040bac6694b1b5d87155e1d3a0bbdcc9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

040bac6694b1b5d87155e1d3a0bbdcc9_JaffaCakes118
Size

990KB
MD5

040bac6694b1b5d87155e1d3a0bbdcc9
SHA1

dd02d671be705d471d66a87061aa2c42ffcefafa
SHA256

0f0bc83c1f9bf8b3070302898b1682e2139aca3ff666a7cd71d3ac065c7fe572
SHA512

92e4912d31114de8a6bd705b782dd1b236a912c589adb27fe679c6d3c967bca3bab49d1b01dfb6aad04dbb0e052b6fcf1f9a1c7b17edd1278e2acdb4635832a6
SSDEEP

24576:pvuFyrCUwqY4lCiBvdDrs4RPRumSC99guAsv+:xbzXs4R8mxD91v+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
040bac6694b1b5d87155e1d3a0bbdcc9_JaffaCakes118

Files

040bac6694b1b5d87155e1d3a0bbdcc9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cc4d69fe2dfb2427df15f4f4be3f0c4d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

M:\TWRK\608de6e154b8c665\src\MicrogamingInstall\2013-Release\MicrogamingInstall.pdb

Imports

kernel32

GetCurrentThreadId
GetCurrentProcessId
OpenFileMappingA
lstrcpyA
FreeLibrary
CreateDirectoryW
LoadLibraryW
CreateFileW
MultiByteToWideChar
GetProcAddress
LocalFree
lstrcpynA
GetFileAttributesA
lstrcpynW
GetFileAttributesW
GetModuleFileNameW
lstrlenW
CreateDirectoryA
FindFirstFileA
FindClose
GetModuleFileNameA
FindNextFileA
WideCharToMultiByte
CreateProcessW
SetUnhandledExceptionFilter
OpenProcess
CreateProcessA
RemoveDirectoryA
CopyFileA
GetTempFileNameA
GetModuleHandleA
GetTempPathA
DeleteFileA
GetComputerNameA
FormatMessageA
GetVolumePathNameW
CopyFileW
FormatMessageW
RemoveDirectoryW
ReleaseMutex
GetDiskFreeSpaceExA
GetVersionExA
DeleteFileW
SetFileAttributesW
CreatePipe
GetExitCodeThread
WaitForMultipleObjects
InterlockedExchangeAdd
MoveFileA
GetPrivateProfileStringW
LoadLibraryA
CreateMutexA
GetDriveTypeA
GetVolumeInformationA
DeviceIoControl
ResetEvent
MoveFileExA
Process32First
TerminateProcess
GetSystemDirectoryA
GetLocalTime
Process32Next
CreateToolhelp32Snapshot
OutputDebugStringW
QueueUserWorkItem
ReleaseSemaphore
GetLogicalDriveStringsA
GlobalMemoryStatusEx
GetSystemInfo
GetCurrentThread
SetThreadPriority
GetThreadTimes
UnregisterWaitEx
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
FreeLibraryAndExitThread
QueryDepthSList
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
CreateTimerQueue
DuplicateHandle
SetEndOfFile
GetFullPathNameW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
SetStdHandle
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCurrentDirectoryW
GetConsoleCP
FlushFileBuffers
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetTimeZoneInformation
CreateSemaphoreW
GetModuleHandleW
GetTickCount
GetStartupInfoW
TlsFree
CreateFileMappingA
lstrcmpiA
InterlockedExchange
lstrcatA
Sleep
InterlockedCompareExchange
InterlockedDecrement
UnmapViewOfFile
InterlockedIncrement
MapViewOfFile
lstrlenA
GetFileSize
InterlockedPushEntrySList
InterlockedFlushSList
InterlockedPopEntrySList
InitializeSListHead
CloseHandle
ReadFile
WriteFile
SetFilePointer
CreateFileA
CreateThread
OutputDebugStringA
GetLastError
CreateEventA
SetEvent
CreateSemaphoreA
WaitForSingleObject
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcess
CreateEventW
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
DeleteCriticalSection
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
IsDebuggerPresent
SetLastError
HeapSize
GetProcessHeap
IsProcessorFeaturePresent
WriteConsoleW
GetFileType
GetStdHandle
RtlUnwind
RaiseException
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
GetFullPathNameA
GetDriveTypeW
GetCommandLineA
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
LoadLibraryExW
ExitThread
GetSystemTimeAsFileTime
AreFileApisANSI
GetModuleHandleExW
ExitProcess
HeapAlloc
DecodePointer
EncodePointer
HeapFree

user32

SetWindowLongA
GetWindowLongW
AppendMenuW
ReleaseDC
OffsetRect
ChildWindowFromPoint
SetWindowLongW
IsDialogMessageA
PeekMessageA
wsprintfA
SendMessageA
GetClientRect
IsWindowEnabled
LoadIconA
SetForegroundWindow
GetWindowDC
TrackPopupMenu
SetWindowPos
GetCursorPos
SetLayeredWindowAttributes
CreatePopupMenu
CreateWindowExW
DispatchMessageA
MessageBoxW
RegisterClassW
GetSystemMetrics
IsWindowVisible
LoadImageA
MapWindowPoints
UpdateWindow
PostThreadMessageA
GetMessageA
InvalidateRect
wsprintfW
CopyRect
SetFocus
MessageBoxA
SetWindowTextA
GetWindowRect
PostMessageA
RegisterClassA
ShowWindow
DefWindowProcA
EnableWindow
AdjustWindowRect
LoadCursorA
GetDlgCtrlID
DefWindowProcW
MoveWindow
FlashWindowEx
TranslateMessage
GetActiveWindow
wvsprintfA
DestroyWindow
CreateWindowExA

gdi32

DeleteDC
CreateDIBSection
GetDIBits
DeleteObject
SelectObject
CreateCompatibleDC
GetStockObject
BitBlt

advapi32

OpenSCManagerA
CloseServiceHandle
OpenServiceA
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueW
RegSetValueA
RegQueryValueW
RegCloseKey
GetUserNameA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
FreeSid
SetEntriesInAclW
RegEnumKeyW

shell32

SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteA
SHGetPathFromIDListW
SHGetFolderPathW
Shell_NotifyIconA
SHGetSpecialFolderPathA
SHChangeNotify

ole32

StringFromIID
CoTaskMemFree
CLSIDFromProgID
OleSetContainedObject
OleCreate
OleUninitialize
CoCreateInstance
CoCreateGuid
CoTaskMemAlloc
CoSetProxyBlanket
CoUninitialize
CoInitialize
OleInitialize

oleaut32

VariantTimeToSystemTime
VariantCopy
VariantChangeType
SysStringLen
SysAllocString
SysAllocStringLen
SysFreeString
VariantClear
SafeArrayCreateVector
SafeArrayAccessData
VariantInit
SafeArrayUnaccessData

wsock32

gethostbyname
send
WSAStartup
WSACleanup
closesocket
socket
htons
inet_addr
htonl
WSAGetLastError
ntohs
getservbyport
getservbyname
WSASetLastError
gethostbyaddr
connect
ioctlsocket

ws2_32

WSAAddressToStringA

wininet

InternetReadFile
HttpSendRequestA
InternetCrackUrlA
InternetGetLastResponseInfoA
InternetConnectA
HttpOpenRequestA
InternetSetOptionA
InternetOpenUrlW
InternetOpenW
InternetCrackUrlW
InternetOpenUrlA
HttpQueryInfoA
InternetCloseHandle
InternetOpenA

shlwapi

StrStrA
PathAppendW
PathCanonicalizeW
SHDeleteKeyA
PathAppendA
PathCanonicalizeA
PathFileExistsA
UrlCombineA
PathFindFileNameA

netapi32

NetWkstaGetInfo
NetApiBufferFree

psapi

GetModuleFileNameExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

urlmon

CoInternetGetSession

Exports

Exports

?CreateDefaultBrowserInfo@@YGPAVIDefaultBrowserInfo@@XZ
?CreateDirectXVersionInfo@@YGPAVIDirectXVersionInfo@@XZ
?CreateDisplaysDeviceInfo@@YGPAVIDisplayDevicesInfo@@XZ
?CreateFixedDriveInfo@@YGPAVIFixedDriveInfo@@XZ
?CreateFixedDrivesInfo@@YGPAVIFixedDrivesInfo@@XZ
?CreateFlashInfo@@YGPAVIFlashInfo@@XZ
?CreateIEVersionInfo@@YGPAVIIEVersionInfo@@XZ
?CreateMacAddress@@YGPAVIMacAddress@@XZ
?CreateMachineInfo@@YGPAVIMachineInfo@@XZ
?CreateMachineInfoXML@@YGPAVIMachineInfoXML@@XZ
?CreateOSInfo@@YGPAVIOSInfo@@XZ
?CreateProcessorsInfo@@YGPAVIProcessorsInfo@@XZ
?CreateRamInfo@@YGPAVIRamInfo@@XZ
?CreateSoundDevicesInfo@@YGPAVISoundDevicesInfo@@XZ
?CreateUserExperience@@YGPAVIUserExperience@@XZ
?CreateVMInfo@@YGPAVIVMInfo@@XZ

Sections

.text
Size: 470KB - Virtual size: 469KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc4d69fe2dfb2427df15f4f4be3f0c4d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wsock32

ws2_32

wininet

shlwapi

netapi32

psapi

version

urlmon

Exports

Exports

Sections

.text Size: 470KB - Virtual size: 469KB

.rdata Size: 110KB - Virtual size: 110KB

.data Size: 91KB - Virtual size: 118KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 28KB - Virtual size: 27KB

.text
Size: 470KB - Virtual size: 469KB

.rdata
Size: 110KB - Virtual size: 110KB

.data
Size: 91KB - Virtual size: 118KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 28KB - Virtual size: 27KB