56c2949e41aef58ed7c966941a719cb5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

56c2949e41aef58ed7c966941a719cb5_JaffaCakes118
Size

322KB
MD5

56c2949e41aef58ed7c966941a719cb5
SHA1

d16b6a6c750730c0727cfb8b5ceff2d62a6d03c1
SHA256

de14a4c07a8e820738974e74737230433eacfb7feb883d42ec5b8ddbb067c6c1
SHA512

98aed86bc60a973900b97815c9ef108e9843422f8d379916626285975d2a53a3a8d85a8b9bb58f34182520fc387f7300b1eee3c8af2ccf7f3828f871d6151fc6
SSDEEP

6144:6gbqVi9i2FGnjqhuD5sN/44cxCFLKh+2Q/2P:CD2FGeuvxW2h+L2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56c2949e41aef58ed7c966941a719cb5_JaffaCakes118

Files

56c2949e41aef58ed7c966941a719cb5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b4bdab1d13f12c67a090bc331fb1ab43

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
HeapAlloc
HeapFree
VirtualAlloc
CommConfigDialogA
GlobalSize
GetTempPathW
SetCriticalSectionSpinCount
FoldStringW
GetFileAttributesExA
InitializeCriticalSectionAndSpinCount
HeapValidate
GetDiskFreeSpaceExW
SetComputerNameW
Toolhelp32ReadProcessMemory
FillConsoleOutputCharacterA
lstrcmpiW
GetHandleInformation
CreatePipe
GlobalUnWire
GetLargestConsoleWindowSize
SetConsoleScreenBufferSize
SleepEx
GlobalWire
CreateProcessW
GetThreadTimes
OpenEventW
PeekNamedPipe
RtlMoveMemory
FlushViewOfFile
lstrcmp
GlobalFix
GetExitCodeProcess
DeleteCriticalSection
GetNamedPipeHandleStateW
GlobalHandle
GetShortPathNameW
GetLocaleInfoA
SuspendThread
GetProcessShutdownParameters
HeapCompact
CreateDirectoryExA
Module32First
GetPrivateProfileIntW
VirtualAllocEx
OpenFileMappingW
GlobalCompact
ReadConsoleOutputCharacterW
GetPriorityClass
MultiByteToWideChar
GetTimeFormatA
HeapDestroy
FillConsoleOutputCharacterW
MapViewOfFileEx
SetConsoleTitleA
BeginUpdateResourceW
WaitCommEvent
GetStartupInfoA
GetMailslotInfo
IsValidCodePage
WriteProcessMemory
GetDiskFreeSpaceExA
ResumeThread
GlobalAlloc
GlobalFree
CreateMailslotA
CreateWaitableTimerW
SetTimeZoneInformation
SetHandleCount
GetProcAddress
FindResourceA
SetCurrentDirectoryW
GetExitCodeThread
FreeLibraryAndExitThread
EscapeCommFunction
GetNumberFormatW
GetEnvironmentVariableW
GetComputerNameA
GetLocaleInfoW
ReadConsoleOutputAttribute
GetSystemDefaultLangID
WriteConsoleOutputA
EnumTimeFormatsA
ReleaseSemaphore
ResetEvent
PeekConsoleInputW
GetCurrentDirectoryW
GlobalDeleteAtom
ExpandEnvironmentStringsA
LocalAlloc
TryEnterCriticalSection
RemoveDirectoryW
lstrcpyn
GlobalUnlock
CreateFileA
lstrlen
EnumTimeFormatsW
GetVersionExW
FormatMessageA
WritePrivateProfileStructA
GetDriveTypeW
GetProfileSectionW
FindAtomW
FreeLibrary
GetNumberOfConsoleMouseButtons
GetSystemPowerStatus
ReadFile
GetThreadContext
FileTimeToSystemTime
EnumCalendarInfoA
CommConfigDialogW
lstrcpynA
SetConsoleTitleW
EnumResourceTypesW
PeekConsoleInputA
FillConsoleOutputAttribute
CreateThread
GetCompressedFileSizeW
DisconnectNamedPipe
GetLongPathNameA
GetDriveTypeA
SetFilePointer
VirtualFree
LoadLibraryExW
CreateMutexA
SetFileTime
FreeEnvironmentStringsA
FindResourceExA
EraseTape
InterlockedExchangeAdd
SetLocaleInfoW
GlobalUnfix
GetCommandLineA
GetAtomNameW
GetWindowsDirectoryA
GetVersion
UnhandledExceptionFilter

wininet

InternetOpenA
InternetGoOnlineW
FtpGetFileEx
SetUrlCacheEntryInfoW
InternetSetCookieA
FtpFindFirstFileW
GopherGetLocatorTypeA
InternetDialW
HttpSendRequestExA
FtpGetFileW
InternetUnlockRequestFile
FindFirstUrlCacheEntryA
HttpEndRequestW
FtpDeleteFileW
FindNextUrlCacheEntryExA
HttpCheckDavCompliance
InternetConnectA
InternetSetDialStateW
InternetLockRequestFile
FtpCreateDirectoryA
FtpPutFileA
HttpQueryInfoA
LoadUrlCacheContent
InternetSetDialState
InternetConnectW
SetUrlCacheHeaderData
FindNextUrlCacheEntryA
InternetAutodial
UrlZonesDetach
InternetCheckConnectionW
FtpDeleteFileA
HttpSendRequestW
UnlockUrlCacheEntryStream
GopherFindFirstFileW
UpdateUrlCacheContentPath
InternetQueryFortezzaStatus
InternetInitializeAutoProxyDll
SetUrlCacheEntryInfoA
CreateUrlCacheEntryA
FtpPutFileW
FindCloseUrlCache
SetUrlCacheGroupAttributeW
UnlockUrlCacheEntryFileW
FtpCreateDirectoryW
InternetShowSecurityInfoByURLW
CreateUrlCacheGroup
SetUrlCacheEntryGroupA
InternetShowSecurityInfoByURLA
FindNextUrlCacheContainerW
DeleteUrlCacheEntry
InternetSetDialStateA
GopherCreateLocatorA
InternetTimeToSystemTime
FreeUrlCacheSpaceW
ShowSecurityInfo
FindNextUrlCacheEntryExW
InternetWriteFileExA
InternetGetCertByURL
GetUrlCacheGroupAttributeA
InternetCrackUrlA
InternetSetOptionExA
FtpOpenFileW
InternetSetOptionA
GopherCreateLocatorW
InternetCloseHandle
InternetCreateUrlW
FtpRenameFileA
GetUrlCacheGroupAttributeW
IsHostInProxyBypassList
RetrieveUrlCacheEntryStreamA
DeleteUrlCacheEntryW
CommitUrlCacheEntryW
GetUrlCacheConfigInfoW
FindNextUrlCacheContainerA
GopherOpenFileA
InternetTimeFromSystemTimeW
InternetQueryOptionA
UnlockUrlCacheEntryFileA
FindFirstUrlCacheGroup
FtpCommandA
FtpRemoveDirectoryA
InternetFortezzaCommand
GopherGetAttributeW
InternetCheckConnectionA
HttpOpenRequestW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryExW
InternetCreateUrlA
InternetSetOptionW
FreeUrlCacheSpaceA
DeleteUrlCacheEntryA
IsUrlCacheEntryExpiredA
InternetOpenUrlA
CreateUrlCacheContainerW
GetUrlCacheConfigInfoA
GopherFindFirstFileA
InternetSetCookieW
GopherGetLocatorTypeW
RetrieveUrlCacheEntryFileW
SetUrlCacheEntryGroup
InternetGetConnectedStateEx
RegisterUrlCacheNotification
InternetGoOnlineA
SetUrlCacheConfigInfoW
InternetConfirmZoneCrossingW
FtpPutFileEx
FtpGetCurrentDirectoryW
InternetGetCertByURLA
DetectAutoProxyUrl
InternetGoOnline
FtpSetCurrentDirectoryW
FindFirstUrlCacheEntryExA
RetrieveUrlCacheEntryStreamW
DeleteUrlCacheGroup
InternetTimeFromSystemTimeA
DeleteUrlCacheContainerA
InternetDialA
CommitUrlCacheEntryA
FtpGetCurrentDirectoryA
InternetSecurityProtocolToStringA
GopherOpenFileW
SetUrlCacheEntryGroupW
FindFirstUrlCacheContainerW
InternetFindNextFileW
GetUrlCacheEntryInfoExA
FtpCommandW
InternetGetConnectedStateExA
HttpSendRequestExW
InternetReadFileExW
IncrementUrlCacheHeaderData
InternetTimeToSystemTimeW
ReadUrlCacheEntryStream

user32

WindowFromPoint
CloseDesktop
SwitchToThisWindow
GetWindowThreadProcessId
GetUserObjectSecurity
GetCursorPos
ScreenToClient
DdeUninitialize
DefDlgProcA
RegisterWindowMessageA
DdePostAdvise
ReuseDDElParam
GetWindowTextLengthA
DefFrameProcA
SetDebugErrorLevel
GetKeyNameTextA
EnumDesktopsW
GetUpdateRect
GetMenuStringW
FindWindowExW
DestroyMenu
AppendMenuA
CopyImage
SubtractRect
EndPaint
EndMenu
IsZoomed
EnumPropsW
GetForegroundWindow
CallMsgFilterW
PaintDesktop
GetClassInfoExA
CharLowerA
SendInput
RegisterClipboardFormatW
GetWindowPlacement
CharLowerW
GetParent
DdeGetData
ExitWindowsEx
GetWindowTextW
KillTimer
UnloadKeyboardLayout
LoadCursorFromFileA
SetPropA
CopyAcceleratorTableA
OpenInputDesktop
CreateMDIWindowA
GetProcessDefaultLayout
MsgWaitForMultipleObjectsEx
SetForegroundWindow
DlgDirListComboBoxA
SetProcessDefaultLayout
GetMessagePos
EnumDisplaySettingsExW
GetClassNameW
TranslateAccelerator
DrawTextW
SetUserObjectSecurity
GetWindowInfo
GetWindowRgn
CreateAcceleratorTableA
GetDoubleClickTime
RemovePropW
SendNotifyMessageA
GetClipboardFormatNameW
SetLastErrorEx
DdeReconnect

shell32

FreeIconList
InternalExtractIconListA
SHFileOperationW
SHQueryRecycleBinA
FindExecutableA
ExtractIconExA
SHAddToRecentDocs
SheSetCurDrive
SHGetFileInfoW
SHGetFileInfoA
SHInvokePrinterCommandA
DragQueryPoint
SHGetNewLinkInfo
ShellExecuteA
SHUpdateRecycleBinIcon
SHGetInstanceExplorer
ExtractAssociatedIconExA
DragQueryFileW
SHGetSpecialFolderPathA
SHGetPathFromIDListA
SHGetMalloc
ExtractIconEx
SHEmptyRecycleBinW
RealShellExecuteW
SHChangeNotify
ExtractAssociatedIconExW
FindExecutableW
SHGetDataFromIDListW
SheChangeDirExW
ShellAboutA
ExtractIconA
SHGetDesktopFolder
DragAcceptFiles
SHFormatDrive
ExtractIconExW
ShellAboutW
SHBrowseForFolderA
InternalExtractIconListW
SHGetDiskFreeSpaceA
ShellExecuteW
SHLoadInProc
DoEnvironmentSubstA
RealShellExecuteExW
SHFreeNameMappings
RealShellExecuteExA
DragQueryFile
ShellExecuteExA
SHBrowseForFolder
DoEnvironmentSubstW
SheGetDirA
SHFileOperationA
SHQueryRecycleBinW
SHGetFileInfo
DragQueryFileA
SHGetSpecialFolderLocation
SHGetDataFromIDListA
SheChangeDirA
ExtractAssociatedIconA
SHGetPathFromIDListW
SHEmptyRecycleBinA
DragFinish
CommandLineToArgvW
DragQueryFileAorW
SHBrowseForFolderW
ExtractIconW
DuplicateIcon
ExtractAssociatedIconW
ShellHookProc
ShellExecuteEx
CheckEscapesW
SHGetSettings
SHGetPathFromIDList

gdi32

GetEnhMetaFileBits
GetRgnBox
GetTextFaceW

comdlg32

ChooseFontA
GetOpenFileNameW
GetSaveFileNameW
PrintDlgW
PageSetupDlgW

Sections

.text
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4bdab1d13f12c67a090bc331fb1ab43

Headers

File Characteristics

Imports

kernel32

wininet

user32

shell32

gdi32

comdlg32

Sections

.text Size: 195KB - Virtual size: 194KB

.data Size: 100KB - Virtual size: 100KB

.reloc Size: 26KB - Virtual size: 25KB

.text
Size: 195KB - Virtual size: 194KB

.data
Size: 100KB - Virtual size: 100KB

.reloc
Size: 26KB - Virtual size: 25KB