fa481fb4df58b64bfaa94f32d04141ac_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fa481fb4df58b64bfaa94f32d04141ac_JaffaCakes118
Size

266KB
MD5

fa481fb4df58b64bfaa94f32d04141ac
SHA1

37e965b71e92ce57090e0bbf4fed0aab1a7f3ab9
SHA256

c8d78ef94aa5a27b237368f0e3844bf84bcd298740780d05c2022b190cbf7ae5
SHA512

b4608648ec6797be9468beb26346a39ef3d665c78091e1c08049649a56243103953249ebb6f0b49bb23dbfb99e189af1b19effca8efbfa4a2caae6177f115646
SSDEEP

6144:vrs+RmZq4AppI8Eyn8gujAkRNn1nJCzW:jQ8NpNEyn4HN1QW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa481fb4df58b64bfaa94f32d04141ac_JaffaCakes118

Files

fa481fb4df58b64bfaa94f32d04141ac_JaffaCakes118
.exe windows:5 windows x86 arch:x86

41010f6f335378ec98b413f91853f0c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
TerminateThread
WaitForSingleObject
CreateThread
GetFileAttributesExA
ExpandEnvironmentStringsA
lstrlenA
lstrcatA
lstrcpyA
GetLastError
CreateMutexA
MoveFileA
RemoveDirectoryA
DeleteFileA
CreateDirectoryA
GetTempPathA
GetCommandLineA
GetModuleFileNameA
Sleep
GetLocalTime
GetTickCount
ReadFile
GetProcessHeap
SetEndOfFile
LoadLibraryA
GetLocaleInfoA
WriteFile
GetStringTypeW
GetStringTypeA
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetFilePointer
InitializeCriticalSectionAndSpinCount
VirtualAlloc
HeapReAlloc
HeapSize
HeapAlloc
FlushFileBuffers
VirtualFree
HeapFree
HeapCreate
HeapDestroy
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryW
ExitProcess
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetLastError
TlsFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetModuleHandleW
TlsGetValue
GetProcAddress
IsBadReadPtr
HeapValidate
GetStartupInfoA
GetModuleFileNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement

user32

GetClassLongA
wsprintfA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyA

ole32

CoInitialize

shell32

ShellExecuteA

shlwapi

PathFileExistsA
PathIsDirectoryA
PathRemoveBlanksA
PathGetArgsA
PathFindFileNameA

gdi32

GetRgnBox
EnumFontFamiliesExW
GetCharWidth32W
GetBrushOrgEx
SetDIBits
GetSystemPaletteEntries
GetCharWidthFloatW
SetMetaRgn
AbortPath
GetCharABCWidthsFloatW
GetTextMetricsA
GetDCBrushColor
GetGlyphIndicesW
FloodFill
GetTextExtentPointI
Escape
GetSystemPaletteUse
ArcTo
GetTextExtentExPointW
IntersectClipRect
PolyPolyline
DescribePixelFormat
SetDIBitsToDevice
PatBlt
SetMapperFlags
GetTextExtentExPointA
SetSystemPaletteUse
CreatePatternBrush
CreateFontIndirectW
EnumMetaFile
CreateHalftonePalette
PlgBlt
Pie
GetEnhMetaFileW
MaskBlt
GetCharABCWidthsFloatA
ChoosePixelFormat
RemoveFontResourceExW
GetNearestPaletteIndex
EnumObjects
DeleteEnhMetaFile
CreatePalette
GetCharABCWidthsI
TextOutA
StartPage
GetCharWidthFloatA
CreateBitmapIndirect
FillPath
GetCharacterPlacementW
CreateDiscardableBitmap
TranslateCharsetInfo
GetEnhMetaFileA
DPtoLP
FlattenPath
SetICMProfileA
SetViewportOrgEx
GetEnhMetaFilePaletteEntries
AbortDoc
CreateScalableFontResourceA
SelectClipPath
SetWindowExtEx
RealizePalette
SetColorSpace
GetAspectRatioFilterEx
SetPixelV
LineTo
GetCharWidthI
GetEnhMetaFileHeader
GetBitmapDimensionEx
UnrealizeObject
SetEnhMetaFileBits
CopyEnhMetaFileA
ResetDCW
CheckColorsInGamut
EnumFontFamiliesExA
SetStretchBltMode
SetColorAdjustment
GetCharABCWidthsA
PathToRegion
CreateCompatibleBitmap
DeleteColorSpace
GetOutlineTextMetricsA
ColorCorrectPalette
CreateFontIndirectExA
GdiAlphaBlend
ExtFloodFill
BeginPath
SetPixelFormat
StartDocW
GetWorldTransform
ScaleWindowExtEx
GetMiterLimit
SetArcDirection
GetViewportOrgEx
GetKerningPairsA
AddFontResourceExA
StretchDIBits
CreatePen
EndPath
AddFontResourceExW
SetDeviceGammaRamp
GetColorAdjustment
StrokeAndFillPath
GetTextExtentPoint32W
GetDCOrgEx
GetDIBColorTable
CreateFontA
GetDeviceCaps
Chord
GetTextAlign
CreateEllipticRgnIndirect
GdiGetBatchLimit
RemoveFontResourceW
GetDCPenColor
SetPolyFillMode
StrokePath
CreateDCW
CreateEllipticRgn
SetMetaFileBitsEx
GetObjectA
PolyBezierTo
GetEnhMetaFileDescriptionA
GetFontLanguageInfo
GetICMProfileA
GetCharWidthW
GetICMProfileW
RoundRect
SelectClipRgn
GetMetaRgn
ExtEscape
GetPaletteEntries
GetTextColor
GetGlyphOutlineA
SetAbortProc
FillRgn
GetRandomRgn
SetICMMode
GetMapMode
GetOutlineTextMetricsW
GetBoundsRect
GetStretchBltMode
GetTextCharsetInfo
CombineRgn
SwapBuffers
EndPage
GetTextExtentExPointI
DeleteDC
RemoveFontResourceA
GetBitmapBits
RectVisible
ScaleViewportExtEx
CopyMetaFileA
StartDocA
CreateCompatibleDC
SelectPalette
PolyTextOutW
SetRectRgn
GdiGradientFill
SetMiterLimit
EnumFontFamiliesW
SetROP2
CancelDC
CreateBitmap
GetTextExtentPoint32A
GetTextMetricsW
GetWinMetaFileBits
ModifyWorldTransform
RestoreDC
CloseFigure
ExtCreatePen
CreatePenIndirect
SetMapMode
GetFontUnicodeRanges
CreateRectRgnIndirect

ws2_32

recv
closesocket
__WSAFDIsSet
select
connect
ioctlsocket
htons
socket
gethostbyname
WSAStartup
send

netapi32

Netbios

comsvcs

RecycleSurrogate

crypt32

CertOIDToAlgId
CryptMsgOpenToEncode
CertGetCTLContextProperty
CertSetCertificateContextProperty
CryptEncodeObject
CryptMemAlloc
CertGetCertificateContextProperty
CertCreateSelfSignCertificate
CertCreateCertificateContext
CertEnumCertificatesInStore
CryptFindOIDInfo
CryptMsgCountersignEncoded
CertAddCRLLinkToStore
CryptDecodeObjectEx
CertFindCTLInStore
CertAddEnhancedKeyUsageIdentifier
CertEnumCTLsInStore
CertCompareCertificate
CertEnumCRLContextProperties
CertRegisterPhysicalStore
CryptAcquireCertificatePrivateKey
CertGetStoreProperty
CertUnregisterSystemStore
CryptHashPublicKeyInfo
CertResyncCertificateChainEngine
CertGetIssuerCertificateFromStore
CertNameToStrA
CertAlgIdToOID
CryptGetKeyIdentifierProperty
CryptSetOIDFunctionValue
CryptVerifyMessageSignatureWithKey
CryptEnumOIDFunction
CertCreateContext
CertRemoveEnhancedKeyUsageIdentifier
CryptUnprotectData
CertAddCertificateContextToStore
CertAddEncodedCTLToStore
CryptVerifyMessageSignature
CertFindSubjectInSortedCTL
CertGetCRLContextProperty
CryptExportPublicKeyInfo
CertIsValidCRLForCertificate
CryptSignAndEncodeCertificate
CryptMsgEncodeAndSignCTL
CryptDecryptMessage
CertCompareCertificateName
CertFindSubjectInCTL
CertEnumCRLsInStore
PFXExportCertStoreEx
CertGetSubjectCertificateFromStore
CryptSignCertificate
CryptMsgControl
CertFindExtension
CertGetPublicKeyLength
CryptRegisterOIDFunction
CryptMsgGetAndVerifySigner
CertGetCRLFromStore
CryptInstallOIDFunctionAddress
CryptSetAsyncParam
CertAddEncodedCRLToStore
CertVerifyCRLTimeValidity
CertCreateCRLContext
CertFreeCRLContext
CryptProtectData
CryptSignAndEncryptMessage
CertGetIntendedKeyUsage
CryptBinaryToStringA
CertRegisterSystemStore
CertFreeCertificateChain
CryptEncryptMessage
CryptVerifyDetachedMessageSignature
CertOpenSystemStoreA
CertDeleteCRLFromStore

imm32

ImmGetDefaultIMEWnd
ImmRegisterWordW
ImmGetCandidateListW
ImmDestroyContext
ImmUnregisterWordW
ImmSetConversionStatus
ImmGetStatusWindowPos
ImmEnumInputContext
ImmGetDescriptionA
ImmGetImeMenuItemsW
ImmIsIME
ImmGetGuideLineA
ImmIsUIMessageA
ImmInstallIMEA
ImmGetCompositionStringA
ImmGetOpenStatus
ImmGetRegisterWordStyleW
ImmGetVirtualKey
ImmEscapeA
ImmSetCompositionStringA
ImmGetConversionStatus
ImmSetCompositionStringW
ImmSetCandidateWindow
ImmGetConversionListW
ImmGetGuideLineW
ImmGetDescriptionW
ImmGetCandidateListCountW
ImmEnumRegisterWordW
ImmGetCompositionStringW
ImmEnumRegisterWordA
ImmGetCandidateListA

iphlpapi

GetIfTable
IpReleaseAddress
GetUdpStatistics
GetIcmpStatisticsEx
UnenableRouter
CreateProxyArpEntry
SetTcpEntry
GetIpErrorString
GetTcpStatisticsEx
GetIfEntry
GetIcmpStatistics
SetIfEntry
GetAdaptersInfo
GetExtendedUdpTable
NotifyRouteChange
CreateIpNetEntry
RestoreMediaSense
GetRTTAndHopCount
SetIpNetEntry
GetIpAddrTable
GetUdpTable
GetNumberOfInterfaces
GetTcpTable
NotifyAddrChange
GetInterfaceInfo
GetIpForwardTable
GetUdpStatisticsEx
GetIpStatistics
DeleteIPAddress
GetBestInterface

msi

ord72
ord247
ord42
ord90
ord249
ord195
ord43
ord266
ord270
ord113
ord175
ord217
ord14
ord276
ord255
ord231
ord190
ord7
ord251
ord86
ord254
ord96
ord216
ord264
ord245
ord267
ord111
ord257
ord89
ord65
ord224
ord85
ord108
ord263
ord141
ord202
ord70
ord56
ord173
ord214
ord39
ord136
ord156
ord239
ord227
ord230
ord8
ord215
ord38
ord15
ord9
ord208
ord250
ord176
ord55
ord67
ord6
ord223
ord205

msimg32

TransparentBlt

msvfw32

ICImageCompress
ICGetDisplayFormat
ICDrawBegin
MCIWndCreateW
DrawDibSetPalette
ICDecompress
ICOpenFunction
ICOpen
DrawDibChangePalette
MCIWndCreateA
DrawDibOpen
ICSendMessage
MCIWndRegisterClass
DrawDibGetBuffer
ICRemove
ICDraw
ICClose
DrawDibClose

mswsock

WSARecvEx
GetAcceptExSockaddrs

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41010f6f335378ec98b413f91853f0c6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

shlwapi

gdi32

ws2_32

netapi32

comsvcs

crypt32

imm32

iphlpapi

msi

msimg32

msvfw32

mswsock

Sections

.text Size: 172KB - Virtual size: 171KB

.rdata Size: 70KB - Virtual size: 70KB

.data Size: 4KB - Virtual size: 21KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 172KB - Virtual size: 171KB

.rdata
Size: 70KB - Virtual size: 70KB

.data
Size: 4KB - Virtual size: 21KB

.reloc
Size: 18KB - Virtual size: 18KB