fc2033aeb9e5cb226fa86bf73290d94c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fc2033aeb9e5cb226fa86bf73290d94c_JaffaCakes118
Size

255KB
MD5

fc2033aeb9e5cb226fa86bf73290d94c
SHA1

e914852479b86358a746d3981e7c10b2e696a89b
SHA256

f0033f28e305bc1b3f2685cacc57595c9c2da1fe276e63a3b52dabde89e97ca3
SHA512

25dd2948e87c1aa4fddae933fbc2772133d1677b5bbeb9f571f4a309d632f33d89c42cc1edc4da4064a271d8c081ab367b5785bf786a3189dfecdb1bc912bf5e
SSDEEP

6144:dEZ6TZKvbPl3IptDwawzeCnYvL65u65ZgOXad:YRjN3IjDwnrn31Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc2033aeb9e5cb226fa86bf73290d94c_JaffaCakes118

Files

fc2033aeb9e5cb226fa86bf73290d94c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

61418cc5402a8bb3bf9df56f33ffc095

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
SetStdHandle
WriteConsoleA
WriteFile
GetConsoleOutputCP
CreateFileA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
SetEndOfFile
GetProcessHeap
ReadFile
InitializeCriticalSectionAndSpinCount
GetTickCount
GetLocalTime
Sleep
GetModuleFileNameA
GetCommandLineA
GetTempPathA
CreateDirectoryA
DeleteFileA
RemoveDirectoryA
MoveFileA
CreateMutexA
GetLastError
lstrcpyA
lstrcatA
lstrlenA
ExpandEnvironmentStringsA
GetFileAttributesExA
CreateThread
WaitForSingleObject
TerminateThread
CloseHandle
VirtualAlloc
HeapReAlloc
HeapSize
HeapAlloc
FlushFileBuffers
VirtualFree
HeapFree
HeapCreate
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetStartupInfoA
HeapValidate
IsBadReadPtr
GetProcAddress
TlsGetValue
GetModuleHandleW
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
MultiByteToWideChar
LCMapStringA
LCMapStringW
DebugBreak
GetStdHandle
OutputDebugStringA
WriteConsoleW
GetFileType
OutputDebugStringW
ExitProcess
LoadLibraryW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapDestroy

user32

GetClassLongA
wsprintfA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyA

ole32

CoInitialize

shell32

ShellExecuteA

shlwapi

PathFileExistsA
PathRemoveBlanksA
PathGetArgsA
PathFindFileNameA
PathIsDirectoryA

ws2_32

select
connect
ioctlsocket
__WSAFDIsSet
socket
gethostbyname
WSAStartup
closesocket
htons
send
recv

netapi32

Netbios

crypt32

CertCreateCertificateContext
CryptMsgGetParam
CertGetValidUsages
CryptDecodeMessage
CertAddSerializedElementToStore
CryptMsgDuplicate
CertControlStore
CertFindCertificateInStore
CertRegisterSystemStore
CertIsRDNAttrsInCertificateName
CertEnumCRLsInStore
CertDuplicateStore
CryptMemAlloc
CertDuplicateCRLContext
CryptDecryptMessage
CryptHashMessage
CryptMsgGetAndVerifySigner
CertGetIntendedKeyUsage
CertRDNValueToStrW
CryptExportPublicKeyInfo
CryptGetOIDFunctionAddress
CryptInstallDefaultContext
CryptGetDefaultOIDDllList
CryptHashCertificate
CryptBinaryToStringW
CryptMemFree
CertOpenStore
CertVerifyCTLUsage
CryptMsgVerifyCountersignatureEncodedEx
CertComparePublicKeyInfo
CryptExportPKCS8
CryptEnumOIDFunction
CryptMsgCalculateEncodedLength
CryptMsgUpdate
CertUnregisterSystemStore
CryptUninstallDefaultContext
CryptRegisterOIDFunction
CertUnregisterPhysicalStore
CertRDNValueToStrA
CertFindAttribute
CryptBinaryToStringA
CertIsValidCRLForCertificate
CryptVerifyDetachedMessageHash
CertFindCTLInStore
CertFreeCertificateChainEngine
CryptUnregisterDefaultOIDFunction
CryptEnumKeyIdentifierProperties
CertAlgIdToOID
CertVerifyValidityNesting
CryptCreateAsyncHandle
CryptMsgCountersign
CertResyncCertificateChainEngine
CryptEncodeObject
CertDeleteCTLFromStore
CryptFindCertificateKeyProvInfo
CertSetCertificateContextPropertiesFromCTLEntry
CertStrToNameA
CertAddCTLLinkToStore
CryptProtectData
CertSetCRLContextProperty
CryptVerifyDetachedMessageSignature
CertSetEnhancedKeyUsage
CertNameToStrA
CryptInitOIDFunctionSet
CryptGetDefaultOIDFunctionAddress
CertDeleteCRLFromStore
CertAddEncodedCRLToStore
CertDuplicateCTLContext
CertGetCertificateChain
CertSerializeCertificateStoreElement
CryptMsgClose
CertSerializeCRLStoreElement
CryptSignAndEncodeCertificate
CertGetIssuerCertificateFromStore
CertSetStoreProperty
CertCreateCertificateChainEngine
CryptHashPublicKeyInfo
CryptSetAsyncParam
CertCreateCTLContext
CryptMsgCountersignEncoded
CertAddCRLLinkToStore
CertGetNameStringW
CryptGetOIDFunctionValue
CertEnumSystemStoreLocation
CertAddCTLContextToStore
CryptMsgEncodeAndSignCTL
CryptMemRealloc
CryptDecryptAndVerifyMessageSignature
CertStrToNameW
CertGetNameStringA
CertGetCertificateContextProperty
CertCreateCTLEntryFromCertificateContextProperties
CertVerifyRevocation
CryptEnumOIDInfo
CryptExportPublicKeyInfoEx
CryptVerifyMessageSignatureWithKey
CryptSignMessage
CertOpenSystemStoreW
CryptDecodeObjectEx
CertVerifyCRLRevocation
CertFreeCertificateContext
CertFreeCRLContext
CryptGetMessageSignerCount
CertGetCRLFromStore
CertNameToStrW
CertAddStoreToCollection
CryptHashToBeSigned
CertDeleteCertificateFromStore
CertCreateContext
CertOIDToAlgId
CertSerializeCTLStoreElement
CertAddEncodedCertificateToStore
CryptGetAsyncParam
CryptSignAndEncryptMessage
CryptEncodeObjectEx
CryptStringToBinaryA
CryptSignMessageWithKey
CertGetSubjectCertificateFromStore
CertCompareCertificateName
CryptFindLocalizedName
CertEnumCertificatesInStore
CertFreeCertificateChain
CertEnumCertificateContextProperties

iphlpapi

GetTcpStatisticsEx
GetAdapterIndex
NhpAllocateAndGetInterfaceInfoFromStack
GetIpStatistics
DeleteIPAddress

mswsock

AcceptEx
TransmitFile

Sections

.text
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61418cc5402a8bb3bf9df56f33ffc095

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

shlwapi

ws2_32

netapi32

crypt32

iphlpapi

mswsock

Sections

.text Size: 167KB - Virtual size: 167KB

.rdata Size: 65KB - Virtual size: 64KB

.data Size: 4KB - Virtual size: 21KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 167KB - Virtual size: 167KB

.rdata
Size: 65KB - Virtual size: 64KB

.data
Size: 4KB - Virtual size: 21KB

.reloc
Size: 17KB - Virtual size: 16KB