f8af70fca3f2b366126f4492a2e41d9d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f8af70fca3f2b366126f4492a2e41d9d_JaffaCakes118
Size

1.4MB
MD5

f8af70fca3f2b366126f4492a2e41d9d
SHA1

65b0c250af4ce7efd226ec376ccdb38f9dd46ee6
SHA256

fdfa7c4c998e2582f7edda0213ed55c7b2ba0b8626c6511cb90763495014f9e5
SHA512

7a1876f45083fe40c59ca8f86345a10714ec1cf3cc18f63c4dac3f4a77e4e4ee5681559644ad8e46a54b39fa8ac9ff81cde2ff0c976a300d7419668e3cea7a1d
SSDEEP

24576:G/KiLPCdw5c8RxEUqckhIXrnq7nJVL8ZXFzIoh0IMDXATvqvyUHatz:diLPCG5Icnq7JVQpVIoxMDX0qBax

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f8af70fca3f2b366126f4492a2e41d9d_JaffaCakes118

Files

f8af70fca3f2b366126f4492a2e41d9d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a34f3e5a0be05d11e89c4e81047d506a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Devops\agent\workspace\p-111758179e0043a5b011650a32a71ea0\src\TGBDownloader\Output\TGBDownloader\Release\TGBDownloader.pdb

Imports

ws2_32

htonl
ntohl
htons

dbghelp

MiniDumpWriteDump

kernel32

GetExitCodeProcess
IsDBCSLeadByte
WideCharToMultiByte
GetFullPathNameW
SetEndOfFile
GetFileAttributesExW
SetFilePointerEx
MoveFileW
CopyFileW
CreateFileA
SwitchToThread
GetFileSize
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetVersionExW
GetSystemDirectoryW
InterlockedExchange
InterlockedCompareExchange
InterlockedDecrement
InitializeCriticalSection
GetSystemDefaultLangID
Sleep
GetSystemInfo
InterlockedIncrement
LoadLibraryA
MulDiv
GetACP
lstrlenW
GlobalLock
GlobalUnlock
ExitProcess
VerifyVersionInfoW
VerSetConditionMask
LocalFileTimeToFileTime
SystemTimeToFileTime
GlobalAlloc
FormatMessageW
LocalFree
GetLocalTime
lstrcpyW
lstrcmpiW
GetOEMCP
IsValidCodePage
SetStdHandle
ReadConsoleW
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStdHandle
GetModuleHandleExW
ExitThread
WaitForSingleObject
RemoveDirectoryW
SetEnvironmentVariableA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
ResetEvent
SetEvent
OutputDebugStringW
IsDebuggerPresent
LCMapStringW
CompareStringW
GetCPInfo
EncodePointer
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
SetLastError
QueryPerformanceCounter
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
WaitForSingleObjectEx
DuplicateHandle
TryEnterCriticalSection
GetStringTypeW
FindFirstFileExW
FindClose
FindNextFileW
MoveFileExW
FindFirstFileW
GetTickCount
DeviceIoControl
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDrives
SetFilePointer
WriteFile
CreateMutexW
OpenMutexW
ProcessIdToSessionId
SetUnhandledExceptionFilter
GetCurrentProcess
GetCurrentProcessId
CreateDirectoryW
DeleteCriticalSection
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetUserDefaultUILanguage
FreeResource
TerminateThread
ReadFile
GetFileSizeEx
GetModuleFileNameW
GetFileAttributesW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetTempFileNameW
GetTempPathW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetModuleHandleW
GlobalFree
MultiByteToWideChar
GetLastError
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
GetProcAddress
FreeLibrary
CloseHandle
CreateFileW
GetFileTime
DeleteFileW
GetCurrentThreadId
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW

user32

SendMessageW
GetWindowRect
ScreenToClient
GetKeyState
LoadCursorW
SetCursor
PtInRect
DestroyWindow
ReleaseDC
GetDC
GetClientRect
SetWindowPos
GetWindowLongW
SetWindowLongW
IsIconic
GetActiveWindow
GetWindow
SetFocus
BeginPaint
EndPaint
GetUpdateRect
IsWindowVisible
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
CreateWindowExW
GetCursorPos
ReleaseCapture
GetSysColor
InvalidateRect
IntersectRect
TranslateMessage
UnionRect
IsZoomed
PostMessageW
GetFocus
SetTimer
KillTimer
SetCapture
GetParent
LoadImageW
SetWindowRgn
MessageBoxW
GetKeyNameTextW
GetKeyboardLayout
MapVirtualKeyExW
DefWindowProcW
ShowWindow
EnableWindow
PostQuitMessage
RegisterClassW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
SetPropW
GetPropW
FillRect
DrawTextW
SetRect
InflateRect
OffsetRect
DispatchMessageW
CharNextW
CharPrevW
MoveWindow
UpdateLayeredWindow
GetWindowRgn
IsRectEmpty
IsWindow
GetMessageW
SetForegroundWindow
GetGUIThreadInfo
CreateAcceleratorTableW
InvalidateRgn
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
EqualRect
IsWindowEnabled
DestroyMenu
TrackPopupMenu
EnableMenuItem
AppendMenuW
CreatePopupMenu
GetCaretBlinkTime
ClientToScreen
SetCaretPos
GetCaretPos
HideCaret
ShowCaret
CreateCaret

gdi32

SetBitmapBits
GetBitmapBits
CreatePatternBrush
PtInRegion
CreateRectRgn
GdiFlush
TextOutW
GetTextExtentPoint32W
GetCharABCWidthsW
SetBkColor
SetTextColor
SetBkMode
GetObjectA
RoundRect
LineTo
MoveToEx
CreatePenIndirect
CreateSolidBrush
SetStretchBltMode
StretchBlt
CreateDIBSection
CombineRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
SelectClipRgn
CreateRoundRectRgn
CreateCompatibleBitmap
GetDeviceCaps
GetEnhMetaFileHeader
CreateDIBitmap
AddFontMemResourceEx
GetTextMetricsW
CloseEnhMetaFile
CreateEnhMetaFileW
SetWindowOrgEx
Rectangle
RestoreDC
BitBlt
SaveDC
SelectObject
CreateCompatibleDC
DeleteDC
RemoveFontMemResourceEx
DeleteObject
CreatePen
CreateFontIndirectW
GetStockObject
GetObjectW
PlayEnhMetaFile

advapi32

RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW

shell32

ord165
DragQueryFileW
SHGetFolderPathA
ShellExecuteExW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW

ole32

DoDragDrop
OleDuplicateData
CoCreateGuid
CoInitialize
CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree
CreateStreamOnHGlobal
ReleaseStgMedium
OleLockRunning
CLSIDFromString
CLSIDFromProgID
RegisterDragDrop

comctl32

_TrackMouseEvent
ord17

gdiplus

GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipSetStringFormatLineAlign
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipLoadImageFromStream
GdiplusShutdown
GdiplusStartup
GdipDrawImageRectI
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipFillRectangleI
GdipMeasureString
GdipDrawRectangleI

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

winhttp

WinHttpOpen
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpSendRequest
WinHttpSetOption
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle

shlwapi

PathIsDirectoryW
PathFileExistsW
PathAddBackslashW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

netapi32

Netbios

Sections

.text
Size: 800KB - Virtual size: 799KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QMGuid
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a34f3e5a0be05d11e89c4e81047d506a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

dbghelp

kernel32

user32

gdi32

advapi32

shell32

ole32

comctl32

gdiplus

imm32

winhttp

shlwapi

version

netapi32

Sections

.text Size: 800KB - Virtual size: 799KB

.rdata Size: 198KB - Virtual size: 197KB

.data Size: 19KB - Virtual size: 25KB

.gfids Size: 3KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

.QMGuid Size: 512B - Virtual size: 20B

.rsrc Size: 364KB - Virtual size: 364KB

.reloc Size: 49KB - Virtual size: 49KB

.text
Size: 800KB - Virtual size: 799KB

.rdata
Size: 198KB - Virtual size: 197KB

.data
Size: 19KB - Virtual size: 25KB

.gfids
Size: 3KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

.QMGuid
Size: 512B - Virtual size: 20B

.rsrc
Size: 364KB - Virtual size: 364KB

.reloc
Size: 49KB - Virtual size: 49KB