e021f09db553734f541847a0d3346e3c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e021f09db553734f541847a0d3346e3c_JaffaCakes118
Size

1.7MB
MD5

e021f09db553734f541847a0d3346e3c
SHA1

af795f0d22319553e173b9554524348aa34e3eba
SHA256

bb7a7cda5878510a3ac0d0fbc4a5a80c7c488eecd3fd55506cc8cb05e329837a
SHA512

f5cb870b8d5542c5c13683bc24f2266ce4e4005936be90016d293a846177519cae55d66bec38efa4c010674f6c3e5a9866ce5bafe4ee04d8df1327f894e754e9
SSDEEP

12288:jdaoLD0VJmf4BEFXXXxxffoj09jApWCmnkw5Q9hBTfX/GpakboM4DepeSEQdReSd:jdaoLr4BEhXbZNApyQhO0koBDixNGgH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e021f09db553734f541847a0d3346e3c_JaffaCakes118

Files

e021f09db553734f541847a0d3346e3c_JaffaCakes118
.exe windows:6 windows x86 arch:x86

9f6636c71456e0a7479229e4050de1aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

setup_wm.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
ConvertSidToStringSidW
LookupAccountNameW
RegQueryValueExA
CloseServiceHandle
QueryServiceStatus
EnumDependentServicesW
ControlService
OpenServiceW
OpenSCManagerW
StartServiceW
CreateServiceW
DeleteService
QueryServiceConfigW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegOpenKeyExA
InitiateSystemShutdownExW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetNamedSecurityInfoW
SetEntriesInAclW
ConvertStringSidToSidW
GetNamedSecurityInfoW
SetSecurityInfo
AddAccessAllowedAceEx
AddAce
InitializeAcl
GetLengthSid
GetAce
GetAclInformation
GetSecurityInfo
RegEnumKeyW
LookupAccountSidW
TraceMessage

kernel32

GetDiskFreeSpaceExW
GetNumberFormatW
GetLocaleInfoW
SetFileAttributesW
GetFileTime
FileTimeToSystemTime
GetTimeZoneInformation
GetModuleHandleW
GetVersionExA
GetShortPathNameW
GetFileAttributesA
SetCurrentDirectoryW
GetPrivateProfileStringW
GetTempPathA
GetFileSize
WriteFile
SetLastError
GetUserDefaultLCID
GetUserGeoID
CreateDirectoryW
RemoveDirectoryW
GetVersionExW
WideCharToMultiByte
MultiByteToWideChar
GetVersion
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
FindNextFileW
QueryPerformanceCounter
GetModuleHandleA
RtlUnwind
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
MoveFileExW
CopyFileW
GetExitCodeProcess
WaitForMultipleObjects
CreateProcessW
GetWindowsDirectoryA
GetSystemDefaultLangID
GetLocalTime
SetEvent
EnterCriticalSection
LeaveCriticalSection
ResetEvent
DeleteCriticalSection
CreateEventW
WaitForSingleObject
InitializeCriticalSection
LocalAlloc
LocalFree
LoadLibraryExW
CreateThread
GetNativeSystemInfo
GetSystemWindowsDirectoryW
GetProcessHeap
HeapFree
ExpandEnvironmentStringsW
DeleteFileW
GetTempPathW
CreateFileW
MoveFileW
GetWindowsDirectoryW
GetSystemDirectoryW
CreateMutexW
ReleaseMutex
GetSystemInfo
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleFileNameW
GetCommandLineW
GlobalFree
GetCurrentDirectoryW
FindFirstFileW
FindClose
CloseHandle
SetFilePointer
GetTickCount
CompareStringW
GetComputerNameW
InterlockedIncrement
InterlockedDecrement
DeleteFileA
WritePrivateProfileStringW
OpenEventW
GetLongPathNameW
GlobalUnlock
GlobalLock
GlobalAlloc
ReadFile
WriteProfileStringW
GetProfileStringW
GetLastError
GetFileAttributesW
CreateFileA
GetUserDefaultLangID
SetErrorMode
lstrlenW
GetDriveTypeW
FindResourceW
LoadResource
LockResource
lstrlenA
GetExitCodeThread
QueryDosDeviceW
DeviceIoControl
DebugBreak

gdi32

SetTextColor
SetBkColor
CreateFontIndirectW
PatBlt
CreatePen
DeleteObject
GetTextMetricsW
CreateFontA
GetTextFaceA
ExtTextOutW
CreateSolidBrush
DeleteDC
GetObjectW
SelectObject
SetMapMode
CreateCompatibleDC
GetDeviceCaps
SetBkMode
GetStockObject

user32

IsWindow
MessageBoxW
SetWindowTextW
FindWindowW
LockSetForegroundWindow
PostMessageW
LoadStringW
SendMessageW
GetClientRect
SetWindowPos
SetFocus
MoveWindow
GetDC
MapWindowPoints
LoadStringA
GetParent
GetWindowRect
GetDlgItem
DefWindowProcW
ReleaseDC
GetDesktopWindow
IsCharAlphaW
CharNextA
CharNextW
PeekMessageW
PostThreadMessageW
CallWindowProcW
DestroyCursor
GetActiveWindow
GetScrollInfo
SetScrollInfo
ScrollWindow
LoadCursorW
SetCursor
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
LoadIconW
SetForegroundWindow
UpdateWindow
PostQuitMessage
BeginPaint
CreateDialogParamW
GetWindowLongW
SetWindowLongW
EndPaint
GetSystemMetrics
CreateWindowExW
DestroyWindow
SetTimer
KillTimer
GetSystemMenu
EnableMenuItem
LoadImageW
GetSysColor
InvalidateRect
CheckRadioButton
IsDlgButtonChecked
FindWindowExW
ScreenToClient
RegisterWindowMessageA
SendDlgItemMessageW
EnableWindow
ShowWindow
DrawTextW
DrawFocusRect

msvcrt

wcsrchr
memset
??_U@YAPAXI@Z
??3@YAXPAX@Z
_itow
wcsstr
_vsnwprintf
_wcsicmp
??_V@YAXPAX@Z
??2@YAPAXI@Z
malloc
free
calloc
_onexit
_lock
__dllonexit
_unlock
_controlfp
memmove
memcpy
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_acmdln
wcstok
_wtoi
_purecall
strstr
strrchr
wcstol
_wcslwr
ceil
_stricmp
iswalnum
iswalpha
towupper
iswdigit
bsearch
wcspbrk
wcsncmp
towlower
iswspace
swscanf
_wcsnicmp
_wtol
_beginthreadex
_vsnprintf
_endthread
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_wcsupr
_strlwr
wcschr

pdh

PdhCollectQueryData
PdhOpenQueryW
PdhAddCounterW
PdhGetFormattedCounterValue
PdhCloseQuery

ole32

CoInitializeEx
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
CLSIDFromString
CoCreateInstance

oleaut32

VariantTimeToSystemTime
SysFreeString
SysAllocString
VariantInit
SystemTimeToVariantTime
SysStringLen
VariantClear
SysAllocStringLen

comctl32

InitCommonControlsEx

shell32

SHGetFolderPathW
CommandLineToArgvW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetFolderLocation
ShellExecuteExW
SHGetPathFromIDListW
SHChangeNotify
ShellExecuteW

gdiplus

GdipCloneImage
GdiplusStartup
GdiplusShutdown
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipDisposeImage
GdipFree
GdipAlloc

wininet

InternetCrackUrlW

setupapi

SetupFindFirstLineW
SetupGetStringFieldW
SetupFindNextLine
SetupIterateCabinetA
SetupCloseInfFile
SetupGetLineTextW
SetupGetBinaryField
SetupInstallFromInfSectionW
SetupGetLineCountW

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData

urlmon

ObtainUserAgentString
UrlMkSetSessionOption

shlwapi

PathGetCharTypeA
PathGetCharTypeW
PathAddBackslashW
PathAddBackslashA
PathFindExtensionW
SHDeleteKeyW
PathFindFileNameW

crypt32

CertVerifyCertificateChainPolicy

userenv

UnloadUserProfile
ExpandEnvironmentStringsForUserW
LoadUserProfileW

secur32

GetUserNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

mpr

WNetGetConnectionW
WNetAddConnection2W
WNetCancelConnection2W

Sections

.text
Size: 501KB - Virtual size: 501KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9f6636c71456e0a7479229e4050de1aa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

pdh

ole32

oleaut32

comctl32

shell32

gdiplus

wininet

setupapi

wintrust

urlmon

shlwapi

crypt32

userenv

secur32

version

mpr

Sections

.text Size: 501KB - Virtual size: 501KB

.data Size: 9KB - Virtual size: 16KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 35KB - Virtual size: 35KB

.text Size: 62KB - Virtual size: 64KB

.text
Size: 501KB - Virtual size: 501KB

.data
Size: 9KB - Virtual size: 16KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 35KB - Virtual size: 35KB

.text
Size: 62KB - Virtual size: 64KB