11214a9fb7194fbaa7357aa1b7c54af5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

11214a9fb7194fbaa7357aa1b7c54af5_JaffaCakes118
Size

212KB
MD5

11214a9fb7194fbaa7357aa1b7c54af5
SHA1

6a23c62089851e72ffe718c25f8aaa1d304a9688
SHA256

7620da7780386d36e81a5c98c1ebf3f7842a4963c72dc576d52782fade1e460e
SHA512

5a26dcae8e5573c2e5230331763484b23e35c1bf0f77b740f006d47ea2b86e3c9162da172b395028ea6923569eb41d13a5607cbbc82be0f5e3b471451b0bbc1a
SSDEEP

6144:xxqqDLlXX0jvoFMVp27NwlJGUQ1GFSndKowBRRcmpwa3Eyr3:xMqnlXX0jvqMy7NwPGUcsHlp33dj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11214a9fb7194fbaa7357aa1b7c54af5_JaffaCakes118

Files

11214a9fb7194fbaa7357aa1b7c54af5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ded4ccaf7bf33dcecfdfdb3943af39e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileW
GetEnvironmentVariableW
FileTimeToDosDateTime
GetTempFileNameW
HeapReAlloc
CreateMutexW
FindFirstFileW
SetEndOfFile
HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
GetLogicalDriveStringsW
HeapFree
GetProcessHeap
SetFileTime
VirtualQueryEx
Thread32First
WideCharToMultiByte
ReadProcessMemory
HeapDestroy
HeapCreate
lstrcpynW
Thread32Next
GetTimeZoneInformation
MultiByteToWideChar
WTSGetActiveConsoleSessionId
GetTempPathW
GetFileSizeEx
OpenMutexW
VirtualProtectEx
TerminateProcess
FindClose
RemoveDirectoryW
QueryDosDeviceW
FindNextFileW
VirtualProtect
GetFileTime
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
GetFileInformationByHandle
WriteProcessMemory
GetCommandLineW
SetErrorMode
GetComputerNameW
DuplicateHandle
GetCurrentProcessId
TlsGetValue
TlsSetValue
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
TlsAlloc
TlsFree
lstrcmpiA
CreateFileW
CreateDirectoryW
GetLocalTime
GetLastError
CreatePipe
ReadFile
WriteFile
SetHandleInformation
CreateProcessW
SetThreadPriority
GetCurrentThread
WaitForMultipleObjects
ResetEvent
SetLastError
FlushFileBuffers
GetModuleHandleW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
OpenProcess
CreateRemoteThread
GlobalUnlock
GlobalLock
VirtualAllocEx
SetFileAttributesW
ReleaseMutex
CreateThread
GetSystemTime
GetCurrentProcess
GetCurrentThreadId
GetModuleHandleA
LoadLibraryA
IsBadReadPtr
VirtualFree
OpenEventW
CreateEventW
ExitThread
SetEvent
ExpandEnvironmentStringsW
GetProcAddress
GetPrivateProfileIntW
LoadLibraryW
GetPrivateProfileStringW
FreeLibrary
GetNativeSystemInfo
GetUserDefaultUILanguage
lstrcmpiW
GetModuleFileNameW
GetFileAttributesW
Sleep
GetTickCount
WaitForSingleObject
MoveFileExW
CloseHandle
GetFileAttributesExW
GetProcessId
EnterCriticalSection
VirtualAlloc
LeaveCriticalSection
VirtualFreeEx
InitializeCriticalSection
SetThreadContext
GetThreadContext
ExitProcess
LocalFree
GetVersionExW
lstrlenW

user32

CharUpperW
SetWindowLongW
SendMessageTimeoutW
GetWindow
DispatchMessageW
EndPaint
GetMessageA
GetUpdateRgn
GetMessageW
RegisterClassExA
GetWindowDC
SetCapture
DefDlgProcW
DefFrameProcA
OpenInputDesktop
CharLowerA
GetCapture
RegisterClassExW
SetCursorPos
PeekMessageW
GetDCEx
PeekMessageA
ReleaseDC
DefWindowProcA
GetCursorPos
GetAncestor
SwitchDesktop
DefDlgProcA
DefMDIChildProcA
ReleaseCapture
RegisterClassW
CallWindowProcA
GetWindowLongW
WindowFromPoint
MsgWaitForMultipleObjects
LoadImageW
GetTopWindow
RegisterWindowMessageW
GetMenuItemID
SetKeyboardState
GetSubMenu
MenuItemFromPoint
GetMenu
GetMenuItemRect
TrackPopupMenuEx
SystemParametersInfoW
GetClassNameW
GetMenuState
GetMenuItemCount
HiliteMenuItem
EndMenu
GetShellWindow
DrawIcon
GetIconInfo
FillRect
DrawEdge
IntersectRect
PostThreadMessageW
EqualRect
GetWindowRect
PrintWindow
GetParent
GetWindowInfo
GetUpdateRect
GetClassLongW
CallWindowProcW
DefWindowProcW
GetMessagePos
SetWindowPos
IsWindow
SendMessageW
MapWindowPoints
GetWindowThreadProcessId
IsRectEmpty
DefFrameProcW
RegisterClassA
MapVirtualKeyW
PostMessageW
CharLowerW
TranslateMessage
GetKeyboardState
GetClipboardData
ToUnicode
CharToOemW
GetDC
CharLowerBuffA
GetSystemMetrics
CreateDesktopW
SetProcessWindowStation
GetThreadDesktop
CloseWindowStation
CreateWindowStationW
GetKeyboardLayoutList
DefMDIChildProcW
GetProcessWindowStation
OpenDesktopW
CloseDesktop
SetThreadDesktop
GetUserObjectInformationW
OpenWindowStationW
MessageBoxA
ExitWindowsEx
BeginPaint

advapi32

ConvertSidToStringSidW
CreateProcessAsUserA
CreateProcessAsUserW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
InitiateSystemShutdownExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSecurityDescriptorSacl
RegCreateKeyW
RegEnumKeyW
RegQueryValueExW
RegQueryInfoKeyW
EqualSid
GetLengthSid
RegDeleteValueW
RegEnumValueW
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptCreateHash
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegSetValueExW
CryptHashData
IsWellKnownSid

shlwapi

PathAddBackslashW
wvnsprintfA
StrCmpNIA
PathMatchSpecW
PathAddExtensionW
PathCombineW
SHDeleteKeyW
PathSkipRootW
SHDeleteValueW
PathRemoveFileSpecW
PathFindFileNameW
PathIsDirectoryW
wvnsprintfW
UrlUnescapeA
PathQuoteSpacesW
PathRemoveBackslashW
PathUnquoteSpacesW
StrCmpNIW
PathIsURLW
StrStrIW
StrStrIA
PathRenameExtensionW

shell32

CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW

secur32

GetUserNameExW

ole32

CoSetProxyBlanket
CoUninitialize
CLSIDFromString
StringFromGUID2
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoCreateInstance

gdi32

SelectObject
GetDeviceCaps
CreateCompatibleBitmap
GetDIBits
CreateDIBSection
RestoreDC
SaveDC
CreateCompatibleDC
SetRectRgn
GdiFlush
DeleteDC
SetViewportOrgEx
DeleteObject

ws2_32

WSASend
getaddrinfo
inet_addr
getpeername
WSAGetLastError
accept
getsockname
WSAEventSelect
freeaddrinfo
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
shutdown
setsockopt
closesocket
gethostbyname
send
sendto
select
recvfrom
listen
WSASetLastError
socket
bind
recv

crypt32

PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
CryptUnprotectData

wininet

InternetCrackUrlA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetOpenA
InternetQueryDataAvailable
InternetSetOptionA
InternetQueryOptionW
InternetQueryOptionA
HttpEndRequestW
HttpSendRequestA
HttpEndRequestA
InternetSetFilePointer
HttpOpenRequestW
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpSendRequestW
InternetReadFile
InternetReadFileExA
InternetSetStatusCallbackA
HttpSendRequestExW
InternetCloseHandle
HttpQueryInfoA
InternetConnectA
HttpSendRequestExA

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

PlaySoundW
waveOutSetVolume
waveOutGetVolume
PlaySoundA

Sections

.text
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ded4ccaf7bf33dcecfdfdb3943af39e8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

version

winmm

Sections

.text Size: 199KB - Virtual size: 199KB

.data Size: 2KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 199KB - Virtual size: 199KB

.data
Size: 2KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 8KB