13e943afc92dfb83de4b91da11e6bd7a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

13e943afc92dfb83de4b91da11e6bd7a_JaffaCakes118
Size

488KB
MD5

13e943afc92dfb83de4b91da11e6bd7a
SHA1

a0abf303b9bef8705f0c3209566b2360e036d375
SHA256

099e4f1197b6b8593475c0f5a911e6274b57eb8ef109aca96b5cd4c0a487ca3e
SHA512

ca42e35c2c2f479d3d4c4d92835599bd679294fa039cfaa2825ef2fa378983fea0cb67bd6ae9b295787d6bb734156f5d50eefcc3c0d49edd8f8c4d1ccffe8a22
SSDEEP

6144:cRGH0u75S69USMyDPZYvSgL8mg7HHucJq6ojMKtfDuEmDGInRXNl/ITsdyytf:cRW0OfFSvSgL8mRodKpDu9n/ltyytf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13e943afc92dfb83de4b91da11e6bd7a_JaffaCakes118

Files

13e943afc92dfb83de4b91da11e6bd7a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

50c0a4699493584e6fd1c146c36e6686

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
HeapFree
ReadProcessMemory
SetFilePointer
GetModuleFileNameA
VirtualProtect
VirtualQuery
VirtualFree
VirtualAlloc
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
lstrcpyA
CreateEventA
CreateThread
CloseHandle
GetModuleHandleA
SetEvent
GetTickCount
WaitForSingleObject
WideCharToMultiByte
Sleep
FindResourceExA
FindResourceA
HeapAlloc
TerminateThread
ReadFile
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
SetStdHandle
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
CreateFileA
DeleteFileA
GetCurrentProcessId
OpenMutexA
CreateMutexA
GetLastError
GetCommandLineA
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
MultiByteToWideChar
LoadResource
LockResource
SizeofResource
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemInfo
GetStartupInfoA
ExitProcess
GetModuleHandleW
RtlUnwind
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapDestroy
LocalAlloc
SetErrorMode
GetDriveTypeA
GetComputerNameA
GetProcessTimes
DosDateTimeToFileTime
TerminateProcess
MoveFileExA
GetTempFileNameA
CreateProcessA
GetExitCodeProcess
CreateToolhelp32Snapshot
Module32First
GetVolumeInformationA
GetLocaleInfoA
GetComputerNameExA
CreateDirectoryA
OpenProcess
GetStdHandle
FreeConsole
AttachConsole
WriteConsoleA
Process32First
Process32Next
GetSystemDirectoryA
GetWindowsDirectoryA
GetTempPathA
GetVersionExA
GetShortPathNameA
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
lstrlenA
lstrlenW
FlushInstructionCache
lstrcmpA
SetLastError
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetLocalTime
GetSystemTime
HeapReAlloc
WaitForMultipleObjectsEx
ResumeThread
ReleaseMutex
WriteFile
FileTimeToSystemTime
GetVersion
GetFileSize
GetCurrentDirectoryA
OutputDebugStringA
GetExitCodeThread
FreeLibrary
GetProcAddress
LoadLibraryA
DeviceIoControl
LocalFree

user32

GetWindowLongA
ReleaseDC
SetRect
GetDC
SystemParametersInfoA
GetWindowRect
DefWindowProcA
SetWindowLongA
FindWindowExA
SendMessageA
PostMessageA
RedrawWindow
ReleaseCapture
SetWindowPos
GetCursorPos
SetCursor
PtInRect
ScreenToClient
GetFocus
GetParent
EnumWindows
GetWindowThreadProcessId
GetClassNameA
GetClientRect
GetWindowTextA
CreateDialogParamA
GetDesktopWindow
SetDlgItemTextA
UnregisterClassA
PostThreadMessageA
IsWindow
GetClassInfoExA
RegisterClassExA
BeginPaint
FillRect
DrawTextA
EndPaint
SetCapture
MessageBoxA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
LoadCursorA
RegisterClassA
CreateWindowExA
ShowWindow
UpdateWindow
GetSystemMenu
EnableMenuItem
GetSysColorBrush
FrameRect
MoveWindow
GetSysColor
LoadImageA
GetSystemMetrics
CharNextA
ClientToScreen
InvalidateRect
InvalidateRgn
IsChild
GetDlgItem
CallWindowProcA
DestroyAcceleratorTable
SetFocus
GetWindow
CreateAcceleratorTableA
SetWindowTextA
GetWindowTextLengthA
RegisterWindowMessageA
AttachThreadInput
GetForegroundWindow
FindWindowA
InflateRect
SetTimer
KillTimer
BringWindowToTop
SetForegroundWindow

gdi32

CreateSolidBrush
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateFontIndirectA
SetBkMode
SetTextColor
PatBlt
BitBlt
DeleteObject
DeleteDC
GetObjectA
GetStockObject

advapi32

RegQueryValueExA
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextA
CryptHashData
CryptVerifySignatureA
CryptImportKey
CryptCreateHash
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegSetValueExA
OpenProcessToken
DuplicateTokenEx
ConvertSidToStringSidA
LookupAccountNameA

ole32

CLSIDFromString
CoCreateGuid
CoSetProxyBlanket
CoInitializeSecurity
CoInitialize
CLSIDFromProgID
CoGetClassObject
CoTaskMemAlloc
StringFromGUID2
OleInitialize
OleUninitialize
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
OleLockRunning
CoCreateInstance

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
VariantChangeType
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
VariantInit
SysStringLen
OleLoadPicture
SysAllocStringLen
SysFreeString

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shlwapi

PathRemoveArgsA
UrlEscapeA
PathAddExtensionA
PathAppendA
PathQuoteSpacesA
PathFileExistsA
PathCombineA
PathStripPathA
PathRemoveExtensionA
PathFindExtensionA
PathUnquoteSpacesA
PathStripToRootA

ws2_32

WSACreateEvent
WSARecv
closesocket
WSASocketA
WSAEventSelect
WSASetEvent
WSACleanup
freeaddrinfo
getaddrinfo
WSASetLastError
WSACloseEvent
WSAEnumNetworkEvents
WSAGetLastError
WSAResetEvent
WSAStartup
WSASend
WSAGetOverlappedResult
WSAConnect

Sections

.text
Size: 289KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.crepe
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50c0a4699493584e6fd1c146c36e6686

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

version

shlwapi

ws2_32

Sections

.text Size: 289KB - Virtual size: 289KB

.crepe Size: 5KB - Virtual size: 5KB

.rdata Size: 68KB - Virtual size: 68KB

.data Size: 36KB - Virtual size: 36KB

.rsrc Size: 70KB - Virtual size: 70KB

.text
Size: 289KB - Virtual size: 289KB

.crepe
Size: 5KB - Virtual size: 5KB

.rdata
Size: 68KB - Virtual size: 68KB

.data
Size: 36KB - Virtual size: 36KB

.rsrc
Size: 70KB - Virtual size: 70KB