114de4ba069779e251c512ce4f925ff5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

114de4ba069779e251c512ce4f925ff5_JaffaCakes118
Size

1.4MB
MD5

114de4ba069779e251c512ce4f925ff5
SHA1

146990fd78b76146f13e7a7a766bd0e916110de8
SHA256

4f00ced2454aa6b4b87b3bbeec00e7f11d2cab5f513f311c064b39cacb809dc1
SHA512

39e33fe18bf40d5978aa9856847640c584e5b2e5752b5d48111b491792e08c86eecabf53f9f08c7c1dd9f1a832f3697df99c2166403e8f322a7794472f23e6f9
SSDEEP

24576:2OJqVwAfRxvuXhGG0XPvc+6xHs8y+VMbtVtJbrctkN0l0s+3BqvyUmVaEX:lJqVwimAvWxHs8y+VM5VPMtkN0l0BBqe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
114de4ba069779e251c512ce4f925ff5_JaffaCakes118

Files

114de4ba069779e251c512ce4f925ff5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3a973f9e26b7f434fe8671aa4d4af78e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Devops\agent\workspace\p-111758179e0043a5b011650a32a71ea0\src\TGBDownloader\Output\TGBDownloader\Release\TGBDownloader.pdb

Imports

ws2_32

htonl
ntohl
htons

dbghelp

MiniDumpWriteDump

kernel32

IsDBCSLeadByte
WideCharToMultiByte
GetFullPathNameW
SetEndOfFile
GetFileAttributesExW
SetFilePointerEx
MoveFileW
CopyFileW
CreateFileA
SwitchToThread
GetFileSize
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetVersionExW
GetSystemDirectoryW
InterlockedExchange
InterlockedCompareExchange
InterlockedDecrement
InitializeCriticalSection
GetSystemDefaultLangID
Sleep
GetSystemInfo
InterlockedIncrement
LoadLibraryA
MulDiv
GetACP
lstrlenW
GlobalLock
GlobalUnlock
ExitProcess
VerifyVersionInfoW
VerSetConditionMask
LocalFileTimeToFileTime
SystemTimeToFileTime
GlobalAlloc
FormatMessageW
LocalFree
GetLocalTime
lstrcpyW
lstrcmpiW
GetOEMCP
IsValidCodePage
SetStdHandle
ReadConsoleW
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStdHandle
GetModuleHandleExW
ExitThread
GetExitCodeProcess
SetEnvironmentVariableA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
ResetEvent
SetEvent
OutputDebugStringW
IsDebuggerPresent
LCMapStringW
CompareStringW
GetCPInfo
EncodePointer
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
SetLastError
QueryPerformanceCounter
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
WaitForSingleObjectEx
DuplicateHandle
TryEnterCriticalSection
GetStringTypeW
FindFirstFileExW
WaitForSingleObject
FindClose
MoveFileExW
FindNextFileW
RemoveDirectoryW
FindFirstFileW
GetTickCount
DeviceIoControl
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDrives
SetFilePointer
WriteFile
CreateMutexW
OpenMutexW
ProcessIdToSessionId
SetUnhandledExceptionFilter
GetCurrentProcess
GetCurrentProcessId
CreateDirectoryW
DeleteCriticalSection
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetUserDefaultUILanguage
FreeResource
TerminateThread
ReadFile
GetFileSizeEx
CreateFileW
CloseHandle
GetModuleFileNameW
GetFileAttributesW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetTempFileNameW
GetTempPathW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetModuleHandleW
GlobalFree
MultiByteToWideChar
GetLastError
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
GetProcAddress
FreeLibrary
DeleteFileW
GetCurrentThreadId
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW

user32

SendMessageW
GetWindowRect
ScreenToClient
GetKeyState
LoadCursorW
SetCursor
PtInRect
DestroyWindow
ReleaseDC
GetDC
GetClientRect
SetWindowPos
GetWindowLongW
SetWindowLongW
IsIconic
GetActiveWindow
GetWindow
SetFocus
BeginPaint
EndPaint
GetUpdateRect
IsWindowVisible
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
CreateWindowExW
GetCursorPos
ReleaseCapture
GetSysColor
InvalidateRect
IntersectRect
TranslateMessage
UnionRect
IsZoomed
PostMessageW
GetFocus
SetTimer
KillTimer
SetCapture
GetParent
LoadImageW
SetWindowRgn
MessageBoxW
GetKeyNameTextW
GetKeyboardLayout
MapVirtualKeyExW
DefWindowProcW
ShowWindow
EnableWindow
PostQuitMessage
RegisterClassW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
SetPropW
GetPropW
FillRect
DrawTextW
SetRect
InflateRect
OffsetRect
DispatchMessageW
CharNextW
CharPrevW
MoveWindow
UpdateLayeredWindow
GetWindowRgn
IsRectEmpty
IsWindow
GetMessageW
SetForegroundWindow
GetGUIThreadInfo
CreateAcceleratorTableW
InvalidateRgn
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
EqualRect
IsWindowEnabled
DestroyMenu
TrackPopupMenu
EnableMenuItem
AppendMenuW
CreatePopupMenu
GetCaretBlinkTime
ClientToScreen
SetCaretPos
GetCaretPos
HideCaret
ShowCaret
CreateCaret

gdi32

SetBitmapBits
GetBitmapBits
CreatePatternBrush
PtInRegion
CreateRectRgn
GdiFlush
TextOutW
GetTextExtentPoint32W
GetCharABCWidthsW
SetBkColor
SetTextColor
SetBkMode
GetObjectA
RoundRect
LineTo
MoveToEx
CreatePenIndirect
CreateSolidBrush
SetStretchBltMode
StretchBlt
CreateDIBSection
CombineRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
SelectClipRgn
PlayEnhMetaFile
CreateCompatibleBitmap
GetDeviceCaps
GetEnhMetaFileHeader
CreateDIBitmap
AddFontMemResourceEx
GetTextMetricsW
CloseEnhMetaFile
CreateEnhMetaFileW
SetWindowOrgEx
Rectangle
RestoreDC
BitBlt
SaveDC
SelectObject
CreateCompatibleDC
DeleteDC
RemoveFontMemResourceEx
DeleteObject
CreatePen
CreateFontIndirectW
GetStockObject
GetObjectW
CreateRoundRectRgn

advapi32

RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW

shell32

ord165
DragQueryFileW
SHGetFolderPathA
ShellExecuteExW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW

ole32

DoDragDrop
OleDuplicateData
CoCreateGuid
CoInitialize
CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree
CreateStreamOnHGlobal
ReleaseStgMedium
OleLockRunning
CLSIDFromString
CLSIDFromProgID
RegisterDragDrop

comctl32

_TrackMouseEvent
ord17

gdiplus

GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipSetStringFormatLineAlign
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipLoadImageFromStream
GdiplusShutdown
GdiplusStartup
GdipDrawImageRectI
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipFillRectangleI
GdipMeasureString
GdipDrawRectangleI

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

winhttp

WinHttpOpen
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpSendRequest
WinHttpSetOption
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle

shlwapi

PathIsDirectoryW
PathFileExistsW
PathAddBackslashW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

netapi32

Netbios

Sections

.text
Size: 799KB - Virtual size: 799KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QMGuid
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 319KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a973f9e26b7f434fe8671aa4d4af78e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

dbghelp

kernel32

user32

gdi32

advapi32

shell32

ole32

comctl32

gdiplus

imm32

winhttp

shlwapi

version

netapi32

Sections

.text Size: 799KB - Virtual size: 799KB

.rdata Size: 197KB - Virtual size: 197KB

.data Size: 19KB - Virtual size: 25KB

.gfids Size: 3KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

.QMGuid Size: 512B - Virtual size: 20B

.rsrc Size: 319KB - Virtual size: 318KB

.reloc Size: 49KB - Virtual size: 48KB

.text
Size: 799KB - Virtual size: 799KB

.rdata
Size: 197KB - Virtual size: 197KB

.data
Size: 19KB - Virtual size: 25KB

.gfids
Size: 3KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

.QMGuid
Size: 512B - Virtual size: 20B

.rsrc
Size: 319KB - Virtual size: 318KB

.reloc
Size: 49KB - Virtual size: 48KB