ff151c5f2cc9bdb3518fdd6720657ec7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ff151c5f2cc9bdb3518fdd6720657ec7_JaffaCakes118
Size

1.4MB
MD5

ff151c5f2cc9bdb3518fdd6720657ec7
SHA1

8de1579311ded9a18483e580910fc3e46d498f56
SHA256

d6da3c91c83c66143da05ce922dc24d5dbf0fd8261ad4d4a2581a86edf15e0ee
SHA512

68d824daf6712420c7b46c71cb480738a04bccce4fba50813d3e8b95ca84c7e0bde7c8694645d5bdbda074a64d545fe579487449015598e7de83935aaa0583f4
SSDEEP

6144:gUeo6GmyU3L3/raErZdw3eJA7TCvr0moKKxE3FxO7SrwWEP:g7o6GXU3iE3w3ea7GzNEErOQEP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff151c5f2cc9bdb3518fdd6720657ec7_JaffaCakes118

Files

ff151c5f2cc9bdb3518fdd6720657ec7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f05348cbe1a9518c966e8a40e4e74dd1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\SonoV\Build.Net\Release\PSM_AgentInstall\PSM_Client.pdb

Imports

ws2_32

getpeername
closesocket
connect
setsockopt
WSASocketA
__WSAFDIsSet
select
gethostbyname
htons
ioctlsocket
socket
WSAStartup
WSAGetLastError
WSARecv
WSASend
bind
htonl
listen
WSAAccept
inet_ntoa
WSACleanup

user32

CharUpperA
EnableWindow
UnregisterClassA
SetTimer
SendMessageA
IsIconic
GetClientRect
LoadIconA
GetSystemMetrics
GetDlgItem
EnableMenuItem
GetSubMenu
GetCursorPos
MessageBoxA
wsprintfA
PostThreadMessageA
RegisterClipboardFormatA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
CopyAcceleratorTableA
SetRect
IsRectEmpty
CharNextA
ReleaseCapture
EndDialog
GetNextDlgTabItem
GetParent
IsWindowEnabled
GetWindowLongA
IsWindow
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
GetDesktopWindow
GetWindow
PtInRect
CopyRect
GetWindowRect
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowPos
SetWindowLongA
CallWindowProcA
DefWindowProcA
GetDlgCtrlID
RegisterClassA
GetClassInfoA
EqualRect
AdjustWindowRectEx
GetSysColor
GetMenuItemCount
GetMenuItemID
PostMessageA
GetMenu
UpdateWindow
IsWindowVisible
SetForegroundWindow
GetKeyState
MapWindowPoints
PeekMessageA
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
GetTopWindow
DispatchMessageA
GetLastActivePopup
GetForegroundWindow
GetWindowTextA
IsChild
SetFocus
GetFocus
SendDlgItemMessageA
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassInfoExA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetCapture
WinHelpA
RegisterWindowMessageA
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
LoadBitmapA
GetMenuCheckMarkDimensions
CheckMenuItem
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
PostQuitMessage
SetCursor
ValidateRect
TranslateMessage
GetMessageA
MapDialogRect
SetWindowContextHelpId
DestroyMenu
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
GetSysColorBrush
LoadCursorA
SetCapture

odbc32

ord31
ord9
ord29
ord39
ord16

advapi32

RegQueryValueA
StartServiceA
QueryServiceConfigA
QueryServiceConfig2A
QueryServiceStatus
ControlService
DeleteService
CreateServiceA
ChangeServiceConfig2A
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA

oleaut32

VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
VariantCopy
VariantClear
SysFreeString
SystemTimeToVariantTime
SafeArrayDestroy
VariantTimeToSystemTime
SysAllocString
OleCreateFontIndirect

kernel32

GetExitCodeThread
WaitForMultipleObjects
GetSystemInfo
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
InterlockedExchangeAdd
ResetEvent
CreateDirectoryA
ReleaseMutex
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
FreeLibrary
GetProcAddress
LoadLibraryA
LocalFree
LocalAlloc
GetModuleFileNameA
GetFileSize
CreateFileA
GetModuleHandleA
SetUnhandledExceptionFilter
GetCurrentProcess
GetCurrentThread
GetCurrentProcessId
GetCurrentThreadId
FreeResource
GlobalFree
GlobalUnlock
GlobalLock
lstrcpynA
lstrcmpW
lstrcatA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
FormatMessageA
GlobalAlloc
MulDiv
SetLastError
FindClose
FindNextFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
lstrcpyA
EnumResourceLanguagesA
ConvertDefaultLocale
lstrcmpA
VirtualProtect
MoveFileA
DeleteFileA
WaitForSingleObject
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFileAttributesA
GetFileTime
GlobalFlags
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetCPInfo
GetOEMCP
WritePrivateProfileStringA
SetErrorMode
HeapFree
HeapAlloc
VirtualAlloc
VirtualQuery
RtlUnwind
ExitProcess
GetStartupInfoA
GetFileType
GetSystemTimeAsFileTime
HeapReAlloc
TerminateProcess
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
SetStdHandle
GetTimeZoneInformation
DebugBreak
GetStringTypeA
GetStringTypeW
GetDriveTypeA
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
GetProcessHeap
SetEnvironmentVariableA
SetEvent
CreateEventA
GetFileAttributesExA
OpenMutexA
CreateMutexA
CloseHandle
SetCurrentDirectoryA
GetCurrentDirectoryA
InterlockedIncrement
InterlockedDecrement
GetTickCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
Sleep
GetFileAttributesA
GetCommandLineA
WinExec
GetLocalTime
FindResourceA
LoadResource
LockResource
SizeofResource
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
ReadFile

gdi32

GetTextColor
GetBkColor
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
CreateRectRgnIndirect
GetRgnBox
GetMapMode
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetDeviceCaps
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comctl32

ord17

shlwapi

PathIsUNCA
PathStripToRootA
PathFindFileNameA
PathFindExtensionA

oledlg

ord8

ole32

CoTaskMemFree
CoGetClassObject
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
StgCreateDocfileOnILockBytes

mswsock

GetAcceptExSockaddrs
AcceptEx

Sections

.text
Size: 220KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f05348cbe1a9518c966e8a40e4e74dd1

Headers

File Characteristics

PDB Paths

Imports

ws2_32

user32

odbc32

advapi32

oleaut32

kernel32

gdi32

comdlg32

winspool.drv

comctl32

shlwapi

oledlg

ole32

mswsock

Sections

.text Size: 220KB - Virtual size: 218KB

.rdata Size: 68KB - Virtual size: 66KB

.data Size: 20KB - Virtual size: 1.6MB

.rsrc Size: 52KB - Virtual size: 128KB

.text
Size: 220KB - Virtual size: 218KB

.rdata
Size: 68KB - Virtual size: 66KB

.data
Size: 20KB - Virtual size: 1.6MB

.rsrc
Size: 52KB - Virtual size: 128KB