07c70e061ca0ac2df7d36a0bdef7f2d9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

07c70e061ca0ac2df7d36a0bdef7f2d9_JaffaCakes118
Size

1.3MB
MD5

07c70e061ca0ac2df7d36a0bdef7f2d9
SHA1

5f1ce30c88051086b8034e25d650d27726dbc81c
SHA256

9f3a864a0765d267fc470417670df9a59a6c9061f7db2a56d51e4241bfeb19e5
SHA512

6cd633cfbcb12671e7816afd4a5f4b3bc56584e922f1296e1f10ab0afd69c2d522b65b14f4e04e2ab1abba3d76492d570d231f73e17df81ab3ceb9cb8e624bcc
SSDEEP

24576:9r8q2EfHDEcPyqeFVm5T80b0pXCZbsmF720SJk4opT6+BLOk2:9r3fjEcPyqeFVm5T80bGCZomFy0SITlG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BDUtility.exe

Files

07c70e061ca0ac2df7d36a0bdef7f2d9_JaffaCakes118
.zip
BDUtility.exe
.exe windows:4 windows x86 arch:x86

35528da60120072d977d6304b35afc3c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
wcslen
wcscpy
wcsncpy
wcscat
wcschr
_wcsicmp
memcpy
malloc
free
strncmp
memmove
printf
wcscmp
memcmp
_stricmp
atoi
sprintf
strcpy
strlen
strcat
_wstat
_wcsdup
strcmp
wcsstr
tolower
wcsncmp
_snwprintf
floor
ceil
localtime
mktime
_wcsnicmp
_itow
_wtoi
gmtime
cos
fmod
sin
abs
fabs
fseek
ftell
fread
fclose
pow
??3@YAXPAX@Z
_isnan
srand
rand
realloc
calloc
_errno
strrchr
memchr
_lseeki64
abort
_close
_wopen
_setmode
exit
_open_osfhandle
strchr
_strdup
_snprintf
setlocale
wctomb
_get_osfhandle
_open
toupper
mbstowcs
_vsnwprintf

kernel32

GetModuleHandleW
HeapCreate
GetSystemDirectoryW
CreateSemaphoreW
GetLastError
CloseHandle
HeapDestroy
ExitProcess
GetVolumeNameForVolumeMountPointW
DeleteVolumeMountPointW
SetVolumeMountPointW
SetFilePointerEx
ReadFile
LoadLibraryW
FormatMessageW
FreeLibrary
GetLocalTime
GetCurrentProcess
DeviceIoControl
GetLogicalDriveStringsW
CreateFileW
GetDriveTypeW
QueryDosDeviceW
Sleep
GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
WriteFile
FlushFileBuffers
GetUserDefaultLangID
GetVolumeInformationW
GetLogicalDrives
DefineDosDeviceW
SetEndOfFile
CreateProcessW
GetThreadContext
ReadProcessMemory
ResumeThread
SetThreadContext
TerminateProcess
VirtualAllocEx
WriteProcessMemory
HeapFree
HeapAlloc
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateThread
GetProcAddress
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
DuplicateHandle
CreatePipe
GetStdHandle
PeekNamedPipe
GetExitCodeProcess
GetFileSize
SetFilePointer
WideCharToMultiByte
MultiByteToWideChar
DeleteFileW
SetUnhandledExceptionFilter
TlsAlloc
TlsSetValue
TlsGetValue
GetVersionExW
GetSystemInfo
GlobalMemoryStatusEx
SetLastError
FindFirstFileW
FindClose
GetFileAttributesW
FindNextFileW
SetFileAttributesW
RemoveDirectoryW
CopyFileW
GetTempPathW
CreateDirectoryW
GlobalAlloc
GlobalFree
HeapSize
TlsFree
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
VirtualAlloc
VirtualFree
IsValidCodePage
GetACP
GetOEMCP
GetFileType
GetFileInformationByHandle
GetFileAttributesA
CreateFileA
GetFullPathNameW
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

user32

EnableWindow
GetSystemMetrics
SendMessageW
UnhookWinEvent
GetWindowRect
GetCursorPos
PtInRect
KillTimer
SetTimer
GetWindowTextW
GetSysColor
GetWindowLongW
EnumChildWindows
LoadStringW
SetWinEventHook
MessageBoxW
PostMessageW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
IsWindowEnabled
EnumWindows
SetWindowPos
SetMenu
DestroyMenu
EnableMenuItem
DrawStateW
GetIconInfo
DrawIconEx
SystemParametersInfoW
DrawTextW
GetMenuItemCount
GetSubMenu
GetPropW
GetMenu
GetMenuItemInfoW
ModifyMenuW
SetMenuItemInfoW
GetDC
ReleaseDC
GetSysColorBrush
FillRect
FrameRect
CallWindowProcW
SetWindowLongW
SetPropW
AppendMenuW
DrawMenuBar
CreateMenu
CreatePopupMenu
DestroyWindow
GetWindowTextLengthW
SetWindowTextW
InvalidateRect
UpdateWindow
RedrawWindow
ReleaseCapture
BeginPaint
EndPaint
SetCapture
ScreenToClient
CreateWindowExW
SetRect
SetCursor
GetParent
GetClientRect
DefWindowProcW
GetMessagePos
LoadCursorW
ShowWindow
ValidateRect
MapWindowPoints
RemovePropW
GetKeyState
ClipCursor
SetFocus
ChildWindowFromPointEx
GetCapture
GetFocus
DrawFocusRect
RegisterClassExW
GetWindow
MoveWindow
DrawFrameControl
SetActiveWindow
DestroyIcon
LoadIconW
PeekMessageW
MsgWaitForMultipleObjects
GetMessageW
GetActiveWindow
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
RegisterClassW
AdjustWindowRectEx
CreateAcceleratorTableW
UnregisterClassW
IsZoomed
IsIconic
ClientToScreen
DefFrameProcW
DestroyAcceleratorTable
GetClassNameW
IsChild
RegisterWindowMessageW
EnumDisplaySettingsW
CreateIconFromResourceEx
CreateIconFromResource
CharUpperW
CharLowerW

gdi32

CreateCompatibleDC
DeleteDC
GetObjectType
GetObjectW
SelectObject
BitBlt
GetPixel
SetPixel
DeleteObject
SetBkMode
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateSolidBrush
GetStockObject
SetBkColor
SetTextColor
MoveToEx
LineTo
CreateFontIndirectW
CreateRectRgnIndirect
SelectClipRgn
TextOutW
CreatePen
CreateDIBSection
GdiGetBatchLimit
GdiSetBatchLimit
CreateDCW
SetStretchBltMode
StretchBlt
GetDeviceCaps
GetDIBits
SetTextAlign
SetBrushOrgEx
SelectPalette
RealizePalette
SetPixelV
Rectangle
Ellipse
StretchDIBits
SetROP2
ExtFloodFill
RoundRect
GetTextMetricsW
CreateBitmap

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegOpenKeyExW
RegOpenKeyW
RegConnectRegistryW
RegEnumValueW
RegCloseKey
RegQueryValueExW
RegDeleteKeyW
RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCreateKeyW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

comctl32

InitCommonControlsEx
_TrackMouseEvent
ImageList_Replace
ImageList_Add
ImageList_ReplaceIcon
ImageList_Remove
ImageList_AddMasked
ImageList_Destroy
ImageList_Create
ImageList_GetIconSize

ole32

CoCreateInstance
CoInitialize
CoTaskMemFree
RevokeDragDrop

shell32

ShellExecuteExW

winmm

timeBeginPeriod

ntdll

ZwUnmapViewOfSection

setupapi

SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

wininet

HttpQueryInfoW
InternetOpenW
InternetConnectW
InternetSetOptionW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
InternetReadFile
InternetCloseHandle

Sections

.code
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 591KB - Virtual size: 591KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BDUtility.md5

Sharing

General

Malware Config

Signatures

Files

35528da60120072d977d6304b35afc3c

Headers

File Characteristics

Imports

msvcrt

kernel32

gdiplus

user32

gdi32

comdlg32

advapi32

comctl32

ole32

shell32

winmm

ntdll

setupapi

wininet

Sections

.code Size: 239KB - Virtual size: 239KB

.text Size: 591KB - Virtual size: 591KB

.rdata Size: 135KB - Virtual size: 134KB

.data Size: 1.0MB - Virtual size: 1.0MB

.rsrc Size: 18KB - Virtual size: 18KB

.code
Size: 239KB - Virtual size: 239KB

.text
Size: 591KB - Virtual size: 591KB

.rdata
Size: 135KB - Virtual size: 134KB

.data
Size: 1.0MB - Virtual size: 1.0MB

.rsrc
Size: 18KB - Virtual size: 18KB