eb47cebee3c631c066cf39319845d166_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

eb47cebee3c631c066cf39319845d166_JaffaCakes118
Size

1.8MB
MD5

eb47cebee3c631c066cf39319845d166
SHA1

5db742341c82e163142cb90012988af2618b1da8
SHA256

88a178cb6d06e7cd089e209d393e71df69b6b401749998ed46f3cc4645972498
SHA512

85af09dc49efb5ab9eba5c92e5e5fcaf47aa9cd2ae201c91961af7e9d04ab214f45b903cd3bf3d02d308da08db31c3f6d94a4c5708e9d36bff7acb596d35bb8e
SSDEEP

49152:e1UFyNqlIcaJK76mg8YK04h4ARbXgHpNZTj:BScaYPd04RbXqB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb47cebee3c631c066cf39319845d166_JaffaCakes118

Files

eb47cebee3c631c066cf39319845d166_JaffaCakes118
.exe windows:5 windows x86 arch:x86

292933c9502a6998c2cdc8d055cfe6d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

htonl
inet_ntoa
WSAGetLastError
getservbyname
ntohl
WSACleanup
accept
bind
WSAStartup
shutdown
sendto
recvfrom
getsockname
getpeername
getsockopt
htons
getservbyport
ntohs
WSASetLastError
closesocket
select
connect
ioctlsocket
setsockopt
socket
recv
send
gethostbyname
gethostbyaddr
inet_addr
listen

mpr

WNetAddConnection2W
WNetOpenEnumW
WNetCloseEnum
WNetEnumResourceW
WNetCancelConnection2W

kernel32

GetSystemDirectoryA
GetComputerNameA
MoveFileExW
OpenProcess
VerLanguageNameW
WriteConsoleA
GetStdHandle
FormatMessageA
InitializeCriticalSectionAndSpinCount
ExpandEnvironmentStringsA
LoadLibraryA
HeapDestroy
HeapReAlloc
HeapSize
RtlUnwind
UnhandledExceptionFilter
IsDebuggerPresent
WriteConsoleW
GetFileType
VirtualProtect
GetSystemInfo
VirtualQuery
GetCPInfo
GetConsoleCP
GetConsoleMode
GetStartupInfoW
IsProcessorFeaturePresent
VirtualFree
ExitProcess
SetErrorMode
ExitThread
ReadProcessMemory
SetUnhandledExceptionFilter
WriteProcessMemory
GetLocalTime
SystemTimeToTzSpecificLocalTime
GlobalHandle
GetFileSize
SetEndOfFile
GetSystemTimeAsFileTime
TerminateProcess
SetProcessAffinityMask
GetCurrentProcessId
LoadLibraryExW
CreateThread
lstrcpynA
OpenMutexW
FreeResource
ResumeThread
ResetEvent
LocalAlloc
SetEnvironmentVariableA
GetLocaleInfoW
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateFileA
GetConsoleOutputCP
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
FlushFileBuffers
GetStartupInfoA
DeleteCriticalSection
EnterCriticalSection
GetLastError
SizeofResource
LockResource
LoadResource
FindResourceW
LCMapStringA
LCMapStringW
GetStringTypeW
GetTimeFormatA
GetDateFormatA
CompareStringA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
GetModuleFileNameA
GetModuleHandleA
GetTimeZoneInformation
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
CreateMutexW
InterlockedCompareExchange
GetSystemDefaultLCID
GetLocaleInfoA
GlobalFree
CreateDirectoryW
GetDateFormatW
GetTimeFormatW
OpenThread
TerminateThread
SetFilePointer
FileTimeToLocalFileTime
GetTempPathA
InterlockedIncrement
FindFirstFileW
FindNextFileW
FindClose
DeleteFileW
MoveFileW
GetTempPathW
CopyFileW
FormatMessageW
LocalFree
GetSystemTime
GlobalAlloc
GlobalLock
GlobalUnlock
GetModuleHandleW
GetStringTypeExW
GetProcessHeap
HeapAlloc
lstrcatW
HeapFree
SystemTimeToFileTime
FileTimeToSystemTime
OpenEventW
SetEvent
lstrcmpW
MulDiv
ReleaseMutex
FindResourceExW
lstrcpynW
LoadLibraryW
FreeLibrary
GetProcAddress
GetVersionExW
InterlockedExchange
WaitForMultipleObjects
GetCurrentThread
SetThreadPriority
WaitForSingleObject
SetLastError
GetCurrentThreadId
CreateEventW
Sleep
RaiseException
GetModuleFileNameW
lstrcmpiW
GetVolumeInformationA
GetTickCount
lstrlenA
WideCharToMultiByte
InitializeCriticalSection
WriteFile
ReadFile
CreateFileW
CompareStringW
InterlockedDecrement
GetCurrentProcess
FlushInstructionCache
lstrlenW
lstrcpyW
MultiByteToWideChar
LeaveCriticalSection
CloseHandle
VirtualAlloc

user32

SetClassLongW
DrawMenuBar
GetMenuStringW
TrackPopupMenu
AdjustWindowRectEx
RemoveMenu
AppendMenuW
CreatePopupMenu
LoadStringA
PostQuitMessage
GetSystemMenu
UnhookWindowsHookEx
GetDoubleClickTime
DestroyCursor
ModifyMenuW
TranslateAcceleratorW
PeekMessageW
ScrollWindowEx
ValidateRect
GetScrollInfo
SetScrollPos
SetScrollInfo
SetActiveWindow
GetUpdateRect
SetWindowContextHelpId
SetWindowsHookExW
BringWindowToTop
CallNextHookEx
SetParent
FindWindowW
BeginDeferWindowPos
EndDeferWindowPos
LoadAcceleratorsW
DefMDIChildProcW
IsMenu
DeferWindowPos
SetMenu
GetMenu
wvsprintfW
EqualRect
CheckDlgButton
wsprintfW
EnumChildWindows
IsDialogMessageW
CreateDialogParamW
LoadIconW
CreateAcceleratorTableW
DestroyAcceleratorTable
RedrawWindow
InvalidateRgn
GetCaretPos
EmptyClipboard
SetClipboardData
CloseClipboard
LoadImageW
GetDesktopWindow
OpenClipboard
MoveWindow
GetDlgItemTextW
IsDlgButtonChecked
SetDlgItemInt
GetDlgItemInt
DestroyIcon
LoadBitmapW
TranslateMessage
GetMessagePos
DrawStateW
GetMenuItemCount
GetMenuItemInfoW
SetMenuItemInfoW
GetTopWindow
IsZoomed
IsIconic
IsRectEmpty
GetSystemMetrics
FrameRect
WindowFromPoint
CharLowerW
SetWindowPlacement
DefFrameProcW
TranslateMDISysAccel
CreateIconFromResourceEx
CreateDialogIndirectParamW
SetLayeredWindowAttributes
MapDialogRect
SetForegroundWindow
InSendMessage
GetMessageW
DispatchMessageW
GetKeyState
GetScrollPos
KillTimer
IntersectRect
SetRect
RegisterClassExW
GetSubMenu
SystemParametersInfoW
IsChild
GetWindowDC
TrackPopupMenuEx
MonitorFromPoint
DrawEdge
WindowFromDC
EnableMenuItem
DestroyMenu
LoadMenuW
SetMenuDefaultItem
InflateRect
CopyRect
GetClassInfoExW
SetTimer
IsWindowVisible
ShowWindow
ClientToScreen
UnionRect
GetActiveWindow
DialogBoxParamW
PostMessageW
MessageBoxW
RegisterWindowMessageW
MessageBeep
EnableWindow
GetSysColorBrush
SetDlgItemTextW
LoadStringW
GetClassNameW
LoadCursorW
EndPaint
BeginPaint
GetWindowPlacement
GetWindowThreadProcessId
DrawIconEx
GetMenuDefaultItem
DragDetect
GetSysColor
GetFocus
GetCapture
ReleaseCapture
GetCursorPos
PtInRect
SetCursor
FillRect
CallWindowProcW
DrawFocusRect
GetDlgCtrlID
SetFocus
SetCapture
IsWindowEnabled
InvalidateRect
UpdateWindow
ScreenToClient
DestroyWindow
OffsetRect
SetRectEmpty
ReleaseDC
GetDC
SendDlgItemMessageW
EndDialog
DefWindowProcW
CharNextW
DrawTextW
GetWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
SetWindowPos
IsWindow
GetDlgItem
GetParent
GetClientRect
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetWindowLongW
CreateWindowExW
SetWindowLongW
SendMessageW
SendMessageTimeoutW
CreateIcon
DrawFrameControl
UnregisterClassA
GetClassLongW

gdi32

ExtSelectClipRgn
SetDIBitsToDevice
GetCurrentObject
GetTextExtentExPointW
GetViewportOrgEx
GetClipRgn
Polyline
IntersectClipRect
RestoreDC
SaveDC
SetWindowOrgEx
LPtoDP
SetWindowExtEx
SetViewportExtEx
SetMapMode
GetMapMode
SetBrushOrgEx
StretchBlt
SetViewportOrgEx
SetStretchBltMode
GetDIBColorTable
CreateDIBSection
SetDIBColorTable
AddFontResourceExW
RemoveFontResourceExW
CreateEllipticRgnIndirect
CreateFontW
BitBlt
Polygon
GetTextMetricsW
Rectangle
CreateSolidBrush
CreateBitmap
CreatePatternBrush
CombineRgn
SetRectRgn
CreateRectRgnIndirect
CreateRectRgn
SelectClipRgn
GetClipBox
PatBlt
GetDeviceCaps
DPtoLP
ExtCreatePen
SetBkColor
ExtTextOutW
CreatePen
CreateCompatibleBitmap
GetObjectW
SelectObject
DeleteObject
DeleteDC
SetBkMode
SetTextColor
CreateFontIndirectW
GetStockObject
GetTextExtentPoint32W
CreateCompatibleDC
MoveToEx
LineTo

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegOpenKeyExW
RegQueryValueExW
CryptGenRandom
CryptAcquireContextW
RegDeleteKeyW
RegEnumValueW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
CloseServiceHandle
OpenSCManagerW
RegConnectRegistryW
ChangeServiceConfig2W
CreateServiceW
DeleteService
OpenServiceW
QueryServiceStatus
StartServiceW
ControlService
EnumDependentServicesW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptGetHashParam
RegFlushKey
RegOpenKeyExA

shell32

ExtractIconExW
ord165
SHGetSpecialFolderPathW
SHBrowseForFolderA
SHGetPathFromIDListA
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetFolderPathW
ShellExecuteW
SHCreateDirectoryExA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoUninitialize
CoInitializeEx
OleRun
DoDragDrop
CoTaskMemRealloc
CoInitialize

oleaut32

VarDecFromStr
VarR8FromStr
VarI4FromStr
VarDateFromStr
VarDecCmp
SysStringLen
SysFreeString
SysAllocString
VariantInit
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
OleLoadPicture
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
GetErrorInfo
CreateErrorInfo

shlwapi

StrStrW
StrTrimW
PathRemoveFileSpecW

comctl32

ImageList_LoadImageW
_TrackMouseEvent
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
ImageList_DrawEx
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DragEnter
ImageList_DragLeave
DestroyPropertySheetPage
PropertySheetW
ImageList_Draw
ImageList_GetIcon
CreatePropertySheetPageW
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_Add
ImageList_GetImageCount
ImageList_GetImageInfo
InitCommonControlsEx
CreateStatusWindowW

msimg32

TransparentBlt
AlphaBlend

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

gdiplus

GdipFree
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipCloneImage

iphlpapi

GetAdaptersInfo

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameW

wininet

HttpOpenRequestA
InternetOpenUrlA
InternetOpenA
InternetConnectA
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
InternetSetOptionA
InternetCloseHandle

Exports

Exports

?GetDecryptProc@@YGXP6GXXZ@Z
?GetEncryptProc@@YGXP6GXXZ@Z
?SetDecryptionKey@@YGXP6GXPADK@Z@Z

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shr
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

292933c9502a6998c2cdc8d055cfe6d7

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

mpr

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

version

gdiplus

iphlpapi

psapi

wininet

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 285KB - Virtual size: 284KB

.data Size: 55KB - Virtual size: 88KB

.shr Size: 512B - Virtual size: 4B

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 285KB - Virtual size: 284KB

.data
Size: 55KB - Virtual size: 88KB

.shr
Size: 512B - Virtual size: 4B

.rsrc
Size: 5KB - Virtual size: 4KB