0c0f2663079307cc4c0a0b8e7d51b1af_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0c0f2663079307cc4c0a0b8e7d51b1af_JaffaCakes118
Size

608KB
MD5

0c0f2663079307cc4c0a0b8e7d51b1af
SHA1

51b90815d654fd8ca68859892695d00d04cfa970
SHA256

cd8e4cc3438b328a2287d1563a4026c84bf038700a723ac7e7f6b656014d07ab
SHA512

259fd213d91847ab8ad3a9c01dcbad6896f991aa717bfb836c0d252e322800cf9e58195c9bc938cf004c7ad87b1a9dc04877de31aa7d86767fd64da5f0cde899
SSDEEP

12288:Y5tUe9HZ2SbpJklffcTY4Fnhq2TKl3dKWkmlHVo:k91AcPnhq2TKl3EWkmlHVo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c0f2663079307cc4c0a0b8e7d51b1af_JaffaCakes118

Files

0c0f2663079307cc4c0a0b8e7d51b1af_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d1a27b32285e8cfd79c1d3295e11633c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpSendRequestW
InternetCrackUrlW
InternetGetConnectedState
HttpQueryInfoW
InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle
InternetConnectW
HttpOpenRequestW

kernel32

LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
WritePrivateProfileStringW
GlobalFlags
GetModuleHandleA
SetErrorMode
GetFileTime
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
ExitThread
CreateThread
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetCurrentDirectoryA
GetDriveTypeA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
InterlockedDecrement
InterlockedIncrement
lstrlenA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetThreadLocale
GlobalFindAtomW
CompareStringW
GetVersionExA
ReleaseSemaphore
CreateSemaphoreW
GlobalAddAtomW
CreateEventW
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
FreeResource
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
lstrcmpW
GlobalDeleteAtom
GetModuleHandleW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
lstrlenW
MulDiv
InterlockedExchange
InterlockedCompareExchange
LoadLibraryA
LCMapStringW
LCMapStringA
GetStringTypeExA
GetUserDefaultLCID
WriteFile
GetFileSize
CreateFileA
FreeLibrary
LocalFree
GetCurrentThreadId
LockResource
GetSystemTime
lstrcmpA
GetShortPathNameW
GetTempPathW
MoveFileExW
CopyFileW
ExitProcess
GetVersionExW
WideCharToMultiByte
GetVolumeInformationA
GetComputerNameW
InitializeCriticalSectionAndSpinCount
GetTickCount
WaitForMultipleObjects
CreateDirectoryW
GetFileAttributesW
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryW
GetProcAddress
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
GetModuleFileNameW
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
GetLastError
CreateMutexW
SetLastError
GetCommandLineW
Sleep
CloseHandle
ReadFile
CreateFileW
HeapReAlloc

user32

ClientToScreen
LoadCursorW
GetDC
ReleaseDC
GetSysColorBrush
CharUpperW
ShowWindow
IsDialogMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
SetFocus
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetKeyState
PeekMessageW
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetDesktopWindow
GetActiveWindow
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SendMessageW
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
MessageBoxW
RegisterClipboardFormatW
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
LoadStringA
EnumChildWindows
EnumThreadWindows
WaitForInputIdle
PostMessageW
GetMenu
UnregisterClassW
DestroyMenu
PostThreadMessageW
EndPaint
BeginPaint
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetForegroundWindow
IsWindowVisible
GetWindow
SendMessageTimeoutW
GetParent
GetClassNameW
BringWindowToTop
AttachThreadInput
GetWindowThreadProcessId
SetWindowTextW
GetClientRect
GetForegroundWindow
EnableWindow
GetWindowTextW
GetCursorPos
wsprintfW
SetParent
SetTimer
RegisterWindowMessageW
UnregisterClassA
DefWindowProcW

gdi32

DeleteDC
GetStockObject
TextOutW
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
RestoreDC
SaveDC
DeleteObject
GetObjectW
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
SetMapMode
ExtTextOutW

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

CryptHashData
RegSetValueExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyW
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
RegCloseKey
CryptCreateHash
CryptAcquireContextW
ControlService
CloseServiceHandle
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderPathA

comctl32

InitCommonControlsEx

shlwapi

PathRemoveExtensionW
PathFindExtensionW
PathFindFileNameW
PathIsDirectoryW
StrCpyNW
StrNCatW
PathAppendW
SHSetValueW
StrCmpNIW
PathFileExistsW
StrCmpIW
StrCatW
StrCmpW
StrCmpNW
StrStrW
StrCpyW
StrChrW
StrStrIW
StrDupW
PathStripToRootW
PathRemoveFileSpecW
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleRun
CoUninitialize
CoCreateInstance
CoCreateGuid
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoDisconnectObject
CoInitialize

oleaut32

SysAllocString
VariantChangeType
SysAllocStringLen
SysStringLen
VariantCopy
VariantInit
VariantClear
LoadTypeLi
SysFreeString
GetErrorInfo

urlmon

URLDownloadToFileW

ws2_32

bind
htons
socket
WSAStartup
recvfrom
gethostbyname
closesocket

Sections

.text
Size: 408KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1a27b32285e8cfd79c1d3295e11633c

Headers

File Characteristics

Imports

wininet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

ws2_32

Sections

.text Size: 408KB - Virtual size: 406KB

.rdata Size: 84KB - Virtual size: 82KB

.data Size: 108KB - Virtual size: 190KB

.rsrc Size: 4KB - Virtual size: 932B

.text
Size: 408KB - Virtual size: 406KB

.rdata
Size: 84KB - Virtual size: 82KB

.data
Size: 108KB - Virtual size: 190KB

.rsrc
Size: 4KB - Virtual size: 932B