fab67a6c2c596453a9022228962a2748_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fab67a6c2c596453a9022228962a2748_JaffaCakes118
Size

264KB
MD5

fab67a6c2c596453a9022228962a2748
SHA1

e4288e7f03da4afc27338b3cb2f27f28fbc73418
SHA256

80cf6b05777cc6e270bc49180840631913f899eff19edd2d2601a67deb45e825
SHA512

37a6f674ff4bde266a83fea490b66e9c65e6bb86601d3e75881d7bbb7e75ff2cbb173456ffc96bfdc82518b37e1798a3f7997512d119de7a3ccc2b740918f0f3
SSDEEP

6144:aLrPkIlFtjAn3Zkip2l+PlJu9OchHHdmA+Jl:qY13Wi/PlJqxhHHdp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fab67a6c2c596453a9022228962a2748_JaffaCakes118

Files

fab67a6c2c596453a9022228962a2748_JaffaCakes118
.exe windows:5 windows x86 arch:x86

501755bf2715cb22ac0e83082285ba0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetLocalTime
Sleep
GetModuleFileNameA
GetCommandLineA
GetTempPathA
CreateDirectoryA
DeleteFileA
MoveFileA
CreateMutexA
GetLastError
lstrcpyA
lstrcatA
lstrlenA
ExpandEnvironmentStringsA
GetFileAttributesExA
CreateThread
WaitForSingleObject
TerminateThread
CloseHandle
GetEnvironmentStringsW
SetHandleCount
HeapDestroy
HeapCreate
HeapFree
VirtualFree
ReadFile
GetProcessHeap
SetEndOfFile
LoadLibraryA
GetLocaleInfoA
WriteFile
FlushFileBuffers
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
InitializeCriticalSectionAndSpinCount
SetFilePointer
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
GetStringTypeA
RemoveDirectoryA
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryW
ExitProcess
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetLastError
TlsFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetModuleHandleW
TlsGetValue
GetProcAddress
IsBadReadPtr
HeapValidate
GetStartupInfoA
GetModuleFileNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement

user32

GetClassLongA
wsprintfA

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegSetValueExA

ole32

CoInitialize

shell32

ShellExecuteA

shlwapi

PathIsDirectoryA
PathFileExistsA
PathRemoveBlanksA
PathGetArgsA
PathFindFileNameA

gdi32

GetFontLanguageInfo
SetGraphicsMode
CreatePenIndirect
AddFontResourceA
SetWinMetaFileBits
OffsetRgn
GetOutlineTextMetricsW
SetBitmapDimensionEx
GetDCOrgEx
GetDCPenColor
Escape
CreateColorSpaceA
GetWindowExtEx
AddFontMemResourceEx
ScaleViewportExtEx
GetEnhMetaFileBits
GetRasterizerCaps
GetRandomRgn
SetSystemPaletteUse
SetArcDirection
GetMetaFileW
CancelDC
CloseFigure
EnumFontFamiliesExA
GetStretchBltMode
CopyEnhMetaFileA
GetArcDirection
SwapBuffers
UpdateColors
SetBitmapBits
FloodFill
SetMapMode
SetPixel
DeleteEnhMetaFile
GdiGradientFill
SetViewportOrgEx
CombineRgn
GetGlyphIndicesW
CreateMetaFileW
GetTextFaceW
CombineTransform
CreateEllipticRgnIndirect
SelectObject
RemoveFontResourceA
GdiComment
EndPage
CreateDIBPatternBrush
GetMetaFileBitsEx
GetColorSpace
Chord
GetICMProfileW
AbortDoc
GetObjectType
DeleteDC
StrokeAndFillPath
PolyTextOutW
GetMetaFileA
SelectClipPath
GetEnhMetaFileW
DescribePixelFormat
GetEnhMetaFileDescriptionA
CreateRoundRectRgn
GetAspectRatioFilterEx
GetTextFaceA
StartPage
SetTextColor
SetStretchBltMode
CopyMetaFileW
CreateFontIndirectW
CreatePen
GdiSetBatchLimit
GetPaletteEntries
CreateEllipticRgn
SetEnhMetaFileBits
GetTextColor
GetGraphicsMode
PlayMetaFile
WidenPath
ExtSelectClipRgn
StartDocW
FixBrushOrgEx
GetGlyphOutlineW
GetBitmapBits
SetDIBitsToDevice
PtVisible
EndDoc
CreateCompatibleBitmap
GetEnhMetaFilePaletteEntries
RemoveFontResourceW
GetGlyphOutlineA
SetMapperFlags
GetObjectA
AnimatePalette
SetDIBColorTable
Rectangle
Polygon
GetColorAdjustment
GetWinMetaFileBits
TranslateCharsetInfo
PolyPolygon
SetBoundsRect
CreateCompatibleDC
CreateDCW
GetNearestPaletteIndex
CreateDIBPatternBrushPt
FillRgn
PlgBlt
EqualRgn
SetBkMode
GetCharWidthFloatW
GetEnhMetaFilePixelFormat
GetTextExtentPointI
SetWorldTransform
GetTextMetricsW
GetCharWidth32W
PlayEnhMetaFile
GetBkColor
GetCharWidthI
Arc
GdiAlphaBlend
GetCharABCWidthsFloatW
CreateFontA
SetDeviceGammaRamp
CreateColorSpaceW
CreatePolygonRgn
PaintRgn
StrokePath
GetWindowOrgEx
DPtoLP
GetKerningPairsA
GetPath
RectInRegion
LineDDA
EnumFontFamiliesExW
GetCharABCWidthsI
GetTextExtentPoint32W
GetFontData
MaskBlt
GetMapMode
CreateDiscardableBitmap
FlattenPath
EnumICMProfilesA
SetPolyFillMode
CreateRectRgn
GetViewportExtEx
SetWindowOrgEx
DeleteMetaFile
RemoveFontMemResourceEx
GetClipRgn
CreateScalableFontResourceW
CreateBitmap
GdiGetBatchLimit
GetCharacterPlacementA
GetRegionData
Polyline
SelectClipRgn
DeleteColorSpace
PathToRegion
GetPixel
GetObjectW
GetEnhMetaFileA
UnrealizeObject
CreateSolidBrush
ExtFloodFill
LineTo
ChoosePixelFormat
ExtEscape
SetTextCharacterExtra
RemoveFontResourceExW
AngleArc
SetTextJustification
AddFontResourceW
GetCurrentObject
ExtTextOutA
ResetDCA
CreateHalftonePalette
GetPolyFillMode
ModifyWorldTransform
ScaleWindowExtEx
GetTextExtentExPointI
GetTextExtentPointA
SetBrushOrgEx
StretchBlt
RealizePalette
GetWorldTransform
CheckColorsInGamut
GetLayout
GetLogColorSpaceW
GetCharWidth32A
GetGlyphIndicesA
PtInRegion
GetFontUnicodeRanges
GetBoundsRect
SetPaletteEntries
PolylineTo
SetWindowExtEx
CreateDIBSection
GetPixelFormat
CreatePatternBrush
GetEnhMetaFileHeader
GetLogColorSpaceA
GetTextMetricsA
CreateEnhMetaFileA

ws2_32

closesocket
__WSAFDIsSet
select
connect
ioctlsocket
htons
socket
gethostbyname
WSAStartup
send
recv

netapi32

Netbios

comdlg32

ChooseColorA
ChooseFontW
PageSetupDlgA
GetSaveFileNameW
GetFileTitleW
PageSetupDlgW
ReplaceTextW
GetSaveFileNameA
ReplaceTextA
ChooseFontA
PrintDlgA

comsvcs

CoLeaveServiceDomain
RecycleSurrogate
MTSCreateActivity
CoEnterServiceDomain
CoCreateActivity

crypt32

CryptEnumOIDInfo
CryptUnregisterOIDInfo
CryptCloseAsyncHandle
CertAddEnhancedKeyUsageIdentifier
CertVerifyCertificateChainPolicy
CryptVerifyMessageSignature
CertSaveStore
CertFreeCRLContext
CertStrToNameA
CertFindRDNAttr
CryptMsgGetParam
CryptFindLocalizedName
CertCreateCertificateContext
CertVerifySubjectCertificateContext
CryptGetKeyIdentifierProperty
CryptHashCertificate
CryptCreateAsyncHandle
CryptInstallOIDFunctionAddress
CertDeleteCTLFromStore
CertCompareCertificateName
CertIsValidCRLForCertificate
CryptDecodeObject
CertSerializeCTLStoreElement
CertGetValidUsages
CryptMemFree
CryptMsgCountersign

imm32

ImmAssociateContextEx
ImmDisableTextFrameService
ImmConfigureIMEA
ImmGetGuideLineW
ImmGetIMEFileNameA
ImmCreateContext
ImmEscapeA
ImmGetRegisterWordStyleA
ImmGetDefaultIMEWnd
ImmSimulateHotKey
ImmSetCompositionWindow
ImmEnumRegisterWordW
ImmGetDescriptionW
ImmGetContext
ImmSetConversionStatus
ImmGetDescriptionA
ImmGetConversionListA
ImmSetCompositionFontA
ImmGetCandidateListW
ImmGetCompositionFontW
ImmDestroyContext
ImmGetVirtualKey
ImmGetProperty
ImmEnumRegisterWordA
ImmSetCompositionFontW

iphlpapi

SetIpNetEntry
CreateIpNetEntry
FlushIpNetTable
GetOwnerModuleFromTcpEntry
GetIpErrorString
GetUdpStatistics
GetPerAdapterInfo

msi

ord173
ord86
ord243
ord256
ord66
ord216
ord137
ord247
ord44
ord157
ord39
ord90
ord141
ord174
ord202
ord263
ord40
ord5
ord237
ord172
ord55
ord169
ord126
ord70
ord107
ord264
ord154
ord266
ord45
ord16
ord155
ord281
ord93

msimg32

AlphaBlend
TransparentBlt

msvfw32

DrawDibStop
DrawDibOpen
ICOpenFunction
ICDrawBegin
DrawDibRealize
DrawDibBegin
ICCompressorChoose
DrawDibGetBuffer
ICOpen
ICSeqCompressFrameEnd
ICSendMessage
ICCompressorFree
MCIWndCreateW
DrawDibStart
DrawDibClose

mswsock

AcceptEx
TransmitFile
GetAcceptExSockaddrs

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

501755bf2715cb22ac0e83082285ba0a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

shlwapi

gdi32

ws2_32

netapi32

comdlg32

comsvcs

crypt32

imm32

iphlpapi

msi

msimg32

msvfw32

mswsock

Sections

.text Size: 171KB - Virtual size: 171KB

.rdata Size: 69KB - Virtual size: 68KB

.data Size: 4KB - Virtual size: 21KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 171KB - Virtual size: 171KB

.rdata
Size: 69KB - Virtual size: 68KB

.data
Size: 4KB - Virtual size: 21KB

.reloc
Size: 18KB - Virtual size: 17KB