42bee9e82be454ecf892fa97e4b9265d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

42bee9e82be454ecf892fa97e4b9265d_JaffaCakes118
Size

5.3MB
MD5

42bee9e82be454ecf892fa97e4b9265d
SHA1

788a4dac41cef4323c71d4299408aa7a0932a8f5
SHA256

73a37b8e23e2463188f79719ddc4cf3accc0b3b20409a20156433d2c16f222b1
SHA512

d5c74488f583dd206e631d80607e184534c4caa8ef6393acc8d9137d62944e92bbe4d21938cbb787766e05fb42c08e18f1daf0f8070587287125ff6445b8f722
SSDEEP

49152:7HeTlP2+GMzF0UaK1Nl5YN4gZCCQCM0Cla1PrIHGiPe8FLfM9tvnq1ucKMre0b7W:7mNGA0o7YZQCM0nkpDLXZPbdsiOxd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42bee9e82be454ecf892fa97e4b9265d_JaffaCakes118

Files

42bee9e82be454ecf892fa97e4b9265d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

02453f23d95da9c9850424bbfa000b42

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptImportKey
CryptGetHashParam
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
CryptDeriveKey
CryptDecrypt
CryptCreateHash
CryptHashData
CryptVerifySignatureA
CryptDestroyHash
RegEnumValueA
CryptReleaseContext
CryptDestroyKey
CryptEncrypt
CryptAcquireContextA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameA
RegCreateKeyExA
RegDeleteValueA

dinput8

DirectInput8Create

gdi32

BitBlt
SelectObject
CreateCompatibleDC
DeleteDC
GetStockObject
GetObjectA

kernel32

OpenProcess
GetModuleFileNameA
LocalLock
ReadProcessMemory
CloseHandle
GetCurrentThreadId
FormatMessageA
lstrlen
LocalAlloc
GetVersionExA
IsBadWritePtr
SetUnhandledExceptionFilter
lstrcmpi
LoadLibraryA
GetProcAddress
FreeLibrary
InterlockedExchange
CreateDirectoryA
FindFirstFileA
DeleteFileA
FindNextFileA
FindClose
GetLastError
CompareFileTime
lstrcpy
FileTimeToSystemTime
GetVersion
SetFilePointer
GetLocalTime
SystemTimeToFileTime
IsDBCSLeadByte
MultiByteToWideChar
LocalFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
SetConsoleCtrlHandler
FlushFileBuffers
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetStringTypeW
GetStringTypeA
IsBadCodePtr
GetFileType
LockResource
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetCurrentThread
SetLastError
TlsFree
TlsAlloc
FatalAppExitA
HeapSize
HeapReAlloc
GetSystemTime
GetTimeZoneInformation
GetFileAttributesA
GetCommandLineA
GetStartupInfoA
ExitThread
TlsGetValue
InterlockedIncrement
InterlockedDecrement
GetVolumeInformationA
GetWindowsDirectoryA
Thread32Next
Thread32First
Process32Next
Process32First
CreateToolhelp32Snapshot
WideCharToMultiByte
TerminateProcess
SetEvent
InitializeCriticalSection
DeleteCriticalSection
SetEndOfFile
WriteFile
ResumeThread
ResetEvent
SetThreadPriority
GetModuleHandleA
GetExitCodeProcess
WaitForMultipleObjects
CreateProcessA
ReadFile
GetFileSize
CreateEventA
WaitForSingleObject
OpenEventA
GetTickCount
CreateFileA
lstrcat
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
OpenMutexA
CreateThread
TerminateThread
CreateMutexA
ReleaseMutex
GetComputerNameA
lstrcmp
ExitProcess
QueryPerformanceCounter
IsBadReadPtr
GetSystemDirectoryA
GetModuleFileNameW
VirtualProtect
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
CopyFileA
GetCurrentDirectoryA
VirtualQuery
VirtualAlloc
VirtualFree
LoadLibraryExA
GetTempFileNameA
GetTempPathA
HeapFree
GetProcessHeap
HeapAlloc
GetFileInformationByHandle
DuplicateHandle
GetCurrentProcess
SetStdHandle
CreatePipe
GetStdHandle
PeekNamedPipe
Sleep
lstrlenW
RtlUnwind
RaiseException
FileTimeToLocalFileTime
TlsSetValue

netapi32

Netbios

oleaut32

SysAllocString
CreateErrorInfo
SysFreeString
SetErrorInfo
VariantInit
VariantChangeType
VariantCopy
SafeArrayDestroy
SafeArrayCreate
VariantClear
GetErrorInfo

shell32

SHGetSpecialFolderPathA

user32

wvsprintfA
PtInRect
wsprintfA
BringWindowToTop
AttachThreadInput
GetWindowThreadProcessId
SetRectEmpty
EnumThreadWindows
MessageBoxA
GetWindowTextA
SetRect
MapVirtualKeyA
DialogBoxParamA
FrameRect
LoadBitmapA
IsWindowEnabled
FindWindowA
CreateWindowExA
GetDlgItem
EnableWindow

wininet

InternetCloseHandle
FtpOpenFileA
InternetConnectA
InternetOpenA
FtpGetFileSize
FtpGetFileA

winmm

timeKillEvent
timeSetEvent
timeGetTime

ws2_32

htonl
WSASend
send
sendto
WSACleanup
WSAStartup
getpeername
socket
inet_addr
gethostbyname
WSAGetLastError
closesocket
htons

ijl15

ijlFree
ijlWrite
ijlInit

npkcrypt

NPKSetDrvPath
NPKOpenDriver
NPKGetAppCompatFlag
NPKLoadAtStartup
NPKRegisterCryptWindowMsg
NPKCloseDriver
NPKSetAppCompatFlag

ole32

CoCreateGuid

Exports

Exports

ZtlTaskMemAllocImp
ZtlTaskMemFreeImp
ZtlTaskMemReallocImp

Sections

Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 424KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 656KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mackt
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

02453f23d95da9c9850424bbfa000b42

Headers

File Characteristics

Imports

advapi32

dinput8

gdi32

kernel32

netapi32

oleaut32

shell32

user32

wininet

winmm

ws2_32

ijl15

npkcrypt

ole32

Exports

Exports

Sections

Size: 4.1MB - Virtual size: 4.1MB

Size: 424KB - Virtual size: 424KB

Size: 112KB - Virtual size: 112KB

.rsrc Size: 656KB - Virtual size: 656KB

.data Size: 72KB - Virtual size: 72KB

.adata Size: 4KB - Virtual size: 4KB

.tls Size: 8KB - Virtual size: 8KB

.mackt Size: 8KB - Virtual size: 8KB

.rsrc
Size: 656KB - Virtual size: 656KB

.data
Size: 72KB - Virtual size: 72KB

.adata
Size: 4KB - Virtual size: 4KB

.tls
Size: 8KB - Virtual size: 8KB

.mackt
Size: 8KB - Virtual size: 8KB