febe87408da753d74d30f4afba1c1c46_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

febe87408da753d74d30f4afba1c1c46_JaffaCakes118
Size

993KB
MD5

febe87408da753d74d30f4afba1c1c46
SHA1

67977834471eba29e6b63b1f90b482f9b4fa891d
SHA256

ca462867a80703a129b16cc161bd445cd0ae7b4974741a90c5c4bad2ec1357a3
SHA512

fba825afaac6deaf9fe20dce62b81c3758ea1713ac11cc02d877105108874567159bddea904cc1a03858654267cf278afecede96c68cb6a0e5b0cb87703ea40e
SSDEEP

24576:fodalvE38BZK9ZVHrWUQx/cQ6vbsRG6ELOGfT:Q05w93HCtx0QaDh37

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
febe87408da753d74d30f4afba1c1c46_JaffaCakes118

Files

febe87408da753d74d30f4afba1c1c46_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d7e1d74585499ba8c86266aa9e75bff2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Build\JenkinsHome\jobs\browser_loader\workspace\build\loader\Release\loader.pdb

Imports

kernel32

DeleteFileW
GlobalLock
CopyFileW
InterlockedIncrement
GlobalUnlock
lstrcmpW
MulDiv
GetExitCodeProcess
CreateDirectoryW
GetTempPathW
GetFileAttributesW
GetTickCount
GetStartupInfoW
CreateProcessW
GetACP
HeapFree
HeapSize
HeapReAlloc
LoadLibraryW
HeapAlloc
GetProcessHeap
FreeLibrary
InterlockedCompareExchange
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
GetVersionExW
GetNativeSystemInfo
InitializeCriticalSection
ReadFile
SetFilePointer
GetFileSize
SetEndOfFile
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GlobalAlloc
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
CreateFileW
GetConsoleCP
FlushFileBuffers
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileType
GetStdHandle
GetModuleHandleExW
ExitProcess
RtlUnwind
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
DuplicateHandle
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetDiskFreeSpaceExW
SetEvent
GetCurrentThreadId
LeaveCriticalSection
GetModuleFileNameW
RemoveDirectoryW
InterlockedDecrement
EnterCriticalSection
SetLastError
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
OutputDebugStringW
InitializeSListHead
GetCurrentProcessId
IsDebuggerPresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
WaitForSingleObjectEx
ResetEvent
GetCPInfo
GetLocaleInfoW
LCMapStringW
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
WriteFile
GetModuleHandleW
GetProcAddress
CloseHandle
CreateEventW
DeleteCriticalSection
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
LocalFree
GetCommandLineW
Sleep
QueryPerformanceCounter
GetStringTypeW
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
TryEnterCriticalSection

user32

EndPaint
BeginPaint
GetCursorPos
ReleaseDC
GetWindowTextW
UnregisterClassW
ReleaseCapture
RegisterWindowMessageW
GetParent
GetClassInfoExW
GetDesktopWindow
PostThreadMessageW
GetDlgItem
InvalidateRect
SetWindowLongW
wsprintfW
SetCapture
GetSystemMetrics
ShowWindow
MsgWaitForMultipleObjects
PostQuitMessage
KillTimer
SetTimer
DispatchMessageW
TranslateMessage
PeekMessageW
GetClassNameW
GetWindowLongW
GetWindowTextLengthW
DefWindowProcW
CallWindowProcW
GetWindow
GetFocus
DestroyWindow
GetDC
SetWindowPos
FillRect
CreateWindowExW
ScreenToClient
SendMessageW
SetWindowTextW
RegisterClassExW
IsWindow
InvalidateRgn
RedrawWindow
ClientToScreen
DestroyAcceleratorTable
IsChild
GetSysColor
MoveWindow
CreateAcceleratorTableW
SetFocus
CharNextW
LoadCursorW
GetClientRect

gdi32

BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetStockObject
GetDeviceCaps
DeleteDC
GetObjectW
DeleteObject
CreateSolidBrush

shell32

SHGetFolderPathW
CommandLineToArgvW

ole32

StringFromCLSID
CoCreateGuid
CoTaskMemFree
CoAddRefServerProcess
CoReleaseServerProcess
OleUninitialize
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CLSIDFromProgID
CreateStreamOnHGlobal
OleInitialize
CLSIDFromString
OleLockRunning
CoGetClassObject

oleaut32

SysStringLen
VariantCopy
SysFreeString
VariantClear
SysAllocString
DispCallFunc
VariantChangeType
LoadRegTypeLi
VariantInit
LoadTypeLi
OleCreateFontIndirect
SysAllocStringLen

advapi32

CryptDestroyKey
CryptAcquireContextW
CryptVerifySignatureW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptReleaseContext
RegSetValueExW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegQueryValueExW
RegCloseKey

shlwapi

PathFindFileNameW

ws2_32

ntohl

Sections

.text
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 439KB - Virtual size: 439KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7e1d74585499ba8c86266aa9e75bff2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

shlwapi

ws2_32

Sections

.text Size: 360KB - Virtual size: 360KB

.rdata Size: 120KB - Virtual size: 120KB

.data Size: 23KB - Virtual size: 28KB

.rsrc Size: 439KB - Virtual size: 439KB

.reloc Size: 26KB - Virtual size: 25KB

.text
Size: 360KB - Virtual size: 360KB

.rdata
Size: 120KB - Virtual size: 120KB

.data
Size: 23KB - Virtual size: 28KB

.rsrc
Size: 439KB - Virtual size: 439KB

.reloc
Size: 26KB - Virtual size: 25KB