088b5a6f128f6b2378f49cf6e0f3d0c3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

088b5a6f128f6b2378f49cf6e0f3d0c3_JaffaCakes118
Size

3.5MB
MD5

088b5a6f128f6b2378f49cf6e0f3d0c3
SHA1

6d0ca5a94e15ce9e13e24d7585a55783324c4160
SHA256

ca4c6401f3d147faf0f2cd18d59acc13481d80bf9dcadf16a1e4b3e3cdeb2a4d
SHA512

5601304e0768fe186e519c932ab0c2618b7c4008e5bc87ef2721ba1d8a1df698c9c9bd2b2ada1f062bbb30b316158f4a732d74108dc5945f4a1f0548aad427fb
SSDEEP

98304:4ORW+zeGowksmt4QI5zEKKJA7/fYMnkOBiad:gWeWm2zEKp7dkOBi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
088b5a6f128f6b2378f49cf6e0f3d0c3_JaffaCakes118

Files

088b5a6f128f6b2378f49cf6e0f3d0c3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5971b96712d0012a927fe1afd9c99381

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\3050\trunk\bin\Win32\Release\Patch\downloader.pdb

Imports

wininet

InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetOpenUrlW
InternetQueryDataAvailable
InternetSetOptionExW
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetConnectW
InternetReadFile
InternetCrackUrlW
InternetOpenW
GetUrlCacheEntryInfoW
HttpSendRequestW
HttpAddRequestHeadersW
DeleteUrlCacheEntryW
InternetCloseHandle
HttpOpenRequestW
HttpQueryInfoW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetModuleBaseNameW
EnumProcessModules
GetModuleFileNameExW
EnumProcesses

kernel32

CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
GetCurrentThreadId
OutputDebugStringA
GetVersionExA
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
InterlockedIncrement
InterlockedDecrement
IsBadWritePtr
SetFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
FileTimeToSystemTime
MoveFileW
GetCurrentProcess
CreateEventW
ExitThread
GetStdHandle
SetLastError
FileTimeToLocalFileTime
LocalAlloc
GetThreadLocale
DuplicateHandle
GetVolumeInformationW
MulDiv
EnterCriticalSection
lstrcmpW
InterlockedExchange
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GlobalDeleteAtom
GlobalAddAtomW
GetModuleHandleA
CompareStringW
GlobalFindAtomW
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetFileSizeEx
GetFileTime
GlobalFlags
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
GetFileType
SetStdHandle
RtlUnwind
RaiseException
ExitProcess
VirtualProtect
VirtualAlloc
VirtualQuery
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
VirtualFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
CreateFileMappingA
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
InitializeCriticalSectionAndSpinCount
LCMapStringA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetCurrentDirectoryA
GetDriveTypeA
SetEnvironmentVariableA
LockFileEx
HeapSize
FlushFileBuffers
ReadFile
HeapValidate
HeapCreate
GetFileAttributesA
LeaveCriticalSection
HeapDestroy
FormatMessageW
InitializeCriticalSection
FormatMessageA
GetProcessHeap
UnlockFileEx
OutputDebugStringW
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
HeapFree
QueryPerformanceCounter
SystemTimeToFileTime
HeapAlloc
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
TryEnterCriticalSection
SetFilePointer
HeapCompact
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
FindNextFileW
CreatePipe
GetStartupInfoW
GetExitCodeProcess
CreateProcessW
SetErrorMode
FreeResource
TerminateProcess
OpenProcess
GetShortPathNameW
FindClose
GetVersionExW
FindFirstFileW
RemoveDirectoryW
LoadLibraryW
FreeLibrary
CreateThread
GetTempPathW
GlobalFree
GlobalUnlock
GlobalAlloc
GlobalLock
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetModuleFileNameW
WaitForSingleObject
SetEnvironmentVariableW
lstrlenA
WriteFile
DeleteFileW
CloseHandle
CreateFileW
GetTickCount
LockResource
GetProcAddress
GetLastError
CreateDirectoryA
WritePrivateProfileStringW
lstrlenW
MultiByteToWideChar
SizeofResource
CopyFileW
Sleep
WideCharToMultiByte
GetSystemDirectoryW
GetPrivateProfileStringW
GetModuleHandleW
CreateDirectoryW
LoadResource
FindResourceW
SetFileAttributesW
GetFileAttributesW
GetSystemTimeAsFileTime
LoadLibraryA
GetDiskFreeSpaceW
lstrcmpA

user32

RegisterClipboardFormatW
PostThreadMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
DestroyMenu
UnhookWindowsHookEx
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetWindowsHookExW
CallNextHookEx
GetMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
ValidateRect
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetLastActivePopup
IsWindowEnabled
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemID
GetMenuItemCount
CharUpperW
PtInRect
SetRectEmpty
CopyRect
IsRectEmpty
SetCursor
ScreenToClient
SetCapture
LoadCursorW
SetFocus
GetWindowLongW
SetWindowLongW
GetCursorPos
ReleaseCapture
CallWindowProcW
DefWindowProcW
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
IsWindow
CopyAcceleratorTableW
GetSysColorBrush
CharNextW
MoveWindow
SetWindowTextW
IsDialogMessageW
GetWindowThreadProcessId
GetDesktopWindow
GetSubMenu
TranslateMessage
PeekMessageW
DispatchMessageW
wsprintfW
GetSystemMenu
SetTimer
PostMessageW
KillTimer
GetClientRect
LoadIconW
InvalidateRect
AppendMenuW
ShowWindow
GetSystemMetrics
SendMessageW
EnableWindow
SendMessageTimeoutW
MessageBoxW
CreateDialogIndirectParamW
SetActiveWindow
GetParent

gdi32

ExtSelectClipRgn
DeleteDC
GetStockObject
ScaleWindowExtEx
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
OffsetViewportOrgEx
SetWindowExtEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
ScaleViewportExtEx
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetObjectW
DeleteObject
GetClipBox
SetMapMode
SetViewportExtEx

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegQueryValueExW
RegQueryValueW
RegEnumKeyW
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
InitializeSecurityDescriptor
RegOpenKeyW

shell32

ExtractIconW
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHFileOperationW
ShellExecuteExW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

StrCpyW
UrlUnescapeW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFindFileNameW

ole32

OleFlushClipboard
CoRegisterMessageFilter
CoRevokeClassObject
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoUninitialize
CoInitialize
CoTaskMemAlloc
OleIsCurrentClipboard
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
OleCreateFontIndirect
VariantChangeType
SysStringLen
VariantCopy
VariantClear
SysAllocString
SysFreeString
SysAllocStringLen
VariantInit
OleCreatePictureIndirect

oledlg

OleUIBusyW

gdiplus

GdipGetImageWidth
GdipDeleteBrush
GdipCloneBrush
GdipCreateSolidFill
GdipFillRectangleI
GdipDrawImageRectRect
GdipDeletePen
GdipSetImageAttributesColorMatrix
GdipSetTextRenderingHint
GdipSetImageAttributesWrapMode
GdipLoadImageFromFile
GdipSetStringFormatAlign
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDrawString
GdipSetSolidFillColor
GdipCreateStringFormat
GdipCreatePen1
GdipDeleteStringFormat
GdipDrawRectangleI
GdipGetPathWorldBounds
GdipGetFontStyle
GdipGetFamily
GdipAddPathString
GdipGetFontSize
GdipDeletePath
GdipCreatePath
GdipCreateFontFamilyFromName
GdipCreateFont
GdipDeleteFontFamily
GdipDeleteFont
GdipGetImageHeight
GdipCloneImage
GdipDisposeImage
GdipAlloc
GdipLoadImageFromStream
GdipCreateFromHDC
GdipDeleteGraphics
GdiplusStartup
GdiplusShutdown
GdipFree

sensapi

IsNetworkAlive

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

netapi32

Netbios

snmpapi

SnmpUtilVarBindFree
SnmpUtilOidNCmp
SnmpUtilOidCpy

ws2_32

WSAStartup

Sections

.text
Size: 1011KB - Virtual size: 1010KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5971b96712d0012a927fe1afd9c99381

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

version

psapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

sensapi

iphlpapi

netapi32

snmpapi

ws2_32

Sections

.text Size: 1011KB - Virtual size: 1010KB

.rdata Size: 205KB - Virtual size: 204KB

.data Size: 20KB - Virtual size: 40KB

.rsrc Size: 2.2MB - Virtual size: 2.2MB

.reloc Size: 81KB - Virtual size: 81KB

.text
Size: 1011KB - Virtual size: 1010KB

.rdata
Size: 205KB - Virtual size: 204KB

.data
Size: 20KB - Virtual size: 40KB

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 81KB - Virtual size: 81KB