fc61143a0a7e9ba425c388b6c05662a7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fc61143a0a7e9ba425c388b6c05662a7_JaffaCakes118
Size

506KB
MD5

fc61143a0a7e9ba425c388b6c05662a7
SHA1

6598649e9666abeac48caf704955e59e62f88b73
SHA256

20d9f4013a11d033bb6bd8e676f2de7e1c1157c722dddeeb91a791b91fc35a78
SHA512

ac101026ccb4b9bbbe3e1437abb2c17451bfe47ea8708acbf42b06b202bd6e0c8a160e14715d281ae0d790eeb114f3515771d0547beff49e2222ced23f720b39
SSDEEP

6144:tqMMxA6+E55gMutaYb2ZTEL0bi6a9UUUUUUUBfmRUPT/ZujgStc7:tqMMj+og7d6gefmRUbRutu7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc61143a0a7e9ba425c388b6c05662a7_JaffaCakes118

Files

fc61143a0a7e9ba425c388b6c05662a7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1d60c101a2033be4f665f40cb96b67b7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\BTW\btw1.2\temp\BTWDINS\btwdins.pdb

Imports

ws2_32

getsockname
WSAAddressToStringW
closesocket
WSACleanup
WSAStartup
WSALookupServiceNextW
WSAGetLastError
WSALookupServiceBeginW
sendto
ntohl
bind
WSALookupServiceEnd
socket

kernel32

GetSystemDirectoryW
lstrlenA
GetCurrentThread
InterlockedIncrement
DisconnectNamedPipe
WriteFile
ReadFile
ConnectNamedPipe
WaitForMultipleObjects
ResetEvent
LocalFree
CreateNamedPipeW
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetCommandLineW
lstrcmpW
lstrcpyW
LockResource
FindResourceExW
MulDiv
GetWindowsDirectoryW
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
ExitThread
RtlUnwind
HeapReAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
GetCurrentThreadId
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
FatalAppExitA
VirtualAlloc
HeapSize
SetConsoleCtrlHandler
InterlockedExchange
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
InterlockedDecrement
GetTimeZoneInformation
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetThreadLocale
LoadLibraryA
CreateToolhelp32Snapshot
Process32FirstW
lstrcmpiW
Process32NextW
OpenProcess
DeleteCriticalSection
InitializeCriticalSection
RaiseException
OutputDebugStringW
GetModuleFileNameW
lstrlenW
CreateMutexW
CreateEventW
CreateThread
CallNamedPipeA
SetEvent
ReleaseMutex
LoadLibraryW
FreeLibrary
MultiByteToWideChar
GetModuleHandleW
GetProcAddress
GetCurrentProcess
OutputDebugStringA
SetLastError
WideCharToMultiByte
Sleep
WaitForSingleObject
TerminateThread
CreateFileW
SetThreadPriority
GetLastError
DeviceIoControl
GetVersionExW
CreateFileA
CloseHandle
FreeEnvironmentStringsW
WriteConsoleW

user32

SetTimer
KillTimer
DefWindowProcW
RegisterClassExW
RegisterDeviceNotificationW
UnregisterDeviceNotification
PostQuitMessage
SetDlgItemTextW
ShowWindow
SetWindowPos
CreateDialogParamW
UnregisterClassA
BringWindowToTop
SetActiveWindow
SetFocus
GetSystemMetrics
GetWindowRect
mouse_event
GetWindowThreadProcessId
IsWindowEnabled
EnableWindow
FindWindowW
SendMessageW
UpdateWindow
EnumWindows
IsWindowVisible
EnumChildWindows
SetClassLongW
IsWindow
CallWindowProcW
GetDlgItem
CheckDlgButton
CheckRadioButton
PostMessageW
GetParent
GetClassNameW
GetWindowTextW
FindWindowExW
GetWindowLongW
GetMessageW
DispatchMessageW
CreateWindowExW
GetForegroundWindow
DestroyWindow
GetDesktopWindow
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationW
OpenDesktopW
PostThreadMessageW
LoadStringW
wvsprintfW
SetThreadDesktop
SetProcessWindowStation
CloseDesktop
CloseWindowStation
MessageBoxW
CharNextW
PeekMessageW

advapi32

RegDeleteKeyW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
CryptAcquireContextW
CryptReleaseContext
CryptSetProvParam
InitializeSecurityDescriptor
RegEnumKeyW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
GetUserNameW
OpenThreadToken
CryptExportKey
CryptGenKey
CryptGetUserKey
CryptDecrypt
CryptImportKey
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegQueryValueExA
RegSetValueExA
RegEnumValueW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
ChangeServiceConfig2W
CreateServiceW
DeleteService
ControlService
DeregisterEventSource
ReportEventW
RegisterEventSourceW
SetServiceStatus
RevertToSelf
CopySid
GetLengthSid
IsValidSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetTokenInformation
RegOpenKeyExA
QueryServiceStatus
StartServiceW
RegOpenCurrentUser
ImpersonateLoggedOnUser
OpenProcessToken
CryptDestroyKey
CryptEncrypt

ole32

CoInitializeSecurity
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoRegisterClassObject
CoRevokeClassObject
StringFromGUID2

oleaut32

SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr

Sections

.text
Size: 304KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1d60c101a2033be4f665f40cb96b67b7

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 304KB - Virtual size: 302KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 8KB - Virtual size: 133KB

.rsrc Size: 104KB - Virtual size: 104KB

.text
Size: 304KB - Virtual size: 302KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 8KB - Virtual size: 133KB

.rsrc
Size: 104KB - Virtual size: 104KB