e28c626caa32bfa297bbeb085e33df73_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e28c626caa32bfa297bbeb085e33df73_JaffaCakes118
Size

860KB
MD5

e28c626caa32bfa297bbeb085e33df73
SHA1

ed1f3b04526624c7116d1e9d4088f0c45cd2dbce
SHA256

38b05d53523fbae750902819ec626d221732f10dae18fbe42df0160bec8569a2
SHA512

6f12a02a60b5adf1402dae42d41d394f8e3f60f570ae42b381f9ee6b10aadfe78a75900045ae687574e1e4aa0604a9b542e5275ef9da4b38d358970ca5913876
SSDEEP

24576:xMzV+8KL5I1jPhdIj5CO0ELUcRkp0cZVSos:mzdjPa54ELUUKNZ9s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e28c626caa32bfa297bbeb085e33df73_JaffaCakes118

Files

e28c626caa32bfa297bbeb085e33df73_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a362f5f67ef350ae2482d7f1da420667

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\project\yqmgr\yqzfs\bin\update_client.pdb

Imports

ws2_32

WSASetLastError
gethostbyname
socket
connect
sendto
recvfrom
accept
listen
__WSAFDIsSet
select
setsockopt
getsockopt
htons
bind
ntohs
getsockname
ioctlsocket
send
recv
WSAGetLastError
closesocket
WSAStartup
WSACleanup

wldap32

ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46
ord143
ord211
ord22
ord60

gdiplus

GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdipGetImagePixelFormat
GdipFree
GdipCloneImage
GdipAlloc
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipGetImagePaletteSize
GdiplusShutdown
GdipGetImagePalette
GdipBitmapLockBits
GdipCreateBitmapFromFile
GdiplusStartup
GdipCreateBitmapFromScan0

iphlpapi

GetAdaptersInfo

kernel32

DuplicateHandle
GetCurrentProcess
WaitForSingleObject
ReleaseMutex
SetEvent
WaitForMultipleObjects
CreateEventA
CreateMutexA
GetExitCodeThread
TerminateThread
ReadFile
PeekNamedPipe
GetFileType
GetStdHandle
GetTickCount
ExpandEnvironmentStringsA
FormatMessageA
SetConsoleTextAttribute
AllocConsole
SetConsoleTitleA
SetConsoleScreenBufferSize
GetLocalTime
GetComputerNameA
GetCommandLineA
GetCurrentDirectoryA
IsProcessorFeaturePresent
InterlockedIncrement
InterlockedDecrement
CreateThread
GetModuleFileNameW
SetThreadPriority
GetCurrentThreadId
SuspendThread
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
FreeLibrary
GlobalGetAtomNameA
MulDiv
GlobalUnlock
GlobalLock
lstrcmpA
GetCurrentProcessId
LocalFree
GlobalAlloc
GlobalFree
GetThreadLocale
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
WritePrivateProfileStringA
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetOEMCP
SetErrorMode
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
CreateDirectoryA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetProcessHeap
GetStartupInfoA
GetSystemTimeAsFileTime
ExitThread
GetFileInformationByHandle
GetDriveTypeA
FindNextFileA
RtlUnwind
RaiseException
HeapSize
VirtualFree
HeapDestroy
HeapCreate
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
SetStdHandle
SetCurrentDirectoryA
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
SleepEx
OpenMutexA
SetFileAttributesA
GetFileAttributesA
ResumeThread
TerminateProcess
Sleep
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
WinExec
CopyFileA
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameA
DeleteFileA
DeleteCriticalSection
InitializeCriticalSection
RemoveDirectoryA
InterlockedExchange
CompareStringA
CompareStringW
CloseHandle
WriteFile
CreateFileA
WideCharToMultiByte
SetLastError
lstrcmpiA
LockResource
lstrlenW
LoadResource
FindResourceA
MultiByteToWideChar
lstrlenA
GetCPInfo
GetVersionExA
FreeResource
GetVersion
GetProcAddress
GetModuleHandleA
LoadLibraryA
SizeofResource
GetLastError
GlobalAddAtomA

user32

SetForegroundWindow
TrackPopupMenu
MapWindowPoints
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
GetDlgItem
SetActiveWindow
GetForegroundWindow
GetWindowTextA
GetWindowTextLengthA
SetFocus
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassLongA
GetCapture
IsChild
WinHelpA
SendDlgItemMessageA
RegisterWindowMessageA
DestroyMenu
GetMenuStringA
GetWindowDC
BeginPaint
EndPaint
IsWindowEnabled
GetWindowThreadProcessId
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
CharNextA
RegisterClipboardFormatA
MapDialogRect
SetWindowContextHelpId
EndDialog
CreateDialogIndirectParamA
UnregisterClassA
LoadCursorA
SetCapture
CopyAcceleratorTableA
IsRectEmpty
InvalidateRgn
PostThreadMessageA
GetNextDlgGroupItem
MessageBeep
SetCursor
GetClientRect
GetParent
SendMessageA
GetNextDlgTabItem
OffsetRect
IsMenu
InflateRect
LoadImageA
FrameRect
GetWindowLongA
PostMessageA
InvalidateRect
DrawStateA
GetWindowRect
GetActiveWindow
WindowFromPoint
ClientToScreen
GetSystemMetrics
DestroyIcon
GetSysColor
DrawTextExA
CreatePopupMenu
DrawIconEx
CreateMenu
TabbedTextOutA
SetRect
EnableWindow
GetSysColorBrush
FillRect
GetMenuItemID
ModifyMenuA
GetSubMenu
GetMenuItemCount
GetMenuState
AppendMenuA
ReleaseDC
SystemParametersInfoA
DrawTextA
GetMenuItemInfoA
GetDC
DrawEdge
LoadBitmapA
GetDesktopWindow
GrayStringA
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowPos
IntersectRect
GetWindowPlacement
GetWindow
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
IsWindow
PtInRect
SetWindowLongA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
EnableMenuItem
CheckMenuItem
UnhookWindowsHookEx
PeekMessageA
GetLastActivePopup
MessageBoxA
DrawIcon
IsIconic
LoadIconA
SetTimer
SetWindowRgn
GetAsyncKeyState
PostQuitMessage
CharUpperA
ReleaseCapture
DestroyCursor
CopyRect

gdi32

ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
GetBkColor
SetWindowOrgEx
CreateRectRgnIndirect
MoveToEx
LineTo
GetMapMode
GetTextColor
GetRgnBox
PatBlt
ScaleViewportExtEx
GetTextExtentPoint32W
GetTextExtentPoint32A
GetBkMode
CreateFontIndirectA
Ellipse
CreatePen
CreateCompatibleDC
PtVisible
CreateDIBSection
GetDeviceCaps
SelectObject
RectVisible
BitBlt
TextOutA
CreateSolidBrush
ExtTextOutA
DeleteObject
DeleteDC
CreateCompatibleBitmap
GetObjectA
GetPixel
SetTextColor
GetStockObject
CreateBitmap
SetBkColor
GetDIBColorTable
CreateFontA
SetDIBColorTable
CreateRectRgn
CombineRgn
GetClipBox
SaveDC
RestoreDC
SetBkMode
SetMapMode
Escape

msimg32

TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
GetUserNameA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA

shell32

ShellExecuteExA

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

ole32

CoTaskMemFree
CoTaskMemAlloc
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CLSIDFromProgID
CLSIDFromString
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CreateILockBytesOnHGlobal

oleaut32

SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
OleCreateFontIndirect
SysAllocStringByteLen
SysStringLen
SysFreeString
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen

oledlg

ord8

winmm

timeGetTime

Sections

.text
Size: 636KB - Virtual size: 634KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a362f5f67ef350ae2482d7f1da420667

Headers

File Characteristics

PDB Paths

Imports

ws2_32

wldap32

gdiplus

iphlpapi

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

winmm

Sections

.text Size: 636KB - Virtual size: 634KB

.rdata Size: 124KB - Virtual size: 123KB

.data Size: 28KB - Virtual size: 260KB

.rsrc Size: 68KB - Virtual size: 65KB

.text
Size: 636KB - Virtual size: 634KB

.rdata
Size: 124KB - Virtual size: 123KB

.data
Size: 28KB - Virtual size: 260KB

.rsrc
Size: 68KB - Virtual size: 65KB