11fc3f9c5150dd1098f16fe3805cd98e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

11fc3f9c5150dd1098f16fe3805cd98e_JaffaCakes118
Size

4.0MB
MD5

11fc3f9c5150dd1098f16fe3805cd98e
SHA1

698cc25cfd454573726fbd01de74ebebc9c417a4
SHA256

67edebe53678e358856a376f590c07c4e04817605778b4665180548d9978e539
SHA512

46356203fc4fe8bacc81f081ffee9e1e5eff16f864dbc10953f29c4578e29692cf5ecfa3697e7c43a0dbb1e04d688c38d24ae9587efb9b0ca250eaeca946125e
SSDEEP

98304:4Gz5c8Uuj+fhIw/6A5yh5ZwgsTrlsDOqOPBb/y:Q8UuiKw/YhEgsTrlsDOz/y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11fc3f9c5150dd1098f16fe3805cd98e_JaffaCakes118

Files

11fc3f9c5150dd1098f16fe3805cd98e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c33a0bdbd918591184938fd166ce6a30

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\版本发布\ShuameBuilder\Debug\Installer\Setup\Basic\Bin\ShuamePacket.pdb

Imports

kernel32

FlushInstructionCache
DeleteCriticalSection
MapViewOfFileEx
CreateFileMappingW
UnmapViewOfFile
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcpynW
CopyFileW
GetTempPathW
GetLocalTime
GetDiskFreeSpaceExW
TerminateThread
FreeLibrary
lstrcmpiW
LoadLibraryExW
InterlockedDecrement
InterlockedIncrement
MapViewOfFile
WaitForMultipleObjects
GetExitCodeThread
GetSystemInfo
GetSystemTimes
GetSystemTimeAsFileTime
SetFilePointer
VirtualFree
VirtualAlloc
ReleaseSemaphore
ResetEvent
CreateSemaphoreW
GetStdHandle
WriteFile
MoveFileW
GetFullPathNameW
SetEndOfFile
GetCPInfo
LocalAlloc
Process32FirstW
CreateToolhelp32Snapshot
QueryDosDeviceW
GetModuleHandleW
GetCurrentProcess
LoadLibraryW
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
OutputDebugStringW
CreateDirectoryW
GetFileAttributesW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetDriveTypeA
SetLastError
GetModuleHandleA
CreateFileA
FlushFileBuffers
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
GetACP
QueryPerformanceCounter
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
LCMapStringW
LCMapStringA
RtlUnwind
ExitThread
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedExchange
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
SetWaitableTimer
RaiseException
SizeofResource
FreeResource
GetCurrentThreadId
Sleep
CreateThread
SetEvent
CreateEventW
lstrlenW
ReadFile
GetFileSize
CreateFileW
GetSystemDirectoryW
RemoveDirectoryW
FindClose
FindNextFileW
GetTempFileNameW
MoveFileExW
DeleteFileW
SetFileAttributesW
GetModuleFileNameW
GetProcAddress
GetDriveTypeW
GetLogicalDriveStringsW
GetVersion
lstrlenA
MultiByteToWideChar
GetLastError
GetTickCount
WideCharToMultiByte
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
FindResourceExW
FindResourceW
CreateWaitableTimerW
HeapFree
GetProcessHeap
HeapAlloc
ReleaseMutex
CreateMutexW
lstrcmpW
FindFirstFileW
Process32NextW
TerminateProcess
OpenProcess
GetCurrentDirectoryA
LoadResource
LockResource
GetCurrentProcessId

user32

SendMessageW
ShowWindow
GetDesktopWindow
InvalidateRect
IsWindow
ReleaseDC
DestroyWindow
UnregisterClassA
LoadCursorW
GetKeyState
IsWindowEnabled
MoveWindow
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindowRect
SetCursor
PtInRect
SetRect
GetDC
InflateRect
CopyRect
CharLowerW
CharUpperW
DestroyIcon
CharNextW
SetActiveWindow
GetActiveWindow
GetWindow
MapWindowPoints
EnableWindow
LoadImageW
LoadBitmapW
SetFocus
SetForegroundWindow
IsIconic
EqualRect
GetCursorPos
UpdateLayeredWindow
GetClassInfoExW
RegisterClassExW
CreateWindowExW
SetRectEmpty
PostThreadMessageW
UpdateWindow
IsWindowVisible
IsDialogMessageW
MessageBoxW
KillTimer
SetTimer
LoadIconW
SetWindowPos
PostMessageW
UnionRect
OffsetRect
BeginPaint
EndPaint
SetCapture
ScreenToClient
ReleaseCapture
IntersectRect
IsRectEmpty
GetDlgCtrlID
InvalidateRgn
GetParent
GetDlgItem
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW

gdi32

CombineRgn
CreateRectRgnIndirect
CreateFontIndirectW
GetStockObject
GetObjectW
DeleteDC
GetRgnBox
CreateDIBSection
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
SelectObject
RectInRegion
DeleteObject

advapi32

InitializeSecurityDescriptor
RegDeleteValueW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetSecurityDescriptorDacl

shell32

ord680
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHFileOperationW
SHGetPathFromIDListW
SHChangeNotify
SHBrowseForFolderW
ShellExecuteW

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoInitializeEx
CoUninitialize

oleaut32

VariantCopy
VariantClear
SysAllocString
SysFreeString
VarUI4FromStr

shlwapi

StrToIntA
PathAddBackslashW
SHDeleteKeyW
PathRemoveBackslashW
PathFileExistsW

comctl32

InitCommonControlsEx
_TrackMouseEvent

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

dbghelp

MakeSureDirectoryPathExists

iphlpapi

GetPerAdapterInfo
GetAdaptersInfo

netapi32

Netbios

wininet

InternetReadFileExA
HttpQueryInfoW
HttpEndRequestW
InternetWriteFile
InternetOpenW
InternetSetOptionW
HttpOpenRequestW
InternetCloseHandle
InternetSetStatusCallbackW
InternetConnectW
InternetCrackUrlW
HttpSendRequestExW

Sections

.text
Size: 640KB - Virtual size: 639KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c33a0bdbd918591184938fd166ce6a30

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

dbghelp

iphlpapi

netapi32

wininet

Sections

.text Size: 640KB - Virtual size: 639KB

.rdata Size: 120KB - Virtual size: 119KB

.data Size: 17KB - Virtual size: 35KB

.rsrc Size: 325KB - Virtual size: 324KB

.text
Size: 640KB - Virtual size: 639KB

.rdata
Size: 120KB - Virtual size: 119KB

.data
Size: 17KB - Virtual size: 35KB

.rsrc
Size: 325KB - Virtual size: 324KB