fb258ea08f542fa978a45eda34233495_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fb258ea08f542fa978a45eda34233495_JaffaCakes118
Size

262KB
MD5

fb258ea08f542fa978a45eda34233495
SHA1

3ae58c1e84bd14af3beca570e0d7c9d9f6a4f92f
SHA256

8b81c0d5749784e8ceb2511649f35fd1c15a965303723a8c1762aafcc50e287e
SHA512

09e21a53b74e4e0e04c63967e8e9b4e08658da6f8aac836e6ecb697bbaab7c79e105f2d8ca44b41f3163adc5f80da1392b4d766402cb87eb0d9dedcdbf77cd48
SSDEEP

6144:Jyicm3YDfE2pW7pev5VCszJ5HCoFT5F/KZ:MBD5E7sv5Y85HCklU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb258ea08f542fa978a45eda34233495_JaffaCakes118

Files

fb258ea08f542fa978a45eda34233495_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2e037f224106f3039b7bedf65b706d4a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
InitializeCriticalSectionAndSpinCount
SetFilePointer
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
SetEndOfFile
GetProcessHeap
ReadFile
HeapReAlloc
GetTickCount
GetLocalTime
Sleep
GetModuleFileNameA
GetCommandLineA
GetTempPathA
CreateDirectoryA
DeleteFileA
RemoveDirectoryA
MoveFileA
CreateMutexA
GetLastError
lstrcpyA
lstrcatA
lstrlenA
ExpandEnvironmentStringsA
GetFileAttributesExA
CreateThread
WaitForSingleObject
TerminateThread
CloseHandle
HeapSize
HeapAlloc
FlushFileBuffers
VirtualFree
WriteFile
HeapFree
HeapCreate
HeapDestroy
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryW
ExitProcess
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetLastError
TlsFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetModuleHandleW
TlsGetValue
GetProcAddress
IsBadReadPtr
HeapValidate
GetStartupInfoA
GetModuleFileNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement

user32

wsprintfA
GetClassLongA

advapi32

RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA

ole32

CoInitialize

shell32

ShellExecuteA

shlwapi

PathGetArgsA
PathFindFileNameA
PathIsDirectoryA
PathFileExistsA
PathRemoveBlanksA

gdi32

GdiTransparentBlt
GdiComment
PlayEnhMetaFileRecord
SetBitmapBits
SetLayout
PathToRegion
EnumFontFamiliesExW
CreatePenIndirect
ArcTo
GetObjectType
Escape
GetCharWidth32A
SetGraphicsMode
DeleteDC
Pie
GetCharABCWidthsA
GetStretchBltMode
GetPixel
GetCharWidthW
AbortPath
AngleArc
PatBlt
CreateFontIndirectExA
PolyPolygon
CreateBrushIndirect
GdiAlphaBlend
GetGlyphOutlineA
EnumMetaFile
DeleteEnhMetaFile
GetTextCharsetInfo
EnumFontsW
MaskBlt
ScaleWindowExtEx
ExtSelectClipRgn
SetDIBits
GdiSetBatchLimit
GetMetaRgn
GdiFlush
IntersectClipRect
CreateDiscardableBitmap
StretchBlt
AddFontResourceA
CreateBitmapIndirect
GetTextExtentExPointI
SetICMProfileW
CloseMetaFile
EqualRgn
CombineRgn
AddFontResourceW
GetBkColor
GetICMProfileW
GetMiterLimit
SetTextAlign
SetViewportExtEx
GetTextExtentPointA
SetICMMode
PolyPolyline
CreateFontA
CreatePatternBrush
CreateScalableFontResourceA
CreateHalftonePalette
GetGlyphIndicesA
PaintRgn
ResetDCA
ColorCorrectPalette
CheckColorsInGamut
GetWorldTransform
GetDIBColorTable
DeleteColorSpace
GetTextExtentPointI
CreatePolyPolygonRgn
GetEnhMetaFileDescriptionA
AddFontMemResourceEx
CreateFontIndirectW
GetColorSpace
GetDCBrushColor
ExtFloodFill
StrokeAndFillPath
CopyMetaFileW
GetSystemPaletteEntries
CopyEnhMetaFileA
EnumICMProfilesW
SetWindowExtEx
SaveDC
EndDoc
GetCurrentObject
ExtEscape
Chord
CreateColorSpaceA
SetTextJustification
SetBitmapDimensionEx
SetTextCharacterExtra
RemoveFontResourceExW
CreateRectRgn
PolylineTo
GetROP2
GetCharWidthA
SelectClipPath
GetFontUnicodeRanges
Ellipse
CreateCompatibleBitmap
CreateMetaFileA
GetBitmapDimensionEx
CloseEnhMetaFile
CreatePalette
FixBrushOrgEx

ws2_32

recv
closesocket
__WSAFDIsSet
select
connect
ioctlsocket
htons
socket
gethostbyname
WSAStartup
send

netapi32

Netbios

comdlg32

ChooseColorA
ChooseFontW
ChooseFontA
PrintDlgA

comsvcs

CoCreateActivity
SafeRef
CoEnterServiceDomain

crypt32

CryptSignMessage
CertAddCRLLinkToStore
CryptEnumOIDFunction
CertEnumSystemStoreLocation
CertFindCRLInStore
CryptFindOIDInfo
CertFreeCertificateContext
CertGetStoreProperty
CertFindExtension
CertGetCertificateContextProperty
CertGetCTLContextProperty
CertRemoveStoreFromCollection
CertEnumCertificatesInStore
CryptMsgOpenToEncode
CryptSignAndEncryptMessage
CryptFormatObject
CertAddCertificateContextToStore
CryptFindLocalizedName
CertVerifyValidityNesting
CertGetIntendedKeyUsage
CryptMsgDuplicate
CryptDecodeObjectEx
PFXIsPFXBlob
CryptCloseAsyncHandle
CertGetEnhancedKeyUsage
CryptDecryptAndVerifyMessageSignature
CertFindCTLInStore
CertAlgIdToOID
CryptImportPublicKeyInfoEx
CertNameToStrA
CertRegisterPhysicalStore
CryptUninstallDefaultContext
CertVerifyCRLTimeValidity
CertGetPublicKeyLength
CryptMsgControl
CryptMsgClose
CertAddCertificateLinkToStore
CertDuplicateCTLContext
CertRemoveEnhancedKeyUsageIdentifier
CryptMsgGetAndVerifySigner
CryptEncodeObjectEx
CertAddEncodedCertificateToSystemStoreW
CertEnumCTLContextProperties
CertAddEncodedCertificateToSystemStoreA
CryptCreateAsyncHandle
CertFreeCertificateChain
CryptSetKeyIdentifierProperty
CertCompareIntegerBlob
CertNameToStrW
CryptSetOIDFunctionValue
CertAddCTLContextToStore
CertVerifyCRLRevocation
CertOpenStore
CertFindAttribute
CryptEnumOIDInfo
CertOIDToAlgId
CertVerifyCertificateChainPolicy
CryptMsgVerifyCountersignatureEncoded
CertDuplicateStore
CertCreateCRLContext
CryptMsgOpenToDecode
CertAddSerializedElementToStore
CertUnregisterSystemStore
CertSetStoreProperty
CertEnumSubjectInSortedCTL
CryptMsgSignCTL
CryptEnumKeyIdentifierProperties
CertDuplicateCRLContext
CryptGetOIDFunctionAddress
CryptGetMessageSignerCount
CertAddEnhancedKeyUsageIdentifier
CertCreateCTLEntryFromCertificateContextProperties
CryptMsgGetParam
CertDuplicateCertificateContext
CertAddEncodedCertificateToStore
CertFreeCTLContext
CryptVerifyCertificateSignatureEx
CryptDecodeMessage
CertDeleteCTLFromStore
CertSetEnhancedKeyUsage
CryptHashMessage
CryptAcquireCertificatePrivateKey
CertFindSubjectInSortedCTL
CertVerifyCTLUsage
CryptVerifyMessageHash
CryptExportPublicKeyInfo
CryptExportPKCS8
CryptUnprotectData
CryptMsgUpdate
CertFindSubjectInCTL
CryptGetOIDFunctionValue
CertEnumSystemStore
CryptHashToBeSigned
CertSetCertificateContextPropertiesFromCTLEntry
CryptVerifyDetachedMessageSignature
CertUnregisterPhysicalStore
CertGetNameStringW
CryptSignMessageWithKey
CertSaveStore
CertGetCRLFromStore
CertAddEncodedCTLToStore
CertOpenSystemStoreW
CertGetValidUsages
CryptCreateKeyIdentifierFromCSP
CertGetNameStringA
CryptVerifyCertificateSignature
CryptSetAsyncParam
CertGetCertificateChain
CertOpenSystemStoreA
PFXImportCertStore
CryptInstallOIDFunctionAddress

imm32

ImmGetIMEFileNameA

iphlpapi

SendARP
GetExtendedTcpTable
GetIfEntry
GetFriendlyIfIndex
GetBestInterface
SetIpNetEntry

msi

ord224
ord94
ord255
ord90
ord39
ord71
ord141
ord5
ord274
ord192
ord176
ord230
ord210
ord245
ord112
ord178
ord254
ord44
ord157
ord173
ord202
ord243
ord264
ord257
ord83
ord93
ord95
ord109
ord211
ord226
ord89
ord137
ord275
ord67
ord181
ord281
ord130
ord208
ord267
ord219
ord65
ord218
ord240
ord271
ord216
ord239
ord204
ord126
ord38
ord68
ord87
ord56
ord261
ord209
ord252
ord213
ord70
ord194
ord189
ord113
ord36
ord104
ord265
ord260
ord82
ord205
ord259
ord238
ord215
ord40
ord69
ord229
ord270
ord8
ord177
ord253
ord269
ord108
ord249
ord154
ord101
ord227

msimg32

TransparentBlt

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e037f224106f3039b7bedf65b706d4a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

shlwapi

gdi32

ws2_32

netapi32

comdlg32

comsvcs

crypt32

imm32

iphlpapi

msi

msimg32

Sections

.text Size: 170KB - Virtual size: 170KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 4KB - Virtual size: 21KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 170KB - Virtual size: 170KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 4KB - Virtual size: 21KB

.reloc
Size: 18KB - Virtual size: 17KB