3733f5877e32063a489bd46d1c7a0b10_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3733f5877e32063a489bd46d1c7a0b10_JaffaCakes118
Size

612KB
MD5

3733f5877e32063a489bd46d1c7a0b10
SHA1

9bb92bbdd1e253c75142a6abd398e892a9f98d16
SHA256

a76d7f4f39fae9187193ffe22a187830d8a16b4492e17842849219b60f470f13
SHA512

2d7d5dbfa8c2c68dc8a4097309afe4fd3c9e66d6e3e375be2503c4afccd0d9f8c26f411a94095263d84a3027be22ede8e28d6862322f68b06112602748c02f4f
SSDEEP

12288:yfjn+QJ9O+CRmjROO1Uzkyz4IoVlrVDKiyN/4joPXO6n3/jf:A9O+CRmtoziEiyt4jo267f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3733f5877e32063a489bd46d1c7a0b10_JaffaCakes118

Files

3733f5877e32063a489bd46d1c7a0b10_JaffaCakes118
.exe windows:5 windows x86 arch:x86

633521a256077b96d7bd58892ac5ad63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventW
SetEvent
ReleaseMutex
Sleep
RaiseException
InitializeCriticalSectionAndSpinCount
SizeofResource
LockResource
LoadResource
FindResourceW
ResetEvent
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
GetUserDefaultLCID
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
LoadLibraryExW
FlushInstructionCache
lstrcmpW
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentThreadId
SetLastError
TerminateProcess
WaitForMultipleObjects
LocalAlloc
CopyFileW
SetFileAttributesW
GetFileAttributesW
CreateDirectoryW
GlobalHandle
FreeResource
SetEnvironmentVariableW
CreateMutexA
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetTimeZoneInformation
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
GetLocaleInfoW
GetFileType
ExpandEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
GetStdHandle
ExitProcess
HeapCreate
LCMapStringW
HeapReAlloc
GetStartupInfoW
HeapSetInformation
GetCPInfo
VirtualQuery
GetSystemInfo
VirtualProtect
RtlUnwind
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
CreateFileA
TlsAlloc
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
GetSystemTime
LoadLibraryW
LoadLibraryA
GetFullPathNameW
GetFullPathNameA
UnlockFile
LockFileEx
LockFile
GetFileSize
SetEndOfFile
FlushFileBuffers
FindFirstFileW
FindClose
CreateThread
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
GetVersionExW
WaitForSingleObject
GetModuleHandleA
GetComputerNameW
lstrlenA
GetCurrentProcess
GetPrivateProfileStringW
GlobalFree
WritePrivateProfileStringW
DeleteFileW
MoveFileW
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
ReadFile
lstrlenW
WideCharToMultiByte
OutputDebugStringA
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
GetCommandLineW
LocalFree
GetTempPathW
GetTempFileNameW
CreateFileW
WriteFile
GetLastError
SetFilePointer
GetTempPathA
DeleteFileA
GetFileAttributesA
AreFileApisANSI
CloseHandle
SetHandleCount

advapi32

RegCloseKey
RegCreateKeyExW
GetUserNameW
ImpersonateSelf
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityW
FreeSid
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
OpenProcessToken
GetTokenInformation
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA
RegSetValueExW

gdi32

CreateFontIndirectW
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
CreateSolidBrush
GetObjectW
SetBkColor
CreateRoundRectRgn
GetStockObject
SelectObject
PatBlt
PaintRgn
FrameRgn
DeleteObject
SetTextColor

iphlpapi

GetAdaptersAddresses

ole32

CLSIDFromString
CoTaskMemFree
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoRevokeClassObject
CoRegisterClassObject
CoInitialize
CoUninitialize
CoAddRefServerProcess
CoReleaseServerProcess
CoInitializeSecurity
CoInitializeEx
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

GetErrorInfo
VarUI4FromStr
SysFreeString
SysAllocStringLen
SysAllocString
VariantCopy
VariantClear
VariantInit
LoadRegTypeLi
SafeArrayCreateVector
VariantChangeType
SafeArrayGetUBound
RegisterTypeLi
UnRegisterTypeLi
OleCreateFontIndirect
LoadTypeLi
SysStringLen

shell32

Shell_NotifyIconW
ShellExecuteExW
ord680
CommandLineToArgvW
ExtractIconW

shlwapi

StrStrIW

user32

wsprintfW
SystemParametersInfoW
SendMessageW
CharNextW
GetWindowLongW
SetWindowLongW
UnregisterClassA
SetWindowPos
GetClientRect
SetLayeredWindowAttributes
KillTimer
SendDlgItemMessageW
SetDlgItemTextW
PostMessageW
DestroyAcceleratorTable
GetDlgItem
MessageBoxW
EndDialog
SetCursor
LoadCursorW
PtInRect
GetWindowRect
GetCursorPos
TrackPopupMenu
LoadIconW
SetMenuDefaultItem
GetSubMenu
LoadMenuW
LoadBitmapW
GetSysColor
CreateWindowExW
GetWindow
SetWindowContextHelpId
MapDialogRect
DefWindowProcW
MoveWindow
ClientToScreen
RegisterWindowMessageA
ScreenToClient
PostThreadMessageW
GetMessageW
DispatchMessageW
TranslateMessage
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateAcceleratorTableW
RegisterClassExW
GetClassInfoExW
IsWindow
SetFocus
GetFocus
DialogBoxIndirectParamW
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
DestroyWindow
FillRect
ReleaseCapture
GetClassNameW
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winhttp

WinHttpCloseHandle
WinHttpSetStatusCallback
WinHttpSetOption
WinHttpOpen
WinHttpGetProxyForUrl
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpGetIEProxyConfigForCurrentUser

Sections

.text
Size: 500KB - Virtual size: 499KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

633521a256077b96d7bd58892ac5ad63

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

gdi32

iphlpapi

ole32

oleaut32

shell32

shlwapi

user32

version

winhttp

Sections

.text Size: 500KB - Virtual size: 499KB

.rdata Size: 83KB - Virtual size: 83KB

.data Size: 11KB - Virtual size: 21KB

.rsrc Size: 18KB - Virtual size: 19KB

.reloc Size: - Virtual size: 30KB

.text
Size: 500KB - Virtual size: 499KB

.rdata
Size: 83KB - Virtual size: 83KB

.data
Size: 11KB - Virtual size: 21KB

.rsrc
Size: 18KB - Virtual size: 19KB

.reloc
Size: - Virtual size: 30KB