2a72021fc27e7bbe9353cad4f21d0d02_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2a72021fc27e7bbe9353cad4f21d0d02_JaffaCakes118
Size

232KB
MD5

2a72021fc27e7bbe9353cad4f21d0d02
SHA1

21fa9517a6f730cc2d268b822abf3687b20dfe9e
SHA256

f13f1aa1db6b9b6e6fed6f977a349b57b824fbf079a8e0a0ffc5aa3134c382a8
SHA512

ec3506b1c249ccc06a67c6efb0fd430c9620ae5c12e6c1548242ae838ec3c0eabe4fa78825ec95c8ee2aaecee02e2568405f90cbbe807dca2fe26ce70b72c2d2
SSDEEP

6144:GRUauJOIVZC/pFpQG0ztx0yW4cVhI3S7PKL3+OpKT2U:e9lAKalRcjF7COTTx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a72021fc27e7bbe9353cad4f21d0d02_JaffaCakes118

Files

2a72021fc27e7bbe9353cad4f21d0d02_JaffaCakes118
.exe windows:4 windows x86 arch:x86

92b9276a5dbd23b4cf7834b6bc1908bb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
VirtualQueryEx
SetConsoleCP
CopyFileExW
GetUserDefaultLCID
SetProcessWorkingSetSize
DeleteCriticalSection
GlobalCompact
CmdBatNotification
GetCommConfig
GetEnvironmentStringsW
IsBadHugeWritePtr
SetStdHandle
PostQueuedCompletionStatus
GetLocalTime
BackupRead
EnumSystemLocalesW
GetTempPathA
GetConsoleAliasExesW
FindCloseChangeNotification
InvalidateConsoleDIBits
ScrollConsoleScreenBufferA
SetFilePointerEx
WriteConsoleOutputAttribute
GetConsoleCP
DeleteFileA
InterlockedExchangeAdd
FindFirstVolumeW
GetFileAttributesExA
GlobalGetAtomNameW
RaiseException
GetModuleHandleA
SetInformationJobObject
GetSystemTime
RtlUnwind
GetThreadTimes
GetPrivateProfileSectionA
CancelWaitableTimer
GetNumberFormatA
GetCalendarInfoW
PurgeComm
_lopen
GetProcAddress
LoadLibraryA
VirtualAlloc
GetVersion
IsValidLocale
GetHandleInformation

user32

SendMessageCallbackW
SetWindowPlacement
ClipCursor
DdeDisconnectList
SetClassWord
SetClipboardViewer
SendMessageCallbackA
IsClipboardFormatAvailable
SetMenuItemInfoA
OpenClipboard
CreateMenu
GetCapture
CopyRect
SetMessageQueue
SetActiveWindow
EnumPropsA
ModifyMenuW
IMPGetIMEW
CharUpperA
CharLowerW
ShowCursor
GetDoubleClickTime
FreeDDElParam
GetKeyboardLayoutNameA
SetUserObjectInformationA
GetThreadDesktop
SendMessageTimeoutA
DispatchMessageW
OemToCharA
SubtractRect
InsertMenuItemA
SetWindowWord
SetScrollInfo
PtInRect
GetTabbedTextExtentA
CharNextW
ShowWindow
GetClipboardOwner
DdeUnaccessData
SendDlgItemMessageA
TranslateMessage
WaitMessage
ReplyMessage
BeginDeferWindowPos
ChangeDisplaySettingsExA
IsWindowEnabled
CreateDialogIndirectParamW
BroadcastSystemMessageA
AllowSetForegroundWindow
TileChildWindows
GetWindowLongA
EnumDesktopsA
CreateAcceleratorTableA
CallWindowProcA
UserHandleGrantAccess
DrawTextA
EnumDisplayMonitors
SendIMEMessageExW
DefMDIChildProcW
SetWindowsHookExW
ChildWindowFromPointEx
keybd_event
IsDlgButtonChecked
GetKeyboardState
GetSubMenu
DdeCmpStringHandles
GetMenuItemInfoA
SetCursor
CharLowerBuffA
EnumWindows
ScrollWindow
PeekMessageW
MonitorFromWindow
SystemParametersInfoW
SetTimer
GetClassInfoExA
PackDDElParam
IsRectEmpty
DialogBoxParamA
GetForegroundWindow
DestroyIcon
CharPrevA
MoveWindow
EndDialog
DdeImpersonateClient

gdi32

GetStretchBltMode
UnrealizeObject
SelectPalette
DPtoLP

advapi32

SetEntriesInAccessListW
AccessCheckAndAuditAlarmW
QueryUsersOnEncryptedFile
RegSetValueA
AccessCheckAndAuditAlarmA
QueryServiceConfig2W
RegQueryValueExW
CryptEnumProvidersW
LsaSetTrustedDomainInfoByName
RegQueryMultipleValuesW
SetServiceObjectSecurity
SetServiceBits
CryptReleaseContext
ElfRegisterEventSourceW
SetServiceStatus
LsaQueryTrustedDomainInfo
RegEnumKeyExW
ConvertSecurityDescriptorToAccessW
RegEnumValueW
SystemFunction029
LsaOpenSecret
LsaEnumeratePrivileges
CryptSignHashW
SystemFunction006
LsaLookupPrivilegeDisplayName
LsaQueryInformationPolicy
GetSecurityDescriptorSacl
SetSecurityDescriptorOwner
FindFirstFreeAce
BuildTrusteeWithNameW
LsaRetrievePrivateData
RegQueryMultipleValuesA
SetNamedSecurityInfoExA
AddAccessAllowedObjectAce
ConvertSecurityDescriptorToStringSecurityDescriptorW
BuildSecurityDescriptorW
AbortSystemShutdownW
MakeAbsoluteSD
StartServiceCtrlDispatcherA
GetOverlappedAccessResults
CryptGenRandom
LogonUserA
GetAccessPermissionsForObjectA
GetSidSubAuthorityCount
SetNamedSecurityInfoW
TrusteeAccessToObjectA
AccessCheckByTypeResultList
ReadEventLogA
DecryptFileW
RegisterServiceCtrlHandlerW

comctl32

ImageList_SetOverlayImage
ImageList_DrawIndirect
ImageList_Merge
CreateToolbarEx
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
ImageList_LoadImageA
ord17
ImageList_DragLeave
FlatSB_GetScrollRange
ord7
FlatSB_SetScrollProp
ImageList_AddMasked
ord13
_TrackMouseEvent
ImageList_DragMove
ImageList_Replace
ord5
PropertySheetA
ImageList_Duplicate
ImageList_GetImageInfo
ImageList_ReplaceIcon
ImageList_Draw
FlatSB_ShowScrollBar
ord15
ImageList_Write
ImageList_BeginDrag
ImageList_Destroy
FlatSB_SetScrollRange
UninitializeFlatSB
ImageList_Remove
ord2

opengl32

wglSwapLayerBuffers
glPopMatrix
glMapGrid1d
glVertex4sv
glTexCoord4fv
glGetIntegerv
glShadeModel
wglMakeCurrent
glColor3ui
glPolygonOffset
glCopyTexImage2D
glMatrixMode
glColor3us
glClearColor
glColor4b
glTexGenfv
glGetPolygonStipple
glColor4uiv
glBitmap
glGetFloatv
glMultMatrixf
glOrtho
glGenLists
glTexCoord1iv
glRasterPos4s
glNormal3i
glEnable
wglSwapBuffers
glEvalMesh1
glColor3sv
glRasterPos2f
glStencilMask
glStencilOp
glVertex2dv
glMap2d
glColor3dv
glVertex3dv
glVertex2fv
glIndexf
glVertex4i
glVertex3iv
glCallList
glPushAttrib
glDrawPixels
glTexCoord3sv
glNewList
glPopName
glRectd
glIsTexture
glAreTexturesResident
glLightf
glInterleavedArrays
glTexCoord2sv
glTexCoord2s
glEdgeFlagv
glVertexPointer
glIndexsv
glColor4us
glCopyTexSubImage1D
glColor4iv
glIsEnabled
glSelectBuffer
glGetTexEnviv
glLightModeli
glTexCoord2dv
glRasterPos4fv
glTexParameterfv
glLineWidth
glRectf
glPixelTransferi
glDeleteTextures
glClipPlane
wglGetProcAddress
wglCopyContext
glPixelTransferf

winmm

auxGetDevCapsA
midiInGetErrorTextW
mmioDescend
midiOutLongMsg
mciExecute
mmioOpenW
mmTaskSignal
auxGetVolume
mixerMessage
mixerGetDevCapsA
mmTaskYield
mixerGetControlDetailsW
joySetCapture
mciGetErrorStringA
midiInGetID
midiInGetDevCapsW
DriverCallback
mmTaskCreate
waveInAddBuffer
WOWAppExit
timeEndPeriod
midiInStop
sndPlaySoundA
mmioInstallIOProcW
mmioWrite
auxOutMessage
waveInPrepareHeader
joy32Message
mixerGetControlDetailsA
waveInGetID
midiInGetNumDevs
waveOutPause
waveOutOpen
wod32Message
mciDriverNotify
mciSendStringW
mmDrvInstall
waveInMessage
mmioSetInfo
waveInStop
mid32Message
tid32Message
mmioStringToFOURCCA
midiOutCachePatches
midiOutClose
joyGetDevCapsA
waveInGetErrorTextW
mmioSeek
waveOutGetDevCapsW
midiOutPrepareHeader
mciSetYieldProc
midiConnect
midiStreamClose
mixerGetLineInfoW
mmioAscend
waveOutSetVolume
midiOutOpen
timeGetTime
waveOutGetID
PlaySoundW
mmioSetBuffer
mixerGetLineInfoA
mmioFlush
midiInReset
mciGetDeviceIDFromElementIDA
mciGetCreatorTask
waveOutPrepareHeader
auxGetDevCapsW
mixerGetLineControlsA
waveOutGetVolume
mciGetDeviceIDA
timeGetSystemTime
mod32Message
midiOutSetVolume
midiOutGetID
midiStreamStop
mmioClose
OpenDriver
waveInClose
midiInAddBuffer

winspool.drv

DeletePrintProcessorW
DeviceMode
GetPrinterDriverDirectoryA
ord103
EnumPrinterKeyW
SetPrinterDataExA
ord206
DeleteMonitorA
DeletePrinterDataExA
QueryColorProfile
DevicePropertySheets
DEVICECAPABILITIES
DeletePrinterDataA
EnumPrinterDataW
SetJobA
EnumFormsW
ord202
ord100
AdvancedSetupDialog
CloseSpoolFileHandle
ord204
GetPrintProcessorDirectoryW
ord205
DeletePrinterDataExW
ScheduleJob
SetPortW
GetPrinterDataW
GetFormA
StartDocDlgA
AddPrintProvidorA
DeleteFormW
EnumPrintProcessorsW
CommitSpoolData
DeletePrinterDriverW
AddPrinterDriverW
ConnectToPrinterDlg
DeletePrinter
SetFormW
AddMonitorW
ResetPrinterW
EnumMonitorsW
DeletePrinterConnectionA
GetSpoolFileHandle
EXTDEVICEMODE
EnumFormsA
EnumPrintProcessorDatatypesW
AddPortA
ExtDeviceMode
EnumPrintersW
ResetPrinterA
AddJobA
ord203
AddFormW
ord209
ord212
DocumentPropertiesW
SetPrinterDataExW
DeleteMonitorW
GetPrinterA
StartDocPrinterA
WaitForPrinterChange
ConvertAnsiDevModeToUnicodeDevmode
QuerySpoolMode
PrinterMessageBoxA
AddFormA
AddPrinterConnectionA
EnumPrinterDriversA
AdvancedDocumentPropertiesA
AddPortExW
EnumPrinterDriversW
AddPrintProvidorW
DeviceCapabilitiesA
StartDocDlgW

msvcrt

tolower
strtod
fwprintf
fclose
_adj_fptan
memset
_spawnvp
__unguarded_readlc_active
_unlink
_fullpath
fputc
_wcsnicoll
_seh_longjmp_unwind
_mbsicoll
iswspace
setbuf
fwrite
_memicmp
fsetpos
ftell
feof
fopen
calloc
_ismbcdigit
strstr
_cscanf
fgetws
fprintf
__lconv_init
_strdup
__p__environ
fputs
_fsopen
log
fread
sprintf
_acmdln
_mbsspnp
ferror
printf
_stricoll
fseek
_wexecle
_mbscoll
_mbsrchr
_mbschr
_mbsupr
_exit
_XcptFilter
exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit
_onexit

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 556KB - Virtual size: 553KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

92b9276a5dbd23b4cf7834b6bc1908bb

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

comctl32

opengl32

winmm

winspool.drv

msvcrt

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 556KB - Virtual size: 553KB

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 556KB - Virtual size: 553KB