e14d5798ad9215eb07ded606d86ef354_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e14d5798ad9215eb07ded606d86ef354_JaffaCakes118
Size

244KB
MD5

e14d5798ad9215eb07ded606d86ef354
SHA1

7c8ce8375a9aa885efc34a2abef3ecd9a64e71b3
SHA256

2518f9d8bc07c3e8e65c3e19fe1c317c3cfd750d34426069bc79b439a6e070fb
SHA512

93fc04d18212c374e9677795ab10d849170320580e2ae76cc64783bfc7cba439f77c0adf8dd889423cf4af4545b1c08867401be0f9154aa2805f1334aa2b6fe8
SSDEEP

3072:p1tZWLFFRH3cF7XBvVtPvXvNjh4Z+A5IuHIONW86Iim3Pju9szG5R73yQA8q7M6U:3tI9H2XBfPPFjhU+A5/PNv6haGmi6U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e14d5798ad9215eb07ded606d86ef354_JaffaCakes118

Files

e14d5798ad9215eb07ded606d86ef354_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b91f9c704fc744b15964564677d273d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
TerminateThread
WaitForSingleObject
CreateThread
GetFileAttributesExA
ExpandEnvironmentStringsA
lstrlenA
lstrcatA
lstrcpyA
GetLastError
CreateMutexA
MoveFileA
RemoveDirectoryA
DeleteFileA
CreateDirectoryA
GetTempPathA
GetCommandLineA
GetModuleFileNameA
Sleep
GetLocalTime
GetTickCount
WriteFile
ReadFile
GetProcessHeap
SetEndOfFile
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
InitializeCriticalSectionAndSpinCount
SetFilePointer
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
VirtualFree
HeapFree
HeapCreate
HeapDestroy
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryW
ExitProcess
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetLastError
TlsFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetModuleHandleW
TlsGetValue
GetProcAddress
IsBadReadPtr
HeapValidate
GetStartupInfoA
GetModuleFileNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement

user32

wsprintfA

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegSetValueExA

ole32

CoInitialize
GetClassFile

shell32

ShellExecuteA

shlwapi

PathFileExistsA
PathGetArgsA
PathFindFileNameA
PathIsDirectoryA
PathRemoveBlanksA

gdi32

CreateEllipticRgnIndirect
GetNearestColor
RestoreDC
CreateMetaFileA
GetTextCharset
GetWindowExtEx
SetMapMode
GetGraphicsMode
PolyDraw
GetDIBits
EnumFontsW
SaveDC
SetPixelFormat
Escape
GetLayout
StartPage
SetAbortProc
SetViewportOrgEx
GetDIBColorTable
BitBlt
Arc
RealizePalette
ChoosePixelFormat
GetPixel
CreateScalableFontResourceW
CombineRgn
SetArcDirection
RectInRegion
EnumFontFamiliesW
CreateEnhMetaFileW
GetPixelFormat
CreateDIBitmap
GetGlyphOutlineA
SetGraphicsMode
CopyEnhMetaFileA
GetRegionData
GetCharacterPlacementA
StartDocW
StrokeAndFillPath
DeleteMetaFile
GetWinMetaFileBits
GetGlyphIndicesW
AnimatePalette
GetTextCharacterExtra
ExtEscape
GetSystemPaletteEntries
RemoveFontResourceExA
GetEnhMetaFilePixelFormat
GetObjectType
FrameRgn
AbortDoc
PtInRegion
EnumObjects
LineTo
GetCurrentObject
PtVisible
GetICMProfileA
GetTextExtentExPointA
SetDIBColorTable
CreateEllipticRgn
DPtoLP
RoundRect
GetTextMetricsA
GetStretchBltMode
GetEnhMetaFileBits
EndPath
SwapBuffers
CreateMetaFileW
CloseEnhMetaFile
CreateScalableFontResourceA
WidenPath
SetColorSpace
GetLogColorSpaceW
CreateFontW
ArcTo
SelectClipRgn
SetWorldTransform
CreateBrushIndirect
DeleteObject
Rectangle
FixBrushOrgEx
ColorCorrectPalette
PolyPolyline
SetDIBitsToDevice
CreateDIBPatternBrushPt
EnumICMProfilesW
GetDCBrushColor
GetMapMode
StretchBlt
LineDDA
GetCharABCWidthsW
ExtSelectClipRgn
GdiGradientFill
CancelDC
SetColorAdjustment
GetEnhMetaFileHeader
GetCharWidthI
GetDeviceGammaRamp
GetMetaRgn
SetBitmapBits
IntersectClipRect
GetClipRgn
StretchDIBits
DrawEscape
CreateBitmap
GetBrushOrgEx
GetCharWidthW
SelectPalette
ExtCreateRegion
CopyMetaFileW
GetPolyFillMode
GdiComment
EnumFontFamiliesA
ResetDCA
GetTextExtentPointW
GetMetaFileW
SetTextJustification
GetKerningPairsW
GetAspectRatioFilterEx
GetKerningPairsA
CreateSolidBrush
SetStretchBltMode
GetRasterizerCaps
AngleArc
GetCharWidthFloatW
SetMiterLimit
SetMapperFlags
DeleteEnhMetaFile
SetTextColor
DeleteColorSpace
CreatePenIndirect
GdiGetBatchLimit
SetPixelV
EqualRgn
GdiSetBatchLimit
ScaleViewportExtEx
GetTextExtentExPointI
GetObjectW
SetMetaFileBitsEx
SetPolyFillMode
ColorMatchToTarget
AddFontResourceA
GetColorAdjustment
CreateRectRgn
TextOutW
ScaleWindowExtEx
UnrealizeObject
GetCharacterPlacementW
OffsetRgn
MaskBlt
ExcludeClipRect
GetObjectA
ExtTextOutW
GetBkMode
GetClipBox
GetRgnBox
GetTextMetricsW
GetTextExtentPointA
Polyline
SetDeviceGammaRamp
EnumFontsA
GetROP2
GetTextAlign
SelectClipPath
GetTextExtentPoint32W
GetLogColorSpaceA
InvertRgn
GetDCOrgEx
OffsetViewportOrgEx
PlgBlt
GdiAlphaBlend
CreateRectRgnIndirect
EnumMetaFile
GetRandomRgn
Polygon
CopyEnhMetaFileW
SetLayout
CreatePalette
CreateFontIndirectW
CloseMetaFile
PolylineTo
GetBitmapDimensionEx
GetEnhMetaFileA
GetICMProfileW
TextOutA

ws2_32

recv
closesocket
__WSAFDIsSet
select
connect
ioctlsocket
htons
socket
gethostbyname
WSAStartup
send

netapi32

Netbios

comdlg32

PageSetupDlgW
PrintDlgA
ChooseColorA
ChooseFontW
FindTextW
ReplaceTextA
GetSaveFileNameA
PageSetupDlgA
PrintDlgW
CommDlgExtendedError
GetOpenFileNameA

crypt32

CertVerifyCRLTimeValidity
CertSerializeCTLStoreElement
CertComparePublicKeyInfo
CertResyncCertificateChainEngine
CertGetPublicKeyLength
CertCloseStore
CertRemoveStoreFromCollection
CryptMemFree
CertVerifyCertificateChainPolicy
CryptEncryptMessage
CryptGetDefaultOIDDllList
CertRegisterPhysicalStore
CertEnumCertificateContextProperties
CryptMsgGetParam
CertSetCTLContextProperty
CryptVerifyCertificateSignatureEx
CryptMsgVerifyCountersignatureEncodedEx
CertRDNValueToStrW
CryptInstallOIDFunctionAddress
CertAddEncodedCTLToStore
CertAddEncodedCertificateToSystemStoreW
CertDeleteCTLFromStore
CertAlgIdToOID
CertGetCRLContextProperty
CryptSignMessageWithKey
CertFindSubjectInSortedCTL
CryptBinaryToStringA
CryptSignMessage

imm32

ImmGetCandidateListA
ImmGetCompositionWindow
ImmUnregisterWordA
ImmGetContext
ImmAssociateContextEx
ImmGetCompositionFontA
ImmSetCompositionStringA
ImmGetDescriptionW
ImmReleaseContext
ImmDisableIME
ImmSetCandidateWindow
ImmGetOpenStatus
ImmGetProperty
ImmGetCompositionFontW
ImmGetStatusWindowPos
ImmGetVirtualKey
ImmInstallIMEW
ImmDestroyContext
ImmCreateContext
ImmGetIMEFileNameW
ImmIsUIMessageA
ImmGetCandidateListCountA
ImmGetCandidateListW
ImmInstallIMEA
ImmAssociateContext
ImmGetDefaultIMEWnd
ImmGetCompositionStringW
ImmEscapeA
ImmGetGuideLineW
ImmUnregisterWordW
ImmIsIME
ImmSimulateHotKey
ImmSetCompositionWindow
ImmSetStatusWindowPos
ImmGetImeMenuItemsW
ImmNotifyIME
ImmGetConversionListA

iphlpapi

GetTcpStatistics
DeleteIPAddress
SetIpNetEntry
GetOwnerModuleFromUdpEntry
GetExtendedTcpTable
DeleteIpNetEntry
DeleteIpForwardEntry
IpReleaseAddress
SetIpTTL
EnableRouter
NotifyRouteChange
GetUdpStatisticsEx
GetTcpTable
GetIpStatistics
GetExtendedUdpTable

msi

ord93
ord210
ord15
ord223
ord261
ord10
ord243
ord244
ord9
ord268
ord249
ord202
ord71
ord181
ord37
ord212
ord256
ord211
ord242
ord229
ord172
ord194
ord136
ord225
ord55
ord270
ord247
ord66
ord260
ord265
ord213
ord218
ord60
ord195
ord68
ord245
ord205
ord154
ord101
ord110
ord224
ord109
ord7
ord238
ord239
ord263
ord179
ord89
ord230
ord281
ord95
ord232
ord231
ord42
ord273
ord251
ord96
ord85
ord214
ord65
ord216
ord45
ord112
ord275
ord56
ord83
ord102
ord39
ord264
ord189
ord67
ord219
ord267
ord204
ord259

msimg32

TransparentBlt

msvfw32

DrawDibOpen
ICOpen
ICOpenFunction
DrawDibDraw
ICDrawBegin
DrawDibStart
ord2

mswsock

WSARecvEx
GetAcceptExSockaddrs

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b91f9c704fc744b15964564677d273d7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

shlwapi

gdi32

ws2_32

netapi32

comdlg32

crypt32

imm32

iphlpapi

msi

msimg32

msvfw32

mswsock

Sections

.text Size: 170KB - Virtual size: 170KB

.rdata Size: 68KB - Virtual size: 68KB

.data Size: 4KB - Virtual size: 21KB

.text
Size: 170KB - Virtual size: 170KB

.rdata
Size: 68KB - Virtual size: 68KB

.data
Size: 4KB - Virtual size: 21KB