17b5be2945063ac077fd64b7aa37a173_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

17b5be2945063ac077fd64b7aa37a173_JaffaCakes118
Size

2.2MB
MD5

17b5be2945063ac077fd64b7aa37a173
SHA1

f38de93f421d1777e700011c4dec607543efb72b
SHA256

d08ba36317145e32cec8003cf93b4c7a3d7aef39570fc08a3fe8f82ba6852660
SHA512

a8bcc2851b7324a3bc8adea3d5ae56f0b9af294d940cda170ceca593fb38c292cd3c26b26da8a2d52f7ef496048af5296446d2aff058c8242e72ea6502fbd9b1
SSDEEP

49152:DBKtSvkvdrHzI4sZ8aoFtCZaV+Mhk2fP/J/VuHWJ8e8fgN38Ujw1M:NKtSMvdrH7i8a6tCZI7P/BViWG1K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17b5be2945063ac077fd64b7aa37a173_JaffaCakes118

Files

17b5be2945063ac077fd64b7aa37a173_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b17460794e81783bba17b4caaf306592

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Workspace\2345\collection\2345pack.package.custom\bin\Win32\Build\p5_kUID.pdb

Imports

kernel32

OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
LoadLibraryW
GetModuleHandleW
CreateThread
GetCurrentThreadId
TerminateThread
GetExitCodeThread
WaitForSingleObject
Sleep
CloseHandle
LockResource
LoadResource
SizeofResource
GetFileSize
ReadFile
GetModuleFileNameW
FindResourceW
FindResourceExW
CreateDirectoryW
CreateFileW
DeleteFileW
WaitForMultipleObjects
GetLocalTime
GetTickCount
GetLogicalDrives
GetDriveTypeW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
CopyFileW
TryEnterCriticalSection
InitializeCriticalSection
lstrlenW
SetEvent
ResetEvent
CreateEventW
GetFileAttributesW
GetLongPathNameW
InterlockedExchangeAdd
RemoveDirectoryW
SystemTimeToFileTime
SetFilePointer
SetEndOfFile
SetFileTime
WriteFile
GetFileTime
FormatMessageW
LocalFree
GetFullPathNameW
GetTempFileNameW
SearchPathW
MoveFileExW
GetSystemDirectoryW
GetTempPathW
GetCurrentDirectoryW
MoveFileW
SetCurrentDirectoryW
GetWindowsDirectoryW
SetFileAttributesW
FindFirstFileW
FindClose
FindNextFileW
FreeLibrary
GetCurrentProcessId
SwitchToThread
GetACP
CreateMutexW
ReleaseMutex
ResumeThread
QueryPerformanceCounter
QueryPerformanceFrequency
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
IsDebuggerPresent
RtlUnwind
IsProcessorFeaturePresent
GetCPInfo
GetSystemTimeAsFileTime
ExitThread
LoadLibraryExW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetCurrentThread
GetStdHandle
GetFileType
GetStartupInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateSemaphoreW
IsValidCodePage
GetOEMCP
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
FatalAppExitA
SetFilePointerEx
SetConsoleCtrlHandler
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
WriteConsoleW
ReadConsoleW
GetVersionExW
lstrcatW
lstrcpyW
lstrcmpiW
ExpandEnvironmentStringsW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
Process32NextW
LocalAlloc
DeleteFileA
GetSystemTime
GetTempPathA
GetVersionExA
OutputDebugStringA
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingA
LoadLibraryA
GetDiskFreeSpaceW
LockFileEx
HeapValidate
HeapCreate
GetFileAttributesA
FormatMessageA
UnlockFileEx
LockFile
UnlockFile
CreateFileA
GetFullPathNameA
InterlockedCompareExchange
GetTimeZoneInformation
SetEnvironmentVariableA
OpenProcess
CreateToolhelp32Snapshot
DeleteCriticalSection
DecodePointer
HeapSize
SetLastError
GetLastError
RaiseException
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
SetErrorMode
HeapReAlloc
EncodePointer
GetCommandLineW
Process32FirstW

user32

ReleaseDC
GetDC
IsWindowEnabled
IsWindowVisible
SetWindowPos
CallWindowProcW
SetWindowLongW
GetClassLongW
LoadIconW
GetWindowLongW
GetDesktopWindow
SetCursor
ReleaseCapture
SetCapture
GetCapture
MessageBoxW
SetForegroundWindow
EnableWindow
LoadCursorW
ScreenToClient
GetCursorPos
GetWindowRect
GetKeyState
ShowWindow
SystemParametersInfoW
IsWindow
RegisterDeviceNotificationW
PostMessageW
wsprintfW
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
FindWindowW
GetPropW
SetPropW
SetTimer
DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
SendMessageW
UnregisterClassW
BringWindowToTop

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW

ole32

CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemFree

gdiplus

GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipFillRectangleI
GdipResetClip
GdipSetClipPath
GdipAddPathRectangleI
GdipFillPath
GdipDrawPath
GdipAddPathArcI
GdipAddPathLineI
GdipDeletePath
GdipCreatePath
GdipFillRectangle
GdipSetLinePresetBlend
GdipCreateLineBrushFromRect
GdipDrawLineI
GdipDeletePen
GdipCreatePen1
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawImageRectRect
GdipGetTextRenderingHint
GdipGetSmoothingMode
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipDrawImageRectRectI
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectI
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup

gdi32

GetDeviceCaps
EnumFontsW
CreateDIBSection
DeleteObject
DeleteDC
CreateCompatibleDC
SelectObject

advapi32

LookupPrivilegeValueW
GetTokenInformation
SetEntriesInAclW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenProcessToken
AdjustTokenPrivileges
AllocateAndInitializeSid
FreeSid

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b17460794e81783bba17b4caaf306592

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ole32

gdiplus

gdi32

advapi32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 257KB - Virtual size: 256KB

.data Size: 40KB - Virtual size: 53KB

.rsrc Size: 184KB - Virtual size: 183KB

.reloc Size: 65KB - Virtual size: 64KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 257KB - Virtual size: 256KB

.data
Size: 40KB - Virtual size: 53KB

.rsrc
Size: 184KB - Virtual size: 183KB

.reloc
Size: 65KB - Virtual size: 64KB