d0b25d8e7fa7504da41b1746f161c025_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d0b25d8e7fa7504da41b1746f161c025_JaffaCakes118
Size

4.8MB
MD5

d0b25d8e7fa7504da41b1746f161c025
SHA1

d99f8b1e4c855e2df548ec423ede77feaba60537
SHA256

6420afb4126fdc5b41e242bacbe5896eb390f9eb369705e156ba8638e81d67ce
SHA512

acd122c35d0a96379422621538d9f211e79b734ef9fcf3d623edb1e3ddd2b92062e4486474819fb174ab7767ead25727adfa585e77db8f78d4b6292c875015b5
SSDEEP

98304:2VJOqxM9EkRWt6dGdWGd6ey1kmBRZ2ysNriegK2Fd:GzxM9EqWUpb1s1enFd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0b25d8e7fa7504da41b1746f161c025_JaffaCakes118

Files

d0b25d8e7fa7504da41b1746f161c025_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e53cf4eedb524ab392984cd2825829f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\buildserver\1\work-tools-3.2.x\core-repository\branches\tools-3.2.x\launcher\release-wow\Launcher.pdb

Imports

iphlpapi

GetAdaptersInfo

kernel32

GetVolumeInformationW
GetFullPathNameW
SetErrorMode
GetFileTime
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
RaiseException
RtlUnwind
ExitProcess
TerminateProcess
UnhandledExceptionFilter
HeapReAlloc
ExitThread
SetConsoleCtrlHandler
HeapSize
VirtualProtect
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
UnlockFile
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
GetCurrentDirectoryA
GetDriveTypeA
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
LockFile
lstrlenA
LocalReAlloc
GlobalHandle
GlobalReAlloc
GlobalFlags
WritePrivateProfileStringW
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GetThreadLocale
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
FormatMessageW
lstrlenW
GlobalLock
GlobalUnlock
LoadLibraryExW
FindResourceExW
FreeResource
VirtualFree
VirtualAlloc
LocalAlloc
LocalFree
GlobalAlloc
GlobalFree
SetLastError
SetFileTime
SetEndOfFile
CreateDirectoryW
GetShortPathNameW
GetDiskFreeSpaceExW
FlushFileBuffers
GetCurrentDirectoryW
WriteFile
TlsSetValue
DuplicateHandle
VirtualQuery
CreateProcessW
WaitForSingleObjectEx
CreateToolhelp32Snapshot
GetSystemTimeAsFileTime
SetThreadAffinityMask
CreateEventW
MoveFileW
GetFileAttributesW
GetFileAttributesExW
InterlockedIncrement
GetCurrentThreadId
CreateThread
InterlockedDecrement
GetDiskFreeSpaceW
Module32Next
Module32First
Process32Next
Process32First
WideCharToMultiByte
MultiByteToWideChar
GetTempPathW
GetModuleHandleW
GetModuleFileNameW
GetComputerNameW
GetModuleFileNameA
QueryPerformanceFrequency
TlsAlloc
GetSystemInfo
SystemTimeToFileTime
GetExitCodeProcess
CreateProcessA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentThread
GetTickCount
QueryPerformanceCounter
SignalObjectAndWait
TlsFree
TlsGetValue
GetThreadPriority
SetThreadPriority
GetCurrentProcessId
Sleep
GetModuleHandleA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WaitForSingleObject
SetEvent
LoadLibraryA
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
GetFileSize
SetFilePointer
ReadFile
CreateFileW
OpenMutexW
CloseHandle
GetVersionExW
GetVersionExA
GetSystemDirectoryA
MulDiv
FindResourceW
LoadResource
LockResource
SizeofResource
GetCommandLineW
SetCurrentDirectoryW
ReleaseMutex
GetLastError
CreateMutexA
SetFileAttributesW
FreeLibrary
LoadLibraryW
GetProcAddress
FindFirstFileW
FindNextFileW
FindClose
DeleteFileW
RemoveDirectoryW
GetFileAttributesA
HeapCreate

user32

CharUpperW
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableW
UnregisterClassW
DestroyMenu
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
PostQuitMessage
CharNextW
UnregisterClassA
IsDialogMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindowThreadProcessId
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
GetNextDlgGroupItem
GetMenu
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetWindowDC
ScreenToClient
GrayStringW
DrawTextExW
TabbedTextOutW
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDesktopWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
DefWindowProcW
SetWindowPos
BeginPaint
EndPaint
CopyImage
MsgWaitForMultipleObjects
WaitForInputIdle
GetActiveWindow
GetSysColor
DrawTextW
GetSystemMetrics
MoveWindow
CopyRect
SetActiveWindow
InflateRect
OffsetRect
SetPropW
GetCapture
SetCapture
ClientToScreen
ReleaseCapture
LoadCursorW
MessageBeep
RegisterClipboardFormatW
PostThreadMessageW
SetCursor
GetPropW
CallWindowProcW
RemovePropW
ShowWindow
CreateWindowExW
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
ReleaseDC
GetLastActivePopup
IsWindow
SystemParametersInfoW
LoadIconW
GetParent
KillTimer
SetTimer
RedrawWindow
IsWindowVisible
UpdateWindow
GetWindowRect
IsZoomed
PostMessageW
SetRect
PtInRect
AllowSetForegroundWindow
EnumChildWindows
SendMessageW
MessageBoxW
FindWindowW
SetForegroundWindow
InvalidateRect
GetDC
LoadBitmapW
EnableWindow
GetWindowLongW
SetWindowLongW
GetClientRect
SetWindowRgn
SetWindowTextW

gdi32

GetRgnBox
GetTextColor
GetClipBox
SetMapMode
GetBkColor
GetMapMode
CreateRectRgnIndirect
CreateBitmap
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetBkMode
RestoreDC
SaveDC
CreateRectRgn
SetPixel
MoveToEx
LineTo
CreateDIBSection
SetBkColor
SelectObject
TextOutW
GetPixel
CreateEllipticRgn
Rectangle
CreateSolidBrush
CreatePen
SetTextColor
CreateCompatibleBitmap
GetTextExtentPoint32W
GetStockObject
GetObjectW
GetDeviceCaps
CreateFontIndirectW
CreatePolygonRgn
CreateCompatibleDC
BitBlt

msimg32

TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

GetSecurityDescriptorOwner
RegSetValueExW
RegOpenKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
RegGetKeySecurity
RegOpenKeyA
RegSetKeySecurity
SetFileSecurityW
MapGenericMask
AccessCheck
OpenThreadToken
OpenProcessToken
DuplicateToken
GetFileSecurityW
GetSecurityDescriptorDacl
RegCloseKey
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
FreeSid
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExA
RegQueryValueExA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetPathFromIDListW
ShellExecuteW
ord2
SHBrowseForFolderW
ord4

comctl32

ord17
_TrackMouseEvent

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CLSIDFromProgID
CoRegisterMessageFilter
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

SysAllocStringLen
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
OleCreateFontIndirect
SysFreeString
SysStringLen
VariantInit
VariantChangeType
VariantClear
OleLoadPicture

ws2_32

send
recv
gethostname
gethostbyname
htonl
htons
bind
listen
__WSAFDIsSet
closesocket
socket
getsockopt
setsockopt
WSAStartup
WSASetLastError
accept
ioctlsocket
select
inet_ntoa
WSACleanup
WSAGetLastError

wininet

InternetSetOptionA
HttpQueryInfoA
InternetReadFileExA
HttpOpenRequestA
InternetCrackUrlA
InternetCloseHandle
InternetSetCookieW
HttpSendRequestA
InternetOpenA
InternetSetStatusCallbackA
InternetConnectA

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 792KB - Virtual size: 791KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 120KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e53cf4eedb524ab392984cd2825829f6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

wininet

version

Sections

.text Size: 792KB - Virtual size: 791KB

.rdata Size: 316KB - Virtual size: 315KB

.data Size: 120KB - Virtual size: 174KB

.rsrc Size: 104KB - Virtual size: 100KB

.rrdata Size: 68KB - Virtual size: 68KB

.text
Size: 792KB - Virtual size: 791KB

.rdata
Size: 316KB - Virtual size: 315KB

.data
Size: 120KB - Virtual size: 174KB

.rsrc
Size: 104KB - Virtual size: 100KB

.rrdata
Size: 68KB - Virtual size: 68KB