f6ade60c0cbab647c3fcc514cc470100_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f6ade60c0cbab647c3fcc514cc470100_JaffaCakes118
Size

242KB
MD5

f6ade60c0cbab647c3fcc514cc470100
SHA1

30318ce547e608570d19db6569d549c1d27f40f3
SHA256

86cff02504cb3153c880eeed36629a86a9a3edf3bf8ef34d72312963940fd970
SHA512

7f600c2756bf6aa37a7cae8c397cd92c26346e9347f04947355fd11804f238d4859a65ef2f7a27882dbac04981a6a8f586f411dfb897ee2c39d8228cfd933249
SSDEEP

6144:TP2O0X2MHsknUpNBy+WfC2rOCSSORLYYH:TP2xmMnKjy1fC22SORU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6ade60c0cbab647c3fcc514cc470100_JaffaCakes118

Files

f6ade60c0cbab647c3fcc514cc470100_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5414f74731964d3a4f60f988092fd156

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
FlushFileBuffers
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
InitializeCriticalSectionAndSpinCount
SetFilePointer
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
SetEndOfFile
GetProcessHeap
ReadFile
GetTickCount
GetLocalTime
Sleep
GetModuleFileNameA
GetCommandLineA
GetTempPathA
CreateDirectoryA
DeleteFileA
RemoveDirectoryA
MoveFileA
CreateMutexA
GetLastError
WriteFile
lstrcpyA
lstrcatA
lstrlenA
ExpandEnvironmentStringsA
GetFileAttributesExA
CreateThread
WaitForSingleObject
TerminateThread
CloseHandle
HeapFree
HeapCreate
HeapDestroy
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryW
ExitProcess
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetLastError
TlsFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetModuleHandleW
TlsGetValue
GetProcAddress
IsBadReadPtr
HeapValidate
GetStartupInfoA
GetModuleFileNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement

user32

wsprintfA

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegSetValueExA

ole32

CoInitialize
GetClassFile

shell32

ShellExecuteA

shlwapi

PathFileExistsA
PathFindFileNameA
PathIsDirectoryA
PathGetArgsA
PathRemoveBlanksA

gdi32

SetTextAlign
RemoveFontResourceExW
AddFontResourceExW
GdiAlphaBlend
SetWorldTransform
EndPath
SetBrushOrgEx
GetMiterLimit
AddFontMemResourceEx
GetRasterizerCaps
GetWindowExtEx
GetOutlineTextMetricsA
CopyEnhMetaFileA
AddFontResourceExA
CreateMetaFileW
PlayEnhMetaFileRecord
GdiFlush
CreateFontA
GetCharWidthFloatA
SetICMMode
GetTextFaceA
CreatePenIndirect
GetEnhMetaFileA
FillRgn
CreatePalette

ws2_32

recv
closesocket
__WSAFDIsSet
select
connect
ioctlsocket
htons
socket
gethostbyname
WSAStartup
send

netapi32

Netbios

comdlg32

FindTextW
ReplaceTextA
PrintDlgA
CommDlgExtendedError
PageSetupDlgW
FindTextA
ChooseColorA
PageSetupDlgA
GetOpenFileNameW
PrintDlgW
ReplaceTextW

comsvcs

CoCreateActivity

crypt32

CertGetCRLContextProperty
CryptRegisterOIDFunction
CryptMsgCountersignEncoded
CertFindExtension
CryptFreeOIDFunctionAddress
CryptCloseAsyncHandle
CryptBinaryToStringW
CryptSetKeyIdentifierProperty
CertDuplicateCertificateChain
CertAddCRLLinkToStore
CryptQueryObject
CryptDecodeObject
CertRegisterPhysicalStore
CryptMsgGetParam
CertVerifySubjectCertificateContext
CryptHashMessage
CryptSetAsyncParam
CryptEncryptMessage
CryptHashPublicKeyInfo
CertEnumCertificatesInStore
CertFreeCTLContext
CertSaveStore
CryptEnumOIDFunction
PFXIsPFXBlob
CertCreateCRLContext
CertFindSubjectInSortedCTL
PFXExportCertStore
CertGetCertificateContextProperty
CryptGetAsyncParam
CertFreeCertificateChain
CertGetEnhancedKeyUsage
CryptVerifyDetachedMessageSignature
CertRemoveEnhancedKeyUsageIdentifier
CertSetCTLContextProperty
CertCompareCertificateName
CertAddCTLLinkToStore
CryptImportPublicKeyInfo
CertEnumCRLsInStore
CryptEnumKeyIdentifierProperties
CertCompareCertificate
CertAddEncodedCRLToStore
CertEnumPhysicalStore
CryptGetDefaultOIDFunctionAddress
CertEnumSystemStore
CertVerifyCRLTimeValidity
CertFindCTLInStore
CertEnumCTLContextProperties
CryptMsgVerifyCountersignatureEncodedEx
CryptFormatObject
CryptFindCertificateKeyProvInfo
CryptMsgCountersign
CryptVerifyDetachedMessageHash
CertVerifyCTLUsage
CertAddEncodedCertificateToSystemStoreW
CryptDecryptMessage
CryptGetOIDFunctionValue
CryptCreateAsyncHandle
CertGetNameStringW
CertDeleteCTLFromStore
CertDeleteCertificateFromStore
CryptUninstallDefaultContext
CertNameToStrW
CryptFindLocalizedName
CryptSignAndEncodeCertificate
CryptGetKeyIdentifierProperty
PFXImportCertStore
CertAddCRLContextToStore
CryptEnumOIDInfo
CryptMsgSignCTL
CryptUnregisterDefaultOIDFunction
CryptExportPublicKeyInfo
CertCreateSelfSignCertificate
CryptRegisterDefaultOIDFunction
CertResyncCertificateChainEngine
CertVerifyRevocation
CertCompareIntegerBlob
CertStrToNameA
CertNameToStrA
CryptDecodeMessage
CertGetCertificateChain
CertVerifyValidityNesting
CertFreeCertificateContext
CertRegisterSystemStore
CertEnumSubjectInSortedCTL
CertGetNameStringA
CertStrToNameW
CertVerifyCertificateChainPolicy
PFXExportCertStoreEx
CryptProtectData
CertGetSubjectCertificateFromStore
CertSetCertificateContextProperty
CertOpenSystemStoreW
CryptGetMessageCertificates
CertVerifyTimeValidity
CryptUnregisterOIDFunction
CertIsRDNAttrsInCertificateName

imm32

ImmUnregisterWordW
ImmConfigureIMEW
ImmGetContext
ImmReleaseContext
ImmSetCompositionStringW
ImmIsUIMessageA
ImmRegisterWordW
ImmGetCompositionFontA
ImmRegisterWordA
ImmSetStatusWindowPos
ImmGetVirtualKey
ImmDestroyContext
ImmInstallIMEA
ImmSimulateHotKey
ImmGetIMEFileNameA
ImmDisableTextFrameService
ImmEnumRegisterWordW
ImmIsUIMessageW
ImmGetGuideLineW
ImmAssociateContextEx

iphlpapi

GetTcpTable
GetPerAdapterInfo
GetNumberOfInterfaces
GetIpStatisticsEx
GetNetworkParams
GetBestInterface
NotifyAddrChange
IpReleaseAddress
GetAdapterOrderMap
RestoreMediaSense
GetBestRoute
SetIpTTL

msi

ord10
ord7
ord243
ord193
ord8
ord131
ord237
ord44
ord5
ord259
ord247
ord72
ord104
ord230
ord253
ord245
ord241
ord14
ord267
ord60
ord232
ord190
ord209
ord141
ord11
ord39
ord223
ord274
ord179
ord108
ord155
ord95
ord93
ord258
ord270
ord112
ord90
ord262
ord251
ord273
ord246
ord94
ord66
ord250
ord213
ord177
ord194
ord242
ord9
ord180
ord96
ord263
ord240
ord16
ord214
ord216
ord178
ord107
ord87
ord189
ord37
ord110
ord137
ord281
ord71
ord252
ord129
ord269
ord227
ord202
ord102
ord272
ord67
ord109
ord83
ord192
ord229
ord175
ord157
ord41
ord65
ord255
ord248
ord238
ord59
ord205
ord211
ord195
ord82
ord168
ord265
ord224
ord156
ord275

msvfw32

DrawDibEnd
DrawDibGetPalette
ICLocate
ICGetDisplayFormat
ICSeqCompressFrameStart
ICDraw
ICDrawBegin
DrawDibStop
MCIWndCreateW
ICCompressorChoose
ICGetInfo
ICInfo
DrawDibChangePalette
ICRemove
MCIWndCreateA
DrawDibClose
ICOpen
DrawDibBegin
ICInstall
DrawDibOpen
ICOpenFunction

mswsock

TransmitFile
GetAcceptExSockaddrs

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5414f74731964d3a4f60f988092fd156

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

shlwapi

gdi32

ws2_32

netapi32

comdlg32

comsvcs

crypt32

imm32

iphlpapi

msi

msvfw32

mswsock

Sections

.text Size: 169KB - Virtual size: 169KB

.rdata Size: 67KB - Virtual size: 66KB

.data Size: 4KB - Virtual size: 21KB

.text
Size: 169KB - Virtual size: 169KB

.rdata
Size: 67KB - Virtual size: 66KB

.data
Size: 4KB - Virtual size: 21KB