0e153b5a0ecfda0f2dd4977af0002458_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0e153b5a0ecfda0f2dd4977af0002458_JaffaCakes118
Size

10.9MB
MD5

0e153b5a0ecfda0f2dd4977af0002458
SHA1

3be354ae2166d89761c63f6573e267c96dd0dad0
SHA256

1a27a06f46d13ec5cd4c86bc43d4a97322547be43c58dbfe9106e7b65153e0ce
SHA512

a5561b635f217d3766c6aa3dc4945a7c88cf7f9f9cc67f89b3efa005599e07e6e8c5d1099d55ddaff99694d67bd1163f7e9162caac7eafe2de9749330c1dcc00
SSDEEP

98304:uLgl0pdFYheW65BLamxxbBr07B+Ua2RuYE4hFjyXLt:uLgOLAeWOWmx+Na2RuYE7Lt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e153b5a0ecfda0f2dd4977af0002458_JaffaCakes118

Files

0e153b5a0ecfda0f2dd4977af0002458_JaffaCakes118
.exe windows:6 windows x64 arch:x64

4ec910498502512a780cdd5ec5597775

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\f\save\bin\rdr3\master\rdr3\release\CitiLaunch.pdb

Imports

comctl32

ord344
InitCommonControlsEx
ord345

kernel32

MoveFileW
MultiByteToWideChar
GetFileAttributesExW
AddVectoredExceptionHandler
GetCurrentProcessId
ExitProcess
GetStartupInfoW
GetProcAddress
LoadLibraryA
LoadLibraryW
K32EnumProcessModules
CreateDirectoryW
CreateMutexW
OpenMutexW
SwitchToThread
GetCurrentThread
GetCurrentThreadId
GetSystemTime
GetTickCount64
SystemTimeToFileTime
GetPrivateProfileIntW
WriteFile
GetTickCount
VerSetConditionMask
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
VirtualProtect
VerifyVersionInfoW
RtlAddFunctionTable
GetModuleFileNameA
FindClose
FindFirstFileW
FindNextFileW
GetFileSizeEx
GetPrivateProfileStringW
WritePrivateProfileStringW
GetFullPathNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
SetCurrentDirectoryW
SetEvent
CreateEventW
GetExitCodeProcess
OpenProcess
GetSystemDirectoryW
IsProcessInJob
CreateJobObjectW
GetLastError
SetInformationJobObject
SetDllDirectoryW
WaitForSingleObject
CreateRemoteThread
CopyFileW
CreateProcessW
VirtualAllocEx
ReadProcessMemory
WriteProcessMemory
K32GetModuleFileNameExW
K32GetModuleInformation
ReadFile
GetOverlappedResult
EncodePointer
DecodePointer
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
FreeLibrary
LoadResource
LockResource
SizeofResource
FindResourceW
MulDiv
CreateActCtxW
ActivateActCtx
IsProcessorFeaturePresent
UnhandledExceptionFilter
CloseHandle
GetFileAttributesW
DeleteFileW
RtlUnwind
ReadConsoleA
SetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
CreateFileW
GetCommandLineW
TerminateProcess
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
FlushFileBuffers
SetStdHandle
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapAlloc
LocalFree
GetModuleHandleW
GetModuleFileNameW
MapViewOfFile
GetExitCodeThread
GetCurrentProcess
IsDebuggerPresent
CreateFileMappingW
GetProcessId
Sleep
AssignProcessToJobObject
HeapFree
SetConsoleCtrlHandler
GetConsoleCP
ReadConsoleW
GetConsoleMode
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
ExitThread
WriteConsoleW
GetModuleHandleExW
GetFileType
GetStdHandle
RtlUnwindEx
RtlPcToFileHeader
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
VirtualFree
VirtualAlloc
GetVersionExW
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
OutputDebugStringW
SetThreadAffinityMask
InitializeSListHead
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
LoadLibraryExA
VirtualQuery
FormatMessageW
WideCharToMultiByte
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
RaiseException
CompareStringOrdinal
InitOnceExecuteOnce
InitializeSRWLock
GlobalUnlock
GlobalLock
GlobalSize
CreateEventExW
WaitForSingleObjectEx
DuplicateHandle
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
ResetEvent
WaitForMultipleObjects
SetUnhandledExceptionFilter
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
CreateSemaphoreW
CreateThread
VirtualQueryEx
GetProcessTimes
GetSystemTimeAsFileTime
UnregisterWaitEx
UnregisterWait
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
ReleaseMutex
RegisterWaitForSingleObject
InitializeCriticalSectionEx
SleepEx
QueryPerformanceFrequency
QueryPerformanceCounter
ExpandEnvironmentStringsA
SetLastError
FormatMessageA
SetFilePointer
GetStringTypeW
GetNativeSystemInfo
TryEnterCriticalSection
GetCurrentDirectoryW
FindFirstFileExW
GetFileInformationByHandle
RemoveDirectoryW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
MoveFileExW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetSystemInfo

user32

CreateWindowExW
PeekMessageW
DispatchMessageW
GetProcessWindowStation
DestroyWindow
ShowWindow
GetUserObjectInformationW
SetWindowPos
SetTimer
AllowSetForegroundWindow
GetDC
RegisterClassExW
BeginPaint
EndPaint
SetWindowTextW
GetSysColor
GetSysColorBrush
GetWindowLongW
DefWindowProcW
TranslateMessage
MessageBoxW
FindWindowW
SendMessageW
MsgWaitForMultipleObjects
ReleaseDC
RegisterWindowMessageW
MessageBoxA
MoveWindow
SetWindowLongW
MonitorFromPoint
LoadIconW
LoadCursorW
FindWindowExW
GetDesktopWindow

gdi32

SetBkMode
GetDeviceCaps
CreateFontIndirectW
SetTextColor

advapi32

RegGetValueW
RegisterEventSourceW
DeregisterEventSource
GetTokenInformation
OpenProcessToken
RegSetKeyValueW
RegDeleteKeyW
ReportEventW

shell32

CommandLineToArgvW
SetCurrentProcessExplicitAppUserModelID
SHCreateItemFromParsingName
SHGetKnownFolderPath
SHBindToParent
SHParseDisplayName
SHSetLocalizedName
ord709
ShellExecuteW

ws2_32

WSAGetLastError
socket
__WSAFDIsSet
select
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
getnameinfo
ntohs
setsockopt
WSAIoctl
WSAStartup
WSACleanup
getaddrinfo
freeaddrinfo
shutdown
ioctlsocket

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

shlwapi

StrStrIW

d3d11

D3D11CreateDevice

bcrypt

BCryptGenRandom

oleaut32

SysFreeString

Exports

Exports

AmdPowerXpressRequestHighPerformance
AsyncTrace
DllCanUnloadNow
DllGetActivationFactory
NvOptimusEnablement
free
malloc
realloc

Sections

.cdummy
Size: - Virtual size: 129.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 170KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cld
Size: 65KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.clr
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zdata
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 721KB - Virtual size: 724KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.unwind
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_MEM_READ

.rd_pef
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ec910498502512a780cdd5ec5597775

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ws2_32

ntdll

shlwapi

d3d11

bcrypt

oleaut32

Exports

Exports

Sections

.cdummy Size: - Virtual size: 129.0MB

.pdata Size: 170KB - Virtual size: 172KB

_RDATA Size: 512B - Virtual size: 4KB

.cld Size: 65KB - Virtual size: 1.0MB

.clr Size: 1.2MB - Virtual size: 1.2MB

.zdata Size: 3.3MB - Virtual size: 3.3MB

.rsrc Size: 721KB - Virtual size: 724KB

.unwind Size: 3.2MB - Virtual size: 3.2MB

.rd_pef Size: 2.2MB - Virtual size: 2.2MB

.cdummy
Size: - Virtual size: 129.0MB

.pdata
Size: 170KB - Virtual size: 172KB

_RDATA
Size: 512B - Virtual size: 4KB

.cld
Size: 65KB - Virtual size: 1.0MB

.clr
Size: 1.2MB - Virtual size: 1.2MB

.zdata
Size: 3.3MB - Virtual size: 3.3MB

.rsrc
Size: 721KB - Virtual size: 724KB

.unwind
Size: 3.2MB - Virtual size: 3.2MB

.rd_pef
Size: 2.2MB - Virtual size: 2.2MB