10202284470db3164b59fac8d86c00d6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

10202284470db3164b59fac8d86c00d6_JaffaCakes118
Size

88KB
MD5

10202284470db3164b59fac8d86c00d6
SHA1

0c6a15f9692f6ecb891844bcefb128ead0398c1b
SHA256

e8a5a32e62c5ecb748e0823cff32323c1d3b7d34bc2f96b80a9c1d9bb22c4d53
SHA512

2cbe7ab28ba034ca5bb4f08a3a7466eeb89b11a76fa675a334e36c87c17c3412a9d2019ac48f10b670812f6f2e9b1a5cc0b6aa5c1eec1ca8a3a8364a4f362388
SSDEEP

1536:096hDJGC7qSlk4mJBEW30TS0jOIUJHrSMxQfc5w0rwgu:0MUYVmJqWj0iIYKfow0Lu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10202284470db3164b59fac8d86c00d6_JaffaCakes118

Files

10202284470db3164b59fac8d86c00d6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ad46f59745beed079efe7c13b53d0d4e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcBindingFree
NdrClientCall2
NdrMesTypeDecode2
NdrMesTypeFree2
RpcRaiseException
RpcMgmtEnableIdleCleanup
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW
RpcSsDestroyClientContext
NdrServerCall2
RpcStringBindingComposeW
RpcStringFreeW
UuidToStringW
UuidCreate
MesHandleFree
MesDecodeBufferHandleCreate

comctl32

ImageList_SetBkColor
ImageList_GetImageInfo
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_SetOverlayImage
ImageList_LoadImageW
ImageList_Merge
ImageList_Read
_TrackMouseEvent
CreatePropertySheetPageW
DestroyPropertySheetPage
PropertySheetW
ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_GetIcon
ImageList_Draw
ImageList_GetImageCount
ImageList_Destroy
ImageList_Write
ImageList_Create
ord17
ImageList_Add
ImageList_Remove
ImageList_Replace
ImageList_DrawEx
ImageList_Copy
ImageList_GetBkColor

ws2_32

sendto
getsockopt
send
recvfrom
recv
__WSAFDIsSet
select
ioctlsocket
bind
WSASocketW
getservbyname
inet_addr
htonl
gethostbyname
getservbyport
ntohs
gethostbyaddr
WSASetLastError
htons
WSAStartup
WSAGetLastError
WSACleanup
closesocket
WSAAddressToStringW
connect
shutdown
setsockopt
ntohl
inet_ntoa

kernel32

VirtualQuery
GetPrivateProfileStringW
WritePrivateProfileStringW
GetComputerNameW
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
GetExitCodeThread
AreFileApisANSI
SetEndOfFile
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetModuleHandleA
IsValidLocale
FindClose
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
SetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
CompareStringA
RtlUnwind
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateThread
ExitThread
LCMapStringW
LCMapStringA
GetStringTypeExW
GetUserDefaultLCID
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
FindNextFileW
FindFirstFileW
SetHandleCount
GetDriveTypeW
GetFileSize
lstrcmpW
GetSystemDirectoryA
ExpandEnvironmentStringsA
GetLocalTime
CompareStringW
lstrcpynW
DeleteFileW
GetDateFormatW
lstrcmpiW
GetWindowsDirectoryW
lstrcpyW
WinExec
lstrcatW
LoadLibraryExW
MulDiv
GlobalUnlock
GlobalLock
lstrlenA
GetSystemInfo
FormatMessageA
ResetEvent
OpenEventA
WaitForMultipleObjects
TerminateThread
CreateEventW
LocalFree
RaiseException
FlushInstructionCache
GetCommandLineW
CreateProcessW
CreateFileW
WaitNamedPipeW
OpenMutexW
CreateMutexW
CreateEventA
DeleteCriticalSection
GlobalFree
GlobalAlloc
LeaveCriticalSection
EnterCriticalSection
SetFileTime
WriteFile
CreateDirectoryA
DosDateTimeToFileTime
GetCurrentDirectoryA
ReadFile
SetFilePointer
GetFileType
CreateFileA
DuplicateHandle
GetNumberFormatW
ExpandEnvironmentStringsW
GetCurrentThreadId
WideCharToMultiByte
lstrlenW
FormatMessageW
SystemTimeToFileTime
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
VirtualFreeEx
ReadProcessMemory
VirtualAllocEx
OpenProcess
SetLastError
FreeLibrary
GetModuleHandleW
CloseHandle
WaitForSingleObject
EnumSystemLocalesA
HeapCreate

user32

ShowScrollBar
SetScrollRange
SetScrollPos
ScrollWindowEx
ScrollWindow
GetScrollRange
GetScrollPos
SendDlgItemMessageW
GetNextDlgTabItem
GetDlgItemTextW
GetDlgItemInt
DlgDirSelectComboBoxExW
DlgDirSelectExW
DlgDirListComboBoxW
DlgDirListW
CheckRadioButton
CheckDlgButton
LockWindowUpdate
GetDCEx
ShowOwnedPopups
IsWindowVisible
ValidateRgn
InvalidateRgn
ValidateRect
GetUpdateRgn
GetUpdateRect
SetWindowPlacement
ArrangeIconicWindows
IsZoomed
HiliteMenuItem
GetSystemMenu
DrawMenuBar
SetMenu
GetMenu
SendNotifyMessageW
SetWindowWord
GetWindowWord
EnableScrollBar
CreateIconFromResourceEx
CreateIconFromResource
CreateIcon
GetFocus
DrawFocusRect
SetFocus
SetCapture
GetCapture
ReleaseCapture
UpdateWindow
CharNextW
GetNextDlgGroupItem
DrawTextW
DrawTextExW
DrawIconEx
ExitWindowsEx
GetMenuStringW
GetMenuItemCount
FlashWindow
BringWindowToTop
InsertMenuW
ChildWindowFromPointEx
GetTopWindow
GetLastActivePopup
ChangeClipboardChain
SetClipboardViewer
CreateCaret
HideCaret
ShowCaret
WinHelpW
SetWindowContextHelpId
GetWindowContextHelpId
GetScrollInfo
SetScrollInfo
UnregisterClassA
RegisterWindowMessageA
FindWindowW
SendMessageTimeoutW
PtInRect
MessageBoxW
SetDlgItemInt
SetDlgItemTextA
CreateDialogParamW
ChildWindowFromPoint
WindowFromPoint
SetWindowRgn
ScreenToClient
GetWindowPlacement
AdjustWindowRectEx
GetWindowRgn
DeferWindowPos
IsWindowUnicode
ShowWindowAsync
IsDlgButtonChecked
MessageBeep
SendMessageCallbackW
CopyRect
IsClipboardFormatAvailable
GetClipboardData
DrawIcon
IsIconic
OffsetRect
SetRectEmpty
SetRect
GetDesktopWindow
LoadIconW
SetMenuItemInfoW
SendMessageW
GetWindowThreadProcessId
ClientToScreen
FindWindowExW
FindWindowExA
PeekMessageW
DispatchMessageW
TranslateMessage
IsWindow
GetWindowRect
GetSystemMetrics
SetCursor
DestroyCursor
GetSysColor
CopyIcon
FillRect
CreateIconIndirect
GetIconInfo
MonitorFromPoint
EnableMenuItem
AppendMenuW
TrackPopupMenuEx
CreatePopupMenu
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
ShowWindow
LoadBitmapW
GetWindowDC
EndPaint
BeginPaint
MapDialogRect
EndDialog
DialogBoxParamW
GetWindow
MonitorFromWindow
GetMonitorInfoW
SetWindowPos
MoveWindow
GetThreadDesktop
GetUserObjectInformationW
SystemParametersInfoW
MessageBoxA
SetDlgItemTextW
LoadAcceleratorsW
GetMessageW
GetActiveWindow
IsDialogMessageW
TranslateAcceleratorW
SetTimer
PostQuitMessage
RegisterClassExW
GetClassInfoExW
LoadCursorW
DefWindowProcW
DestroyWindow
SetWindowLongW
GetWindowLongW
CreateWindowExW
CallWindowProcW
RedrawWindow
GetParent
GetDC
GetClientRect
IsWindowEnabled
ReleaseDC
TrackMouseEvent
InvalidateRect
GetDlgCtrlID
DestroyIcon
LoadImageW
RegisterWindowMessageW
KillTimer
EnableWindow
GetWindowTextLengthW
GetWindowTextW
GetDlgItem
SetWindowTextW
MapWindowPoints
CloseDesktop
OpenInputDesktop
InflateRect
SetActiveWindow
DrawAnimatedRects
SetParent
EnumChildWindows
GetClassNameW
GetMenuItemID
PostMessageW
TrackPopupMenu
SetForegroundWindow
GetCursorPos
SetMenuDefaultItem
DestroyMenu
GetSubMenu
LoadMenuW
LoadStringW
IsChild

gdi32

SetGraphicsMode
Polygon
OffsetWindowOrgEx
SetWindowOrgEx
GetDeviceCaps
GetTextExtentPointW
SetTextJustification
GetTextMetricsW
CreatePen
CreateBitmap
BitBlt
CreateDIBSection
GetObjectW
Rectangle
GetPixel
RoundRect
GetTextExtentPoint32W
SetPixel
TextOutW
SetTextAlign
SetMapMode
CreateCompatibleBitmap
StretchBlt
CreateCompatibleDC
ExtTextOutW
CreateSolidBrush
GetStockObject
CreateFontW
CreateFontIndirectW
RestoreDC
CreatePolygonRgn
CreateRoundRectRgn
OffsetRgn
CombineRgn
CreateRectRgn
SelectClipRgn
FillRgn
MoveToEx
SelectObject
DeleteObject
SetTextColor
SetBkColor
SetBkMode
CreateBrushIndirect
DeleteDC
ExtCreatePen
SaveDC
LineTo
FrameRgn

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

LsaClose
InitializeSecurityDescriptor
RegOpenCurrentUser
ImpersonateNamedPipeClient
RevertToSelf
LookupAccountSidW
RegSetValueExW
RegCreateKeyExW
LsaNtStatusToWinError
LsaAddAccountRights
LsaOpenPolicy
IsValidSid
LookupAccountNameW
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
CheckTokenMembership
CreateWellKnownSid
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
CryptDestroyKey
CryptDestroyHash
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
CryptEnumProvidersA
CryptAcquireContextA
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegQueryValueW
RegOpenKeyExA
RegQueryValueExA
SetSecurityDescriptorDacl

shell32

ShellExecuteW
SHGetFolderPathW
Shell_NotifyIconW
SHAppBarMessage
ExtractIconW
ExtractAssociatedIconW
DuplicateIcon
DragAcceptFiles
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW

ole32

CoInitialize
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoCreateInstance

oleaut32

SysFreeString
SysStringLen
VariantClear
SysAllocString

shlwapi

PathIsRelativeW
ord437
ord354
PathRemoveFileSpecW
PathAppendW
PathFileExistsW
PathStripPathW
StrFormatByteSizeW
SHAutoComplete
StrCmpIW

netapi32

NetUserAdd
NetUserSetInfo
NetLocalGroupAddMembers

wininet

InternetCloseHandle
HttpOpenRequestW
InternetConnectW
InternetSetStatusCallbackW
InternetOpenW
InternetReadFile
HttpEndRequestW
InternetWriteFile
HttpSendRequestExW
HttpSendRequestW
HttpAddRequestHeadersA
HttpQueryInfoA
InternetSetOptionW

iphlpapi

GetIpAddrTable

mpr

WNetGetConnectionW

olecli32

OleCreate
ErrClose
ErrQueryProtocol
DibDraw
DefCreateLinkFromClip
DefCreateFromClip
OleSetLinkUpdateOptions
LeActivate
OleRenameClientDoc
OleCopyFromLink
MfRelease
OleUpdate
ErrActivate
OleEnumFormats
LeRelease
OleSetBounds
PbCreateFromTemplate
OleQueryReleaseStatus
ObjQueryName
OleRevertClientDoc
BmSaveToStream
ErrSetUpdateOptions
PbCreateLinkFromClip
OleEnumObjects

vbscript

DllGetClassObject
DllCanUnloadNow

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.AczjCc
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ZggwrU
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Rcuu
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.m
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Js
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 44KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad46f59745beed079efe7c13b53d0d4e

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

comctl32

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

netapi32

wininet

iphlpapi

mpr

olecli32

vbscript

Sections

.text Size: 17KB - Virtual size: 17KB

.AczjCc Size: 2KB - Virtual size: 3KB

.ZggwrU Size: 2KB - Virtual size: 2KB

.rdata Size: 15KB - Virtual size: 14KB

.Rcuu Size: 1024B - Virtual size: 1KB

.m Size: 1KB - Virtual size: 1KB

.Js Size: 1024B - Virtual size: 1KB

.data Size: 44KB - Virtual size: 340KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 17KB - Virtual size: 17KB

.AczjCc
Size: 2KB - Virtual size: 3KB

.ZggwrU
Size: 2KB - Virtual size: 2KB

.rdata
Size: 15KB - Virtual size: 14KB

.Rcuu
Size: 1024B - Virtual size: 1KB

.m
Size: 1KB - Virtual size: 1KB

.Js
Size: 1024B - Virtual size: 1KB

.data
Size: 44KB - Virtual size: 340KB

.rsrc
Size: 3KB - Virtual size: 2KB