11d030c30dcf8f60ce2cf71d9f1d4a07_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

11d030c30dcf8f60ce2cf71d9f1d4a07_JaffaCakes118
Size

801KB
MD5

11d030c30dcf8f60ce2cf71d9f1d4a07
SHA1

21f63f101ae4aec032aba2fa4e94fd4fe2a2f1d4
SHA256

b5f462c91ff6798fdff86407ccf464e717e14c84a3da2ea8a9053b95e2fdc968
SHA512

350644482a6f31dbc3ef1de639330bb15513328651c849883f8193ae2a9ec29eaec571d723ec196db5410645a903640438f63dffb3f33809a494280d98f24f89
SSDEEP

12288:UE/BH3/a7vhxuryirnRzTdwl+02K2jjy8D3OIsNHBPXe:V/qa50T2PyLhPXe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11d030c30dcf8f60ce2cf71d9f1d4a07_JaffaCakes118

Files

11d030c30dcf8f60ce2cf71d9f1d4a07_JaffaCakes118
.exe windows:4 windows x64 arch:x64

0c0440849123759f068410cfc987aeab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

difxapi

DriverPackageGetPathA
DIFXAPISetLogCallbackA

setupapi

SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
CM_Reenumerate_DevNode
CM_Locate_DevNodeA
SetupDiGetDeviceRegistryPropertyA
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo
SetupGetStringFieldA
SetupDiCallClassInstaller
SetupDiGetINFClassA
SetupCloseInfFile
SetupGetLineTextA
SetupFindFirstLineA
SetupOpenInfFileA
SetupFindNextLine
SetupGetFieldCount
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupCopyOEMInfA
SetupDiRemoveDevice
SetupDiSetClassInstallParamsA
SetupDiGetDeviceInstallParamsA

user32

RegisterClipboardFormatA
PostThreadMessageA
EnumChildWindows
GetDlgCtrlID
SetForegroundWindow
SendMessageA
GetClassNameA
GetWindowTextA
FindWindowA
SendMessageTimeoutA
PostMessageA
ExitWindowsEx
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
ReleaseCapture
SetCapture
UnregisterClassA
LoadCursorA
GetSysColorBrush
DestroyMenu
MoveWindow
SetWindowTextA
IsDialogMessageA
EnumWindows
IsWindow
GetWindowThreadProcessId
PostQuitMessage
DrawTextA
EndPaint
FillRect
GetSystemMetrics
LoadImageA
BeginPaint
DefWindowProcA
RegisterClassExA
wsprintfA
InvalidateRect
SetWindowPos
UpdateWindow
ShowWindow
CreateWindowExA
MessageBoxA
DrawIcon
AppendMenuA
GetSystemMenu
IsIconic
GetWindowRect
GetClientRect
GetDC
ReleaseDC
SetTimer
KillTimer
GetDesktopWindow
EnableWindow
LoadIconA
CloseWindow
GetWindowLongA
mouse_event
CharUpperA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
UnhookWindowsHookEx
TabbedTextOutA
DrawTextExA
GrayStringA
ScreenToClient
ClientToScreen
GetWindowDC
GetSysColor
CheckMenuItem
EnableMenuItem
ModifyMenuA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
SetCursor
IsWindowEnabled
GetLastActivePopup
EndDialog
GetNextDlgTabItem
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
CopyRect
GetWindow
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowLongA
CallWindowProcA
PtInRect
EqualRect
AdjustWindowRectEx
RegisterClassA
GetClassInfoA
GetClassInfoExA
GetMenu
MapWindowPoints
GetMessagePos
GetMessageTime
SetWindowLongPtrA
GetWindowLongPtrA
GetTopWindow
GetForegroundWindow
GetWindowTextLengthA
SetFocus
RemovePropA
GetPropA
SetPropA
GetClassLongPtrA
GetClassLongA
GetCapture
IsChild
WinHelpA
SendDlgItemMessageA
RegisterWindowMessageA
MapDialogRect
SetWindowContextHelpId

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExA
GetModuleBaseNameA

kernel32

GetCurrentProcessId
CreateFileA
GetPrivateProfileIntA
CreateMutexA
SetThreadLocale
GetThreadLocale
GetPrivateProfileSectionA
CreateThread
SetEvent
CompareStringA
CompareStringW
DeviceIoControl
GlobalFree
GlobalAlloc
MulDiv
FormatMessageA
GlobalUnlock
GlobalLock
GetModuleHandleA
GetModuleFileNameW
FindNextFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
GetFileTime
lstrcmpA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThreadId
GlobalDeleteAtom
GlobalAddAtomA
FreeResource
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
InitializeCriticalSection
TlsAlloc
GlobalReAlloc
GlobalHandle
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
SetErrorMode
GetCurrentDirectoryA
GlobalFlags
GetCPInfo
GetOEMCP
GetTickCount
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RaiseException
RtlPcToFileHeader
ExitProcess
SetStdHandle
GetFileType
HeapSize
GetACP
IsValidCodePage
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
LCMapStringA
LCMapStringW
RtlVirtualUnwind
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStdHandle
HeapSetInformation
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetDriveTypeA
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
OpenProcess
TerminateProcess
GetVersionExA
GetEnvironmentVariableA
lstrcpyA
lstrcatA
SetPriorityClass
SetThreadPriority
ResumeThread
ReleaseMutex
CopyFileA
RemoveDirectoryA
FindFirstFileA
FindClose
CreateDirectoryA
MultiByteToWideChar
CreateProcessA
WaitForSingleObject
CreateEventA
GetWindowsDirectoryA
GetFileAttributesA
SetFileAttributesA
GetShortPathNameA
LoadLibraryA
GetProcAddress
FreeLibrary
WritePrivateProfileStringA
Sleep
lstrlenA
SetLastError
GetPrivateProfileStringA
GetModuleFileNameA
WideCharToMultiByte
GetCurrentThread
LocalAlloc
LocalFree
CloseHandle
GetTempPathA
GetTempFileNameA
MoveFileExA
DeleteFileA
GetVersion
GetCurrentProcess
GetLastError
FindResourceA
LoadResource
LockResource
SizeofResource

gdi32

GetRgnBox
GetTextColor
GetBkColor
GetMapMode
CreateRectRgnIndirect
CreateBitmap
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetClipBox
SetMapMode
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
GetTextExtentPoint32A
GetStockObject
CreateCompatibleDC
SelectObject
GetObjectA
CreateSolidBrush
Rectangle
DeleteObject
SetStretchBltMode
StretchBlt
DeleteDC
CreatePen
MoveToEx
LineTo
SetTextColor
SetBkMode
CreateFontA

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

OpenServiceA
LookupPrivilegeValueA
OpenProcessToken
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
RegDeleteKeyA
RegQueryValueExA
OpenSCManagerA
AdjustTokenPrivileges
CloseServiceHandle
QueryServiceConfigA
OpenThreadToken
DuplicateToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
FreeSid

shell32

SHGetSpecialFolderLocation
SHCreateDirectoryExA
SHGetPathFromIDListA
SHChangeNotify
SHFileOperationA
ShellExecuteExA

shlwapi

PathFileExistsA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathFindFileNameA
PathRemoveFileSpecA

oledlg

ord8

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemFree
CoInitialize
CoCreateInstance
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoTaskMemAlloc

oleaut32

SysFreeString
SysStringLen
SysAllocStringByteLen
SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SysAllocStringLen
VariantCopy
VariantInit
VariantChangeType
VariantClear

Sections

.text
Size: 477KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c0440849123759f068410cfc987aeab

Headers

DLL Characteristics

File Characteristics

Imports

difxapi

setupapi

user32

psapi

kernel32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 477KB - Virtual size: 477KB

.rdata Size: 155KB - Virtual size: 154KB

.data Size: 14KB - Virtual size: 40KB

.pdata Size: 32KB - Virtual size: 31KB

.rsrc Size: 121KB - Virtual size: 121KB

.text
Size: 477KB - Virtual size: 477KB

.rdata
Size: 155KB - Virtual size: 154KB

.data
Size: 14KB - Virtual size: 40KB

.pdata
Size: 32KB - Virtual size: 31KB

.rsrc
Size: 121KB - Virtual size: 121KB