eb29e720bb2e4d8bd7a0842b7196ad82_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eb29e720bb2e4d8bd7a0842b7196ad82_JaffaCakes118
Size

6.6MB
MD5

eb29e720bb2e4d8bd7a0842b7196ad82
SHA1

aaa253c53f1075e2dd73fca5f59cf805046494b6
SHA256

be4370e8972cc2e036f4a94fb78a00e907f88c7f15e57fab6bc889ad7d8440ee
SHA512

0425a29febe4b148805f049beb11c5368ff5fd4ce940e3ee245a16a5608cc71341da7c580bdf70f9966b6c0fac4d48e1819467b9b5b8ff3b8dbc410d9fe47b02
SSDEEP

98304:P6voqASYBAMib60oGFh2oVEVLdNA2OeVdA7+GM8x64UM:P6nYSe0oGFh2oVEVLE2bo+G/64

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb29e720bb2e4d8bd7a0842b7196ad82_JaffaCakes118

Files

eb29e720bb2e4d8bd7a0842b7196ad82_JaffaCakes118
.exe windows:5 windows x86 arch:x86

23d4adb80690dbdf20986da802ed5979

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\jenkins-root\workspace\OD_1.0.x\label\win-ent\bld32\RelWithDebInfo\vncviewer.pdb

Imports

crypt32

CryptProtectData
CryptAcquireCertificatePrivateKey
CertGetEnhancedKeyUsage
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertCloseStore
CertOpenStore
CryptUnprotectData

ws2_32

WSAGetLastError
WSADuplicateSocketW
WSASocketW
ntohs
WSAEnumNetworkEvents
WSAEventSelect
WSAIoctl
setsockopt
accept
bind
closesocket
ioctlsocket
getsockopt
socket
WSAStartup
WSAConnect
getpeername
shutdown
recv
select
listen
sendto
send
recvfrom
WSASetLastError
getservbyname
getservbyport
gethostbyname
gethostbyaddr
ntohl
inet_ntoa
inet_addr
htons
htonl
getsockname

comctl32

ImageList_Draw
ImageList_Add
ImageList_Create
_TrackMouseEvent
InitCommonControlsEx
ImageList_Destroy
ImageList_ReplaceIcon

imm32

ImmGetContext
ImmGetVirtualKey
ImmSetOpenStatus

kernel32

ConnectNamedPipe
CreateNamedPipeW
CompareStringW
LCMapStringW
GetHandleInformation
SetEndOfFile
SetFilePointer
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
RemoveDirectoryW
GetFileAttributesW
GetFileAttributesExW
DeleteFileW
MoveFileW
LockResource
LoadResource
SizeofResource
FindResourceW
GetComputerNameW
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
GetSystemDirectoryW
GetVersionExW
GetTempPathW
CreateThread
GetCurrentThread
GetThreadTimes
TerminateThread
ResumeThread
OutputDebugStringW
FlushFileBuffers
RtlCaptureStackBackTrace
GetModuleHandleExW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
GetTimeFormatW
GetDateFormatW
GetExitCodeProcess
LocalAlloc
GetSystemInfo
ExitProcess
RaiseException
LoadLibraryExA
EncodePointer
DecodePointer
RtlUnwind
WaitForMultipleObjects
FindFirstFileW
SetFilePointerEx
GetConsoleCP
HeapFree
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
HeapReAlloc
GetModuleFileNameA
HeapSize
FatalAppExitA
GetProcessHeap
GetStartupInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
GetTickCount
CreateSemaphoreW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetConsoleCtrlHandler
LoadLibraryExW
OutputDebugStringA
SetEnvironmentVariableA
SetEnvironmentVariableW
IsValidLocale
EnumSystemLocalesW
GetStringTypeW
GetFileAttributesA
GetDiskFreeSpaceW
GetDriveTypeW
FindClose
GetLogicalDrives
SetErrorMode
GetModuleFileNameW
LoadLibraryW
FreeLibrary
LeaveCriticalSection
ReadFile
WriteFile
GetStdHandle
GetLastError
GetCurrentProcessId
GetUserDefaultLCID
GetLocaleInfoW
GetCommandLineA
FindNextFileW
CreateProcessW
SetHandleInformation
SearchPathW
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
WriteConsoleW
ReadConsoleW
FreeConsole
AllocConsole
GetConsoleMode
GetFileType
GetCommandLineW
GetSystemTime
FormatMessageW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
DuplicateHandle
GetCurrentProcess
FindFirstFileA
OpenProcess
GetTempFileNameW
SetStdHandle
InterlockedDecrement
InterlockedIncrement
SetLastError
TlsFree
TlsSetValue
GetDiskFreeSpaceExW
TlsGetValue
TlsAlloc
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleW
LocalFree
CancelIo
GetOverlappedResult
WaitForSingleObject
Sleep
GetCurrentThreadId
ExpandEnvironmentStringsW
SetFileAttributesW
CreateFileW
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalSize
CreateEventW
CloseHandle
ResetEvent
SetEvent
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
AreFileApisANSI
GetVolumeInformationW

user32

GetKeyboardLayoutNameW
GetMenuState
CheckMenuItem
GetMenuItemCount
DeleteMenu
InsertMenuItemW
SetMenuItemInfoW
SetParent
CreateDialogParamW
DialogBoxParamW
EndDialog
SetWindowTextW
EnumChildWindows
IsDialogMessageW
GetParent
OpenClipboard
CloseClipboard
IsZoomed
SetWindowRgn
GetDoubleClickTime
ShowCursor
SendMessageTimeoutW
GetClipboardOwner
SetClipboardViewer
ChangeClipboardChain
SetMenu
CreateMenu
RegisterWindowMessageW
CreateIconIndirect
PeekMessageW
MsgWaitForMultipleObjects
GetWindowDC
mouse_event
ToUnicodeEx
GetKeyboardLayoutList
GetAsyncKeyState
ToAsciiEx
VkKeyScanExA
VkKeyScanExW
keybd_event
MapVirtualKeyW
GetForegroundWindow
DefWindowProcW
ChangeDisplaySettingsExW
EnumDisplaySettingsW
MonitorFromRect
MonitorFromWindow
GetMonitorInfoW
EnumDisplayMonitors
RegisterClassW
OffsetRect
GetWindowTextLengthW
ScrollWindowEx
GetKeyState
GetClipboardData
LoadIconW
GetDesktopWindow
SetForegroundWindow
ReleaseCapture
SetCapture
GetDlgCtrlID
MessageBoxW
IsChild
GetMessageW
GetComboBoxInfo
InflateRect
FrameRect
DrawFocusRect
DrawFrameControl
GetKeyboardState
GetKeyboardLayout
MapWindowPoints
SetCursor
MessageBeep
AdjustWindowRectEx
GetUpdateRect
UpdateWindow
IsIconic
GetAncestor
GetDC
GetNextDlgTabItem
FillRect
GetSysColorBrush
GetSysColor
ReleaseDC
GetScrollInfo
DrawIconEx
DestroyIcon
LoadCursorW
ScreenToClient
ClientToScreen
InvalidateRect
SetMenuDefaultItem
TrackPopupMenu
AppendMenuW
DestroyMenu
CreatePopupMenu
GetMessagePos
PostThreadMessageW
RegisterClipboardFormatW
GetFocus
SetFocus
EmptyClipboard
SetClipboardData
GetWindowThreadProcessId
GetOpenClipboardWindow
RedrawWindow
DefDlgProcW
IsWindowVisible
DestroyWindow
CreateWindowExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
CallNextHookEx
UnhookWindowsHookEx
GetWindowTextW
SetWindowsHookExW
SetWindowLongW
GetWindowLongW
DispatchMessageW
TranslateMessage
GetWindowRect
GetClientRect
EndPaint
BeginPaint
DrawTextW
SetWindowPos
ShowWindow
EnableWindow
GetDlgItem
EnableMenuItem
GetSystemMenu
SendMessageW
GetCursorPos
GetSystemMetrics
WindowFromPoint
GetClassNameW
IsWindowEnabled
PostMessageW
GetWindowPlacement
GetCursor
PostQuitMessage
SystemParametersInfoW
SetScrollInfo

gdi32

SelectObject
SetTextColor
DeleteDC
ResetDCW
StartDocW
EndDoc
StartPage
EndPage
GetDeviceCaps
StretchDIBits
CreatePen
DeleteObject
LineTo
MoveToEx
CreateBrushIndirect
GetStockObject
Rectangle
SetBkColor
CreateCompatibleBitmap
CreateSolidBrush
RoundRect
GetObjectW
BitBlt
CombineRgn
CreatePalette
CreateRectRgn
GetRandomRgn
GetRegionData
OffsetRgn
RealizePalette
SelectPalette
SetPaletteEntries
SetRectRgn
SetStretchBltMode
SetBrushOrgEx
PatBlt
GetPixel
ExcludeClipRect
GetTextMetricsW
CreateFontIndirectW
GetTextExtentPoint32W
SetMapMode
CreateRectRgnIndirect
CreateBitmap
SetPixelV
GdiAlphaBlend
CreateDIBSection
SetDIBColorTable
CreateCompatibleDC
CreateDCW
GetClipBox
StretchBlt
SetWindowOrgEx
GetDIBits
SetBkMode

shell32

SHGetMalloc
SHAddToRecentDocs
SHFileOperationW
Shell_NotifyIconW
ord74
SHGetPathFromIDListW
ShellExecuteW
SHBrowseForFolderW
SHGetFileInfoW
SHGetDesktopFolder
SHGetFolderPathW

ole32

CoTaskMemFree
OleGetClipboard
ReleaseStgMedium
OleSetClipboard
CoTaskMemAlloc
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoCreateInstance
OleInitialize
RegisterDragDrop
DoDragDrop
CoTaskMemRealloc
CoInitializeSecurity
CoSetProxyBlanket
OleUninitialize
CoUninitialize
CoInitializeEx

oleaut32

SafeArrayGetElement
SafeArrayGetDim
SysFreeString
SysAllocString
VariantClear

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

advapi32

GetUserNameW
OpenProcessToken
EqualSid
RegCloseKey
CryptReleaseContext
CryptSetProvParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptSignHashW
MakeAbsoluteSD
MakeSelfRelativeSD
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
GetSecurityDescriptorLength
InitializeSecurityDescriptor
SetEntriesInAclW
GetAclInformation
InitializeAcl
CryptGenRandom
CryptAcquireContextW
CreateProcessWithLogonW
LogonUserW
LookupAccountNameW
LookupAccountSidW
CopySid
GetLengthSid
GetSidIdentifierAuthority
FreeSid
AllocateAndInitializeSid
IsValidSid
GetTokenInformation
RegCreateKeyExW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetSecurityInfo
GetSecurityInfo
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegNotifyChangeKeyValue
CreateProcessAsUserW

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 803KB - Virtual size: 803KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

23d4adb80690dbdf20986da802ed5979

Headers

File Characteristics

PDB Paths

Imports

crypt32

ws2_32

comctl32

imm32

kernel32

user32

gdi32

shell32

ole32

oleaut32

comdlg32

advapi32

Sections

.text Size: 4.4MB - Virtual size: 4.4MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 66KB - Virtual size: 101KB

.rsrc Size: 803KB - Virtual size: 803KB

.reloc Size: 260KB - Virtual size: 260KB

.text
Size: 4.4MB - Virtual size: 4.4MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 66KB - Virtual size: 101KB

.rsrc
Size: 803KB - Virtual size: 803KB

.reloc
Size: 260KB - Virtual size: 260KB