f4f9a7035bab9fef295a01e977346271_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f4f9a7035bab9fef295a01e977346271_JaffaCakes118
Size

244KB
MD5

f4f9a7035bab9fef295a01e977346271
SHA1

8124968befbeec5e2e3b6ff924d6d7847ab999e4
SHA256

f3d93f992bc080d82159023ea0a19fd51039553616b85aa2bad93c8297242203
SHA512

59e033a08b0e7b4cfa5fcd2528bfc8efb80cfe98e997851ec1ca954714305be18f37f3a64d456ad122df14a2bdd789d069a96dc93195e71898b3b6fae1c5250a
SSDEEP

6144:bFbKr2b0xskGiLIJ6FpfzSkaQpHFyEoG8i1ni9SBXTH62:bUr2bpk5IJ6PzSFQpHFLs9MHj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4f9a7035bab9fef295a01e977346271_JaffaCakes118

Files

f4f9a7035bab9fef295a01e977346271_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f701a400f09b45e2d8f347775d0298f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dnsapi

DnsQuery_W
DnsFree

userenv

UnloadUserProfile

kernel32

HeapFree
GetThreadPriority
IsDebuggerPresent
QueryPerformanceFrequency
DosDateTimeToFileTime
CreateEventW
FileTimeToSystemTime
CopyFileW
GetTempPathW
GetFileType
GetSystemDirectoryW
RemoveDirectoryW
GetSystemTimeAsFileTime
CreateDirectoryW
GetCurrentThreadId
SetCurrentDirectoryW
OpenMutexW
GetVolumeInformationW
GetCurrentDirectoryW
DeleteCriticalSection
SetEndOfFile
GetProcessHeap
GetDiskFreeSpaceExW
FindFirstFileA
lstrcpyW
OutputDebugStringW
ReleaseMutex
SetFileAttributesA
HeapReAlloc
LeaveCriticalSection
GlobalFree
DeleteFileW
EnterCriticalSection
GetSystemDefaultLangID
SetLastError
CreateFileW
lstrlenW
GetTimeZoneInformation
GetWindowsDirectoryW
GetStdHandle
GetFileTime
CreateDirectoryA
IsDBCSLeadByte
DisableThreadLibraryCalls
ReadFile
LocalFileTimeToFileTime
GetTempFileNameW
WriteFile
SizeofResource
FindResourceW
SetFileAttributesW
GetLocalTime
FindClose
MoveFileExW
GetSystemTime
CreateMutexW
FindResourceExW
GetSystemWindowsDirectoryW
SystemTimeToFileTime
CompareFileTime
LockResource
CreateFileA
SetThreadPriority
UnhandledExceptionFilter
FreeLibrary
CreateProcessW
GetFileSize
WideCharToMultiByte
DeviceIoControl
SetFileTime
FindNextFileW
GetShortPathNameW
CloseHandle
HeapDestroy
GetFileAttributesExW
MoveFileW
SetUnhandledExceptionFilter
LocalAlloc
LoadResource
WaitForSingleObject
LoadLibraryExW
FindFirstFileW
HeapAlloc
HeapSize
FindNextFileA
lstrlenA
RaiseException
SetFilePointer
GetStartupInfoA
VirtualAllocEx

ole32

CLSIDFromString
CoCreateGuid
StringFromGUID2

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

crypt32

CryptMsgClose
CertOpenStore
CertCloseStore
CertGetIntendedKeyUsage
CryptMsgOpenToDecode
CertNameToStrW
CryptDecodeObjectEx
CertCompareIntegerBlob
CryptMsgControl
CryptMemRealloc
CertCreateCertificateContext
CertVerifyValidityNesting
CryptMsgGetParam
CertFreeCertificateChain
CertCompareCertificate
CertDuplicateCertificateContext
CryptMemFree
CryptMsgUpdate
CertGetIssuerCertificateFromStore
CertAddCertificateContextToStore
CryptMemAlloc
CertFindExtension
CertFreeCertificateContext

ws2_32

inet_addr
inet_ntoa
WSAStringToAddressW
WSACleanup
WSAStartup

user32

CharLowerA
PeekMessageW
CharToOemA
OemToCharBuffA
CharUpperA
MsgWaitForMultipleObjects
CharUpperW
OemToCharA
wsprintfW
CharToOemBuffW
TranslateMessage
DispatchMessageW

advapi32

InitializeSid
CryptDestroyHash
CopySid
GetSidLengthRequired
InitializeSecurityDescriptor
RegQueryValueExW
AdjustTokenPrivileges
OpenProcessToken
SetSecurityDescriptorDacl
LookupPrivilegeValueW
SetFileSecurityA
CryptReleaseContext
CryptAcquireContextW
RegCloseKey
IsValidSid
CryptGetHashParam
GetFileSecurityW
RegEnumKeyExW
GetLengthSid
GetTokenInformation
FreeSid
CheckTokenMembership
SetFileSecurityW
AllocateAndInitializeSid
RegDeleteValueW
GetSidSubAuthority
CryptHashData
CryptCreateHash
RegOpenKeyExW

shlwapi

PathRemoveFileSpecW
PathAppendW
PathIsUNCServerW
PathFileExistsW
StrToIntExW
PathAddBackslashW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

mscms

CreateColorTransformW
IsColorProfileTagPresent
GetColorDirectoryW
TranslateColors
InternalGetPS2ColorSpaceArray
InternalGetPS2PreviewCRD
GetColorDirectoryA

wdigest

CredentialUpdateFree
SpInitialize
SpLsaModeInitialize
SpInstanceInit
SpUserModeInitialize

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.cOZ
Size: 2KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Ublhh
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Ui
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Vd
Size: 2KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 212KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f701a400f09b45e2d8f347775d0298f7

Headers

DLL Characteristics

File Characteristics

Imports

dnsapi

userenv

kernel32

ole32

version

crypt32

ws2_32

user32

advapi32

shlwapi

shell32

mscms

wdigest

Sections

.text Size: 17KB - Virtual size: 17KB

.cOZ Size: 2KB - Virtual size: 21KB

.rdata Size: 6KB - Virtual size: 5KB

.Ublhh Size: 1024B - Virtual size: 3KB

.Ui Size: 512B - Virtual size: 6KB

.Vd Size: 2KB - Virtual size: 15KB

.data Size: 212KB - Virtual size: 222KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 17KB - Virtual size: 17KB

.cOZ
Size: 2KB - Virtual size: 21KB

.rdata
Size: 6KB - Virtual size: 5KB

.Ublhh
Size: 1024B - Virtual size: 3KB

.Ui
Size: 512B - Virtual size: 6KB

.Vd
Size: 2KB - Virtual size: 15KB

.data
Size: 212KB - Virtual size: 222KB

.rsrc
Size: 2KB - Virtual size: 2KB