fbeacc169fe4dc9f4d732cfa09cd1046_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fbeacc169fe4dc9f4d732cfa09cd1046_JaffaCakes118
Size

452KB
MD5

fbeacc169fe4dc9f4d732cfa09cd1046
SHA1

e598131e0bd4bf3ebe97c91038891dc7867c9d00
SHA256

92bc97eb0845c0464a0775437a844e82e7c97fb65322f709892c3281841be92d
SHA512

e8363c4d74e2ffd8b30c6f901f75badb4f5093eefcc9c5dc01eadd3546b8421a8e19e445922ba365f9d263b2935d3b6a6cc465468265d4fda8bf330565875897
SSDEEP

6144:N45vxp4JICWmQ/G5bb+3ClMPRwrN6s0tvTqKRe/K:+vxp4JICWmQ+p+3ClMZuJwTq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbeacc169fe4dc9f4d732cfa09cd1046_JaffaCakes118

Files

fbeacc169fe4dc9f4d732cfa09cd1046_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fa9380ebb4becb442204e09d1682cd27

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

rasapi32

RasGetEntryDialParamsA
RasEnumEntriesA
RasGetEntryDialParamsA

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathA

advapi32

LsaFreeMemory
RegQueryValueExA
RegQueryValueExA
ConvertSidToStringSidA
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LsaFreeMemory
GetUserNameA
IsValidSid
LookupAccountNameA
RegCloseKey
RegCreateKeyExA
RegEnumValueA
RegFlushKey
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

wininet

InternetGetConnectedState
InternetGetConnectedState

oleaut32

SafeArrayPtrOfIndex
SysFreeString
SysAllocStringLen
VariantInit
VariantClear
VariantCopy
VariantChangeType
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SysAllocStringLen
SysReAllocStringLen
SysFreeString
VarBstrFromBool
VarBstrFromDate
VarBstrFromCy
VarBoolFromStr
VarCyFromStr
VarDateFromStr
VarR8FromStr
VarR4FromStr
VarI4FromStr
VarCmp
VarXor
VarOr
VarAnd
VarMod
VarIdiv
VarDiv
VarMul
VarSub
VarAdd
VarNot
VarNeg
VariantChangeTypeEx

user32

PeekMessageA
GetKeyboardType
CharToOemA
CharUpperBuffA
CharNextA
GetSystemMetrics
LoadStringA
MessageBoxA
MsgWaitForMultipleObjects
PeekMessageA
CharNextA
MessageBoxA
LoadStringA
GetKeyboardType
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
GetKeyboardType
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA
LoadStringA

kernel32

LoadLibraryA
GetModuleHandleA
GetProcAddress
VirtualFree
VirtualAlloc
Sleep
CloseHandle
CompareStringA
CopyFileA
CreateEventA
CreateFileA
DeleteFileA
EnumCalendarInfoA
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FormatMessageA
FreeLibrary
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
GetACP
GetCPInfo
GetComputerNameA
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileIntA
GetProcAddress
GetStdHandle
GetStringTypeExA
GetSystemDirectoryA
GetSystemTime
GetTempPathA
GetThreadLocale
GetTickCount
GetTimeZoneInformation
GetVersionExA
GlobalAlloc
GlobalFree
GlobalLock
GlobalHandle
GlobalReAlloc
GlobalUnlock
InitializeCriticalSection
LoadLibraryA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ResetEvent
ResumeThread
SetEndOfFile
SetEvent
SetFilePointer
Sleep
VirtualQuery
WaitForSingleObject
WriteFile
lstrlen
GetModuleHandleA
LocalAlloc
TlsGetValue
TlsSetValue
CloseHandle
CreateFileA
GetFileType
GetFileSize
GetStdHandle
RaiseException
ReadFile
SetEndOfFile
SetFilePointer
UnhandledExceptionFilter
WriteFile
CreateThread
ExitThread
ExitProcess
FindClose
FindFirstFileA
FreeLibrary
GetCommandLineA
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetThreadLocale
LoadLibraryExA
lstrcpyn
lstrlen
MultiByteToWideChar
WideCharToMultiByte
VirtualQuery
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GetVersion
QueryPerformanceCounter
GetTickCount
LocalAlloc
LocalFree
VirtualAlloc
VirtualFree
InitializeCriticalSection
InitializeCriticalSection
RaiseException
GetDiskFreeSpaceExA
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
RaiseException
InitializeCriticalSection
InitializeCriticalSection
LoadLibraryA
InitializeCriticalSection
InitializeCriticalSection
GetModuleHandleA
lstrcpyW
lstrcpyW
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InitializeCriticalSection
InterlockedDecrement
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
InterlockedDecrement

ws2_32

WSCInstallProvider

ntdll

RtlDeleteCriticalSection
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlUnwind
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlUnwind
RtlEnterCriticalSection
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlEnterCriticalSection
RtlEnterCriticalSection
RtlUnwind
RtlUnwind

ws2help

WahOpenHandleHelper

msvcrt

__pxcptinfoptrs

Sections

.text
Size: 408KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fa9380ebb4becb442204e09d1682cd27

Headers

File Characteristics

Imports

rasapi32

shell32

advapi32

wininet

oleaut32

user32

kernel32

ws2_32

ntdll

ws2help

msvcrt

Sections

.text Size: 408KB - Virtual size: 408KB

.idata Size: 40KB - Virtual size: 40KB

.text
Size: 408KB - Virtual size: 408KB

.idata
Size: 40KB - Virtual size: 40KB