16f741458fda95cf9a667519457b201a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16f741458fda95cf9a667519457b201a_JaffaCakes118
Size

132KB
MD5

16f741458fda95cf9a667519457b201a
SHA1

024fe3ba015fdd9e79ba4e5bc36a71ecb1d4d68c
SHA256

e1b8bf5027c1133744a3f82d4e4f0b60b189449091491927a9d79e312975db2b
SHA512

5cd522c91d7b71410cb22b9cf57307ac6d310d58130feef6a10846f2c938209dfb5b0d3f6e0ad84be517a6839e3111b7e4be307da913f9d1cf2a4f5313f355e5
SSDEEP

3072:uqUqeDPy0UbSHmKLFpSxelb0W6k0s10lTJ8ifuk4Q8YqfLZ2HK1ZoKI:upqeDPy0GS1ielb0W6U0lTqifukyv51K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16f741458fda95cf9a667519457b201a_JaffaCakes118

Files

16f741458fda95cf9a667519457b201a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

663736ad89bd1b928cea371033071435

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileExW
GetTickCount
GetUserDefaultUILanguage
GetEnvironmentVariableW
FileTimeToDosDateTime
GetTempFileNameW
HeapReAlloc
CreateMutexW
FindFirstFileW
SetEndOfFile
CreateProcessW
HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
HeapFree
GetProcessHeap
IsBadReadPtr
SetFileTime
VirtualQueryEx
OpenProcess
Thread32First
WideCharToMultiByte
ReadProcessMemory
HeapDestroy
HeapCreate
Thread32Next
ReadFile
GetTimeZoneInformation
MultiByteToWideChar
ResetEvent
GetFileSizeEx
OpenMutexW
GetLastError
SetLastError
VirtualProtectEx
VirtualAllocEx
FindClose
RemoveDirectoryW
FindNextFileW
CreateToolhelp32Snapshot
GetFileTime
ReleaseMutex
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
CreateRemoteThread
TerminateThread
Process32FirstW
GetProcessId
Process32NextW
lstrcatW
GetWindowsDirectoryW
GetThreadContext
SetThreadContext
GlobalLock
GlobalUnlock
GetNativeSystemInfo
FreeLibrary
CreateDirectoryW
VirtualAlloc
LoadLibraryA
ExpandEnvironmentStringsW
SetThreadPriority
GetCurrentThread
GetPrivateProfileIntW
FlushFileBuffers
WriteFile
GetPrivateProfileStringW
WaitForSingleObject
SetEvent
WriteProcessMemory
GetTempPathW
LocalFree
LoadLibraryW
Sleep
GetFileAttributesW
CreateFileW
lstrcmpiA
GetProcAddress
WTSGetActiveConsoleSessionId
lstrcmpiW
CloseHandle
SetFileAttributesW
InitializeCriticalSection
LeaveCriticalSection
GetCurrentProcessId
DuplicateHandle
OpenEventW
GetFileAttributesExW
VirtualProtect
WaitForMultipleObjects
CreateEventW
GetModuleFileNameW
GetVersionExW
VirtualFreeEx
VirtualFree
GetModuleHandleW
GetComputerNameW
SetErrorMode
GetCommandLineW
CreateThread
GetSystemTime
GetLocalTime
EnterCriticalSection
ExitProcess

user32

CharToOemW
CharLowerW
MsgWaitForMultipleObjects
LoadImageW
CharLowerA
PeekMessageW
CharUpperW
GetClipboardData
ToUnicode
GetKeyboardState
TranslateMessage
ExitWindowsEx
CharLowerBuffA
GetCursorPos
GetIconInfo
DrawIcon
DispatchMessageW

advapi32

InitiateSystemShutdownExW
IsWellKnownSid
GetLengthSid
RegOpenKeyExW
RegEnumKeyExW
ConvertSidToStringSidW
CryptHashData
RegSetValueExW
AdjustTokenPrivileges
CryptDestroyHash
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptCreateHash
LookupPrivilegeValueW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
RegQueryValueExW
CryptReleaseContext
RegCreateKeyExW
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
CryptAcquireContextW
GetSidSubAuthority
OpenProcessToken
CryptGetHashParam
RegCloseKey
EqualSid

shlwapi

StrStrIA
StrStrIW
UrlUnescapeA
wvnsprintfW
PathIsDirectoryW
PathFindFileNameW
PathAddBackslashW
PathIsURLW
PathSkipRootW
SHDeleteKeyW
PathCombineW
PathAddExtensionW
PathQuoteSpacesW
PathMatchSpecW
StrCmpNIA
wvnsprintfA
PathUnquoteSpacesW
PathRemoveBackslashW
PathRenameExtensionW
StrCmpNIW
PathRemoveFileSpecW
SHDeleteValueW

shell32

CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW

secur32

GetUserNameExW

ole32

StringFromGUID2
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitializeEx

ws2_32

getpeername
send
closesocket
WSASend
accept
socket
listen
WSASetLastError
WSAEventSelect
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
WSAGetLastError
shutdown
setsockopt
bind
getaddrinfo
select
getsockname
sendto
recv
freeaddrinfo
recvfrom

crypt32

PFXImportCertStore
CryptUnprotectData
CertDeleteCertificateFromStore
CertOpenSystemStoreW
CertCloseStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
PFXExportCertStoreEx

wininet

InternetOpenA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpSendRequestW
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpSendRequestExA
InternetQueryOptionA
InternetSetOptionA
InternetReadFile
InternetQueryOptionW
InternetCloseHandle
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCrackUrlA
InternetConnectA
HttpQueryInfoA

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

663736ad89bd1b928cea371033071435

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

ws2_32

crypt32

wininet

oleaut32

netapi32

Sections

.text Size: 124KB - Virtual size: 123KB

.data Size: 512B - Virtual size: 7KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 124KB - Virtual size: 123KB

.data
Size: 512B - Virtual size: 7KB

.reloc
Size: 5KB - Virtual size: 4KB