826d571de8e2fa3a108a99371102981a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

826d571de8e2fa3a108a99371102981a_JaffaCakes118
Size

425KB
MD5

826d571de8e2fa3a108a99371102981a
SHA1

cc8a67e1c24071e0e379e0ce0b6da2a9386fcf27
SHA256

b8b631209479efcd51ad641006c88ae2a36dce6cdb0e13fc5cf010760f84e61e
SHA512

32fbe7ef23bc0726e7213e1a7c50dc1f0645ea8237a7c41d1cf9ec6acdc646f9ff2f129b1bd65148bb7a0207a7f4a21edcacecd248a23ddcdb6c3d7d7c63cf12
SSDEEP

12288:6bg9NzQlQTCrVpGnE8cX2HdcCz/3zWfkWx186:fNz2Qk/GnTHnDyflz86

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
826d571de8e2fa3a108a99371102981a_JaffaCakes118

Files

826d571de8e2fa3a108a99371102981a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3e4e86bf2680a6a7baa81780283d2036

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

CryptGetUserKey
CryptGetKeyParam
FreeSid
CryptSetProvParam
RegOpenKeyExW
QueryServiceConfigA
EqualSid
OpenSCManagerW
CryptGetProvParam
CryptDestroyKey
RegQueryValueExA
StartServiceA
OpenServiceW
LockServiceDatabase
RegOpenKeyExA
OpenThreadToken
RegEnumValueA
OpenProcessToken
ControlService
RegQueryInfoKeyA
RegCreateKeyExA
GetUserNameW
RegSetValueExA
RegQueryValueExW
RegEnumKeyExW
RegEnumKeyExA
RegCreateKeyExW
RegCloseKey
QueryServiceStatus
UnlockServiceDatabase
RegEnumValueW
StartServiceW
GetTokenInformation
ChangeServiceConfigA
CryptReleaseContext
AllocateAndInitializeSid
CloseServiceHandle
CryptAcquireContextW
CryptAcquireContextA
RegSetValueExW
DuplicateToken

netapi32

DsGetDcNameW
NetApiBufferFree
NetGetDCName

msvcrt

wcsrchr
wcscmp
wcschr
_purecall
_vsnwprintf
wcscpy
iswprint
iswspace
free
_wcsnicmp
_except_handler3
wcslen
strtoul
_wcsicmp
swprintf
_adjust_fdiv
_wtol
_initterm
memmove
wcscat
wcsncpy
_itow
malloc
_ltow
strtok
_stricmp

ntdll

NtAllocateVirtualMemory
NtFilterToken

dhcpcsvc

DhcpRegisterOptions

rpcrt4

RpcNetworkIsProtseqValidA
RpcEpResolveBinding
RpcBindingFree
NdrClientCall2
UuidCreate
RpcStringBindingComposeA
RpcStringFreeA
UuidToStringA
RpcBindingFromStringBindingA

user32

GetSysColorBrush
CopyRect
GetDC
wsprintfA
DrawTextExW
LoadIconA
GetMonitorInfoW
RegisterClipboardFormatA
InvalidateRect
GetWindowLongW
PostMessageA
GetClientRect
GetWindowDC
IsWindowEnabled
GetWindowTextW
EndPaint
ReleaseDC
DestroyIcon
MonitorFromWindow
ShowWindow
WinHelpW
CreateWindowExW
GetDialogBaseUnits
SendDlgItemMessageW
CheckRadioButton
EnableWindow
LoadStringA
SendDlgItemMessageA
ReleaseCapture
SetDlgItemInt
SetCursor
PeekMessageA
GetDlgItem
GetWindowLongA
GetSysColor
IsDlgButtonChecked
FillRect
CallWindowProcA
GetWindowRect
MapWindowPoints
SetWindowTextA
SystemParametersInfoA
LoadCursorW
GetParent
GetDlgItemTextA
LoadStringW
GetDlgItemInt
MessageBoxExW
IsWindowVisible
BeginPaint
EndDialog
PostMessageW
SetWindowLongW
SetWindowLongA
DrawIcon
GetDlgItemTextW
GetFocus
SetRect
GetUpdateRect
LoadBitmapW
CreateWindowExA
SetClassLongA
GetNextDlgTabItem
SetWindowTextW
DestroyWindow
SetCapture
SetWindowPos
UpdateWindow
MoveWindow
MessageBoxW
GetWindow
SendMessageA
DrawFocusRect
DialogBoxParamW
SendMessageW
LoadCursorA
SetFocus
GetDesktopWindow
SetDlgItemTextW
MapDialogRect

shlwapi

PathUndecorateW
StrCmpNIW
PathFindFileNameW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

InternetCanonicalizeUrlW
InternetCrackUrlW

wintrust

WTHelperGetKnownUsages
WinVerifyTrustEx
WTHelperGetProvCertFromChain
TrustIsCertificateSelfSigned
WTHelperProvDataFromStateData
WintrustGetDefaultForUsage
WTHelperGetProvSignerFromChain

kernel32

LoadLibraryW
LocalAlloc
LoadLibraryA
LoadLibraryExA
GetCurrentDirectoryW
InterlockedCompareExchange
LeaveCriticalSection
FreeResource
WriteFile
InitializeCriticalSection
ExpandEnvironmentStringsW
GetSystemTimeAsFileTime
CloseHandle
FileTimeToSystemTime
GetTimeFormatA
GlobalAlloc
WideCharToMultiByte
FileTimeToLocalFileTime
GetComputerNameExW
lstrlenW
GlobalFree
GetVersionExA
GetComputerNameW
GetCurrentThreadId
DeleteCriticalSection
GetCurrentProcessId
GetDateFormatW
GetProcAddress
SystemTimeToFileTime
SetLastError
CreateFileW
GetLastError
GetACP
lstrlenA
CreateFileMappingA
GetUserDefaultLCID
MapViewOfFile
DisableThreadLibraryCalls
MultiByteToWideChar
LocalReAlloc
LocalFree
DeleteFileW
TerminateProcess
OutputDebugStringA
QueryPerformanceCounter
CompareStringA
GetTickCount
GetModuleHandleW
lstrcpyA
SetUnhandledExceptionFilter
DelayLoadFailureHook
CompareStringW
GetDateFormatA
GetCurrentThread
lstrcatA
EnterCriticalSection
GetCurrentProcess
GetFileSize
GlobalUnlock
GetTimeFormatW
SetEndOfFile
UnhandledExceptionFilter
UnmapViewOfFile
FormatMessageW
SetFilePointer
CompareFileTime
GlobalLock
MulDiv
FindResourceA
FreeLibrary
GetLocalTime
ExpandEnvironmentStringsA
GetModuleFileNameW
GetModuleHandleA
Sleep
lstrcmpA
LockResource
CreateFileA
LoadResource

gdi32

CreateBitmap
GetObjectA
DeleteObject
GetObjectW
SetPixel
CreateCompatibleDC
GetDeviceCaps
DeleteDC
GetTextExtentPoint32W
SelectPalette
CreateFontIndirectA
CreateCompatibleBitmap
RealizePalette
GetBkColor
SetBkColor
CreateDIBitmap
CreateFontIndirectW
CreatePalette
SelectObject
BitBlt

crypt32

PFXExportCertStoreEx
CryptFormatObject
CryptGetDefaultOIDFunctionAddress
CertAddCTLContextToStore
CertFindCTLInStore
CertFindExtension
CertVerifyTimeValidity
CryptMsgDuplicate
CryptFindOIDInfo
CryptSIPRetrieveSubjectGuid
CryptMsgClose
CryptAcquireCertificatePrivateKey
CryptMsgControl
CertFindCertificateInStore
PFXVerifyPassword
CertGetStoreProperty
CryptDecodeObjectEx
CertEnumPhysicalStore
CertSaveStore
CertNameToStrW
CertCreateCertificateChainEngine
CertFreeCertificateContext
CertFreeCertificateChain
CertGetCTLContextProperty
CertSetCertificateContextProperty
CryptMsgGetParam
CertSetEnhancedKeyUsage
CertGetSubjectCertificateFromStore
CertSetCTLContextProperty
CryptMsgEncodeAndSignCTL
CryptFindLocalizedName
CertDuplicateStore
CryptDecodeObject
CryptEnumOIDInfo
CertCompareCertificate
CertFindCRLInStore
CertFreeCertificateChainEngine
CertCreateCertificateContext
CryptMsgUpdate
CertEnumCertificatesInStore
CertGetCRLFromStore
CertDuplicateCertificateContext
CryptInitOIDFunctionSet
CertOpenStore
CertCreateCTLContext
CertDeleteCertificateFromStore
CryptMsgOpenToDecode
CryptMsgVerifyCountersignatureEncoded
CertFindAttribute
CertGetValidUsages
CertGetNameStringW
CryptQueryObject
CryptGetDefaultOIDDllList
CertGetCertificateChain
CertFreeCRLContext
PFXImportCertStore
CertCloseStore
CryptFindCertificateKeyProvInfo
PFXExportCertStore
CryptFreeOIDFunctionAddress
CertGetCertificateContextProperty
CryptBinaryToStringA
CryptEncodeObject
CertGetPublicKeyLength
CertEnumCTLsInStore
CertAddCertificateContextToStore
CertGetEnhancedKeyUsage
CertFreeCTLContext
CertEnumSystemStore
CertAddCRLContextToStore

Sections

.text
Size: 321KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 936KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e4e86bf2680a6a7baa81780283d2036

Headers

File Characteristics

Imports

advapi32

netapi32

msvcrt

ntdll

dhcpcsvc

rpcrt4

user32

shlwapi

version

wininet

wintrust

kernel32

gdi32

crypt32

Sections

.text Size: 321KB - Virtual size: 320KB

.data Size: 16KB - Virtual size: 936KB

.rsrc Size: 77KB - Virtual size: 77KB

.rdata Size: 8KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 20B

.text
Size: 321KB - Virtual size: 320KB

.data
Size: 16KB - Virtual size: 936KB

.rsrc
Size: 77KB - Virtual size: 77KB

.rdata
Size: 8KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 20B