ffdroider | b45e9e6de21b7fff593975adc8550779_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b45e9e6de21b7fff593975adc8550779_JaffaCakes118
Size

5.7MB
MD5

b45e9e6de21b7fff593975adc8550779
SHA1

e333c3797a402b7d4af72db730a85eae21af16a6
SHA256

c167e698769aa0f9119ad3bfc1f463120be75cc35fe13522e24e49107bdc2594
SHA512

652d6dda82f1467ca417e9ff0bc15b560f68e5a269da1e9ff6b217d266d64d949d191986c3106c2bf7ac991acd73e2b26eeb2e5a0d7b154b737238729ec7292d
SSDEEP

98304:i5DUM8pGFeBSycG465AkIV/U0hfZ+wBW+irvQ/qpyr0k+tOYCvOkVCQuYYI+iZ7V:0qpCHDiAn63OYCvOkVCQuI+7NAjtVa/u

Score

10^/10

ffdroider

Malware Config

Extracted

Family

ffdroider

http://186.2.171.3

Signatures

FFDroider payload 1 IoCs

Processes:

resource yara_rule

sample family_ffdroider
Ffdroider family
ffdroider

resource	yara_rule
sample	family_ffdroider

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
b45e9e6de21b7fff593975adc8550779_JaffaCakes118

Files

b45e9e6de21b7fff593975adc8550779_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a96878f0c14e8840be323ad4808f959e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
SwitchToThread
UnregisterWait
FreeLibraryAndExitThread
VirtualFree
ReleaseSemaphore
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
SignalObjectAndWait
RegisterWaitForSingleObject
CreateTimerQueue
InterlockedFlushSList
QueryDepthSList
LoadLibraryExA
SetLastError
GlobalAlloc
UnregisterWaitEx
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
FreeResource
GetModuleHandleA
SetEvent
CreateEventW
SetThreadPriority
ResumeThread
GetCurrentThread
GlobalDeleteAtom
lstrcmpA
lstrcmpW
GetPrivateProfileIntW
WritePrivateProfileStringW
GlobalAddAtomW
lstrcpyW
EncodePointer
GlobalFindAtomW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GlobalGetAtomNameW
FileTimeToSystemTime
GetThreadLocale
GlobalFlags
GetCurrentDirectoryW
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
FindClose
DuplicateHandle
lstrcmpiW
VerSetConditionMask
VerifyVersionInfoW
GetWindowsDirectoryW
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
GetTempFileNameW
VirtualProtect
GetProfileIntW
SearchPathW
FindResourceExW
GetUserDefaultLCID
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
ExitThread
GetTimeZoneInformation
GetCommandLineW
ExitProcess
GetModuleHandleExW
HeapQueryInformation
VirtualAlloc
SetStdHandle
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
CreateSemaphoreW
IsValidCodePage
GetACP
GetOEMCP
GetStringTypeW
GetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
SetConsoleCtrlHandler
LCMapStringW
IsValidLocale
EnumSystemLocalesW
SetEnvironmentVariableW
WriteConsoleW
SetEnvironmentVariableA
lstrlenA
GetThreadTimes
DeleteFiber
GlobalMemoryStatus
ConvertFiberToThread
GetEnvironmentVariableW
ReadConsoleA
SetConsoleMode
InterlockedDecrement
TryEnterCriticalSection
InitializeCriticalSection
GetCurrentThreadId
GetFullPathNameW
GetFullPathNameA
HeapCompact
MapViewOfFile
UnmapViewOfFile
SystemTimeToFileTime
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
FormatMessageW
GetVersionExW
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
FlushFileBuffers
GetTempPathW
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
GetVersionExA
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
DeleteFileW
GetTickCount
SetFilePointer
SetEndOfFile
Sleep
GetExitCodeThread
FindNextFileW
FindFirstFileW
CreateFileA
LoadLibraryExW
ReadFile
WideCharToMultiByte
GetVolumeInformationW
CopyFileW
CreateFileW
CreateDirectoryW
GetSystemDirectoryW
OutputDebugStringA
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
CreateMutexW
CloseHandle
WriteFile
GetFileSize
WaitForSingleObject
TerminateThread
CreateThread
GetCurrentProcessId
GetCurrentProcess
VirtualQuery
LoadLibraryW
FreeLibrary
MultiByteToWideChar
GetPrivateProfileStringW
FindResourceW
LoadLibraryA
SizeofResource
LoadResource
GetProcAddress
LockResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GlobalSize
DecodePointer

user32

SetWindowTextW
IsDialogMessageW
InvalidateRect
LoadCursorW
IntersectRect
RealChildWindowFromPoint
SendDlgItemMessageA
CopyImage
DeleteMenu
SetTimer
KillTimer
DestroyIcon
CharUpperW
WaitMessage
SetCapture
ReleaseCapture
WindowFromPoint
CharNextW
CopyAcceleratorTableW
InvalidateRgn
SetRect
GetNextDlgGroupItem
MessageBeep
SetLayeredWindowAttributes
SetRectEmpty
EnumDisplayMonitors
SetParent
MonitorFromPoint
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
LoadImageW
TrackMouseEvent
IsZoomed
GetAsyncKeyState
LoadMenuW
NotifyWinEvent
SetCursorPos
UnionRect
BringWindowToTop
CreatePopupMenu
LockWindowUpdate
EnableScrollBar
GetDoubleClickTime
GetIconInfo
CopyIcon
GetMenuDefaultItem
SetMenuDefaultItem
IsMenu
ModifyMenuW
DestroyAcceleratorTable
SetClassLongW
UpdateLayeredWindow
GetUpdateRect
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
RegisterClipboardFormatW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
MapVirtualKeyW
CreateAcceleratorTableW
GetKeyNameTextW
SubtractRect
CharUpperBuffW
FrameRect
IsClipboardFormatAvailable
PostThreadMessageW
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetComboBoxInfo
HideCaret
InvertRect
CreateMenu
DestroyCursor
GetWindowRgn
GetProcessWindowStation
GetUserObjectInformationW
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
EndDeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
SystemParametersInfoW
CopyRect
GetMenuItemInfoW
DestroyMenu
UnhookWindowsHookEx
PtInRect
DrawIconEx
IsRectEmpty
OffsetRect
InflateRect
DrawFocusRect
GetSysColorBrush
MapWindowPoints
GetWindowRect
RedrawWindow
SetWindowRgn
DrawStateW
DrawFrameControl
DrawEdge
RegisterWindowMessageW
MapDialogRect
GetWindow
SetWindowContextHelpId
SetWindowPos
GetLastActivePopup
GetWindowThreadProcessId
SetCursor
ShowOwnedPopups
PostQuitMessage
PostMessageW
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
IsWindowVisible
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetWindowLongW
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
IsWindow
LoadBitmapW
GetParent
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
FillRect
GetSysColor
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
RemoveMenu
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
MessageBoxW
CheckDlgButton
MoveWindow
GetDesktopWindow
SendMessageW
IsIconic
EnableWindow
GetSystemMetrics
GetSystemMenu
AppendMenuW
DrawIcon
GetClientRect
LoadIconW
wsprintfA
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
EqualRect
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
TrackPopupMenu
GetScrollPos
SetScrollPos
ScrollWindow
SetForegroundWindow
GetForegroundWindow
UpdateWindow
DeferWindowPos
SetScrollRange

gdi32

SetROP2
SetTextColor
SetTextAlign
GetObjectW
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateEllipticRgn
CreateRectRgnIndirect
Ellipse
GetBkColor
GetTextColor
GetTextExtentPoint32W
PatBlt
ExtSelectClipRgn
Polygon
SetPolyFillMode
GetTextMetricsW
CreateFontIndirectW
GetMapMode
SetRectRgn
DPtoLP
GetRgnBox
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
RealizePalette
CreateDCW
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateRoundRectRgn
Rectangle
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
DeleteDC
SelectClipRgn
SaveDC
RestoreDC
RectVisible
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SelectPalette
Polyline
SelectObject
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteObject
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
CreateBitmap
BitBlt
GetDeviceCaps
CreatePolygonRgn
CopyMetaFileW
GetTextFaceW
SetPixelV
GetWindowOrgEx
LPtoDP
GetViewportOrgEx

advapi32

RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegEnumKeyW
RegQueryValueW
RegEnumValueW
RegEnumKeyExW
CryptReleaseContext
CryptGenRandom
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW

shell32

SHAppBarMessage
DragQueryFileW
DragFinish
ShellExecuteW
SHGetFileInfoW
SHGetDesktopFolder
SHGetMalloc
SHGetSpecialFolderPathW
SHGetFolderPathA
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoRegisterMessageFilter
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
CoInitialize
OleRun
CoCreateInstance
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoInitializeEx
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoRevokeClassObject

msimg32

TransparentBlt
AlphaBlend

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathStripToRootW
PathFindFileNameW
PathFileExistsW
StrFormatKBSizeW
PathIsUNCW
PathRemoveFileSpecW

uxtheme

CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
IsAppThemed
DrawThemeText
DrawThemeParentBackground
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetWindowTheme
OpenThemeData

oledlg

OleUIBusyW

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipGetImagePixelFormat
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImageHeight
GdipGetImagePalette

ws2_32

WSAGetLastError
WSACleanup
recv
WSAStartup
send
WSASetLastError
closesocket

winhttp

WinHttpOpenRequest
WinHttpSetStatusCallback
WinHttpSetOption
WinHttpWriteData
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpCrackUrl
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpSetCredentials
WinHttpQueryAuthSchemes
WinHttpReceiveResponse
WinHttpQueryHeaders

quartz

AMGetErrorTextW

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

crypt32

CertDuplicateCertificateContext
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore
CertGetCertificateContextProperty
CertCloseStore

Sections

.text
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

a96878f0c14e8840be323ad4808f959e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

msimg32

comctl32

shlwapi

uxtheme

oledlg

gdiplus

ws2_32

winhttp

quartz

oleacc

imm32

winmm

winspool.drv

crypt32

Sections

.text Size: 5.5MB - Virtual size: 5.5MB

.rsrc Size: 164KB - Virtual size: 164KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 5.5MB - Virtual size: 5.5MB

.rsrc
Size: 164KB - Virtual size: 164KB

.reloc
Size: 16KB - Virtual size: 16KB