGetCandidateListCountA

iphlpapi

GetTcpStatisticsEx
GetBestInterfaceEx
FlushIpNetTable
GetNetworkParams
GetBestInterface
SetIpForwardEntry
GetOwnerModuleFromTcpEntry
DeleteIPAddress
SetIfEntry
GetUdpStatisticsEx
GetExtendedUdpTable
IpRenewAddress
UnenableRouter
DeleteIpForwardEntry
GetOwnerModuleFromUdpEntry
CreateProxyArpEntry
GetIpErrorString
DisableMediaSense
DeleteProxyArpEntry
RestoreMediaSense
CreateIpForwardEntry
NotifyAddrChange
NhpAllocateAndGetInterfaceInfoFromStack
GetUniDirectionalAdapterInfo
GetIcmpStatisticsEx
GetAdapterOrderMap
GetIpNetTable
DeleteIpNetEntry
CancelIPChangeNotify
GetIfEntry
AddIPAddress
GetBestRoute
GetIpAddrTable
GetTcpTable

msi

ord180
ord247
ord213
ord193
ord250
ord274
ord202
ord66
ord155
ord257
ord255
ord156
ord112
ord7
ord107
ord82
ord42
ord9
ord5
ord249
ord55
ord251
ord96
ord131
ord244
ord130
ord36
ord67
ord229
ord254
ord109
ord83
ord245
ord126
ord264
ord203
ord209
ord252
ord86
ord216
ord129
ord242
ord265
ord208
ord39
ord154
ord43
ord228
ord71
ord219
ord136
ord41
ord226
ord72
ord259
ord102
ord87
ord276
ord194
ord243
ord246
ord68
ord69
ord56
ord93
ord224
ord260
ord256
ord272
ord110
ord14
ord266
ord104
ord261
ord227
ord217
ord268
ord85
ord214
ord174
ord262
ord169
ord172
ord231
ord175
ord210

msimg32

AlphaBlend
GradientFill

msvfw32

ICOpen
ICOpenFunction

mswsock

GetAcceptExSockaddrs

Sections

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

52eb3ab8a43adffdf2e3f15b0631dfc1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

shlwapi

ws2_32

netapi32

comdlg32

crypt32

imm32

iphlpapi

msi

msimg32

msvfw32

mswsock

Sections

.text Size: 168KB - Virtual size: 168KB

.rdata Size: 65KB - Virtual size: 65KB

.data Size: 4KB - Virtual size: 21KB

.text
Size: 168KB - Virtual size: 168KB

.rdata
Size: 65KB - Virtual size: 65KB

.data
Size: 4KB - Virtual size: 21KB