fadce26917f9678a5f54639e5add181a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fadce26917f9678a5f54639e5add181a_JaffaCakes118
Size

6.5MB
MD5

fadce26917f9678a5f54639e5add181a
SHA1

b3060ff3e8c1abd6730b9ed9db909c8c16125505
SHA256

23c3839aab6d1fb4a504c8d3c3637d3ac1a78886c5bd5f98f41d64ecc6058632
SHA512

42cbc92c8d5fba6bac5308a6de8a3701128c3b408cf66b8856297b6e51315719eeb2886de1f1f1346a73b4b5129bd96bd781e3b604089f2952b22f1e2c957a8c
SSDEEP

49152:ucnkX+FoHhAOC6q94Vl3XIw5qTqMj5SUUuyhsjOQMXR5Xi9JZK+QWNKUTtELI3cW:Fal24Iw5SbJPTR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fadce26917f9678a5f54639e5add181a_JaffaCakes118

Files

fadce26917f9678a5f54639e5add181a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c471dd909df38a60f7998bd6aeed2ee1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA

comctl32

ord6
ImageList_Destroy
ImageList_Draw
ImageList_GetImageCount
ImageList_LoadImageA
InitCommonControlsEx

crypt32

CertAddEncodedCertificateToStore
CertCloseStore
CertCreateCertificateContext
CertFreeCertificateContext
CertGetIssuerCertificateFromStore
CertOpenStore
CertOpenSystemStoreA
CryptDecodeObject

ddraw

DirectDrawCreate

gdi32

BitBlt
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateDIBitmap
CreateFontIndirectA
CreatePalette
CreatePatternBrush
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
GetDeviceCaps
GetObjectA
GetPaletteEntries
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32A
LineTo
MoveToEx
PatBlt
RealizePalette
Rectangle
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBitsToDevice
SetPixel
SetTextColor
UnrealizeObject

imagehlp

ImageLoad
ImageUnload

imm32

ImmGetCompositionStringA
ImmGetCompositionStringW
ImmGetContext
ImmGetConversionStatus
ImmGetProperty
ImmNotifyIME
ImmReleaseContext
ImmSetCompositionWindow

kernel32

CloseHandle
CompareStringA
CompareStringW
CreateDirectoryA
CreateEventA
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexA
CreateProcessA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DeleteFileA
DuplicateHandle
EnterCriticalSection
EnumSystemLocalesA
ExitProcess
ExitThread
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FlushFileBuffers
FlushInstructionCache
FlushViewOfFile
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetComputerNameA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileTime
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsA
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetOverlappedResult
GetPrivateProfileIntA
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetPrivateProfileStructA
GetProcAddress
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempPathA
GetTickCount
GetTimeFormatA
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVolumeInformationA
GetVolumeInformationW
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
IsValidCodePage
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LoadResource
LocalFileTimeToFileTime
LocalFree
LockResource
MapViewOfFile
MoveFileA
MultiByteToWideChar
OpenEventA
OpenFile
OpenMutexA
OpenProcess
OutputDebugStringA
PeekNamedPipe
QueryPerformanceCounter
RaiseException
ReadFile
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryA
ResumeThread
RtlUnwind
SetCurrentDirectoryA
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
_hread
_hwrite
_lclose
_lcreat
_llseek
_lopen
lstrcmpA
lstrcpyA
lstrcpynA
lstrcpynW
lstrlenA
lstrlenW

netapi32

Netbios

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoCreateInstance
CoGetClassObject
CoInitialize
CoRegisterClassObject
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CreateStreamOnHGlobal
OleInitialize
OleLockRunning
OleUninitialize
StringFromCLSID

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VariantClear
DispCallFunc
SysStringByteLen
SysAllocStringByteLen
LoadRegTypeLi

olepro32

ord253

shell32

ExtractIconA
ShellExecuteA

urlmon

CoInternetGetSession

user32

AdjustWindowRectEx
AttachThreadInput
BeginPaint
CallNextHookEx
CallWindowProcA
ChangeDisplaySettingsA
CharLowerA
CharNextA
CheckDlgButton
CheckMenuItem
ClientToScreen
ClipCursor
CloseClipboard
CreateAcceleratorTableA
CreateCursor
CreateIconFromResource
CreateIconFromResourceEx
CreateWindowExA
CreateWindowExW
DefWindowProcA
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DialogBoxIndirectParamA
DispatchMessageA
DrawEdge
DrawFrameControl
DrawTextA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
EnumChildWindows
EnumDisplaySettingsA
EnumWindows
FillRect
FindWindowA
FrameRect
GetActiveWindow
GetAsyncKeyState
GetClassInfoExA
GetClassNameA
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetDesktopWindow
GetDlgItem
GetFocus
GetForegroundWindow
GetKeyState
GetKeyboardLayout
GetMenuItemCount
GetMenuItemInfoA
GetMessageA
GetMessagePos
GetParent
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMetrics
GetWindow
GetWindowDC
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
GetWindowThreadProcessId
InflateRect
InvalidateRect
InvalidateRgn
IsChild
IsDlgButtonChecked
IsMenu
IsWindow
IsWindowEnabled
IsWindowVisible
KillTimer
LoadAcceleratorsA
LoadCursorA
LoadIconA
LoadImageA
LoadImageW
LoadMenuA
LoadStringA
LoadStringW
MapVirtualKeyA
MapWindowPoints
MessageBeep
MessageBoxA
MessageBoxW
ModifyMenuA
MoveWindow
OffsetRect
OpenClipboard
PeekMessageA
PostMessageA
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassExA
RegisterHotKey
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
ScreenToClient
SendDlgItemMessageA
SendMessageA
SetCapture
SetClassLongA
SetClipboardData
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuDefaultItem
SetMenuItemInfoA
SetRect
SetRectEmpty
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
SetWindowsHookExA
ShowCursor
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenuEx
TranslateAcceleratorA
TranslateMessage
UnhookWindowsHookEx
UnregisterHotKey
UpdateWindow
WindowFromPoint
wsprintfA

wininet

HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetCrackUrlA
InternetGetConnectedState
InternetOpenA
InternetOpenUrlA
InternetQueryOptionA
InternetReadFile
InternetSetOptionA

winmm

PlaySoundA
PlaySoundW
mciSendCommandA
mciSendCommandW
mciSendStringA
mmioClose
mmioOpenA
mmioOpenW
mmioRead
mmioSeek
mmioWrite
sndPlaySoundA
sndPlaySoundW
timeGetTime
timeSetEvent

ws2_32

bind
closesocket
connect
getpeername
getsockname
htonl
htons
ioctlsocket
inet_addr
inet_ntoa
listen
ntohl
ntohs
recv
recvfrom
select
sendto
setsockopt
socket
gethostbyaddr
gethostbyname
gethostname
WSAGetLastError
WSAStartup
WSACleanup
__WSAFDIsSet
WSAAccept
WSAAddressToStringA
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSARecvFrom
WSASendTo
WSASocketA
WSAStringToAddressA
WSAWaitForMultipleEvents

Sections

.rdata
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 104KB - Virtual size: 108KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c471dd909df38a60f7998bd6aeed2ee1

Headers

File Characteristics

Imports

advapi32

comctl32

crypt32

ddraw

gdi32

imagehlp

imm32

kernel32

netapi32

ole32

oleaut32

olepro32

shell32

urlmon

user32

wininet

winmm

ws2_32

Sections

.rdata Size: 3.0MB - Virtual size: 3.0MB

.data Size: 104KB - Virtual size: 108KB

.bss Size: 1.6MB - Virtual size: 1.6MB

.rsrc Size: 17KB - Virtual size: 20KB

.text Size: 1.4MB - Virtual size: 1.4MB

.idata Size: 12KB - Virtual size: 16KB

.rsrc Size: 20KB - Virtual size: 2.4MB

.rsrc Size: 6KB - Virtual size: 6KB

.rdata
Size: 3.0MB - Virtual size: 3.0MB

.data
Size: 104KB - Virtual size: 108KB

.bss
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 17KB - Virtual size: 20KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.idata
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 20KB - Virtual size: 2.4MB

.rsrc
Size: 6KB - Virtual size: 6KB