2c0dbf8517aeb0a99ef388e49ea67f66_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2c0dbf8517aeb0a99ef388e49ea67f66_JaffaCakes118
Size

552KB
MD5

2c0dbf8517aeb0a99ef388e49ea67f66
SHA1

f1ac55f5abfe8fa07b331f39075ae0a5bf4d45b2
SHA256

d942798e306149a6e67c47e2e1aaa881eec13dc8a74d916320db5ca265eee037
SHA512

3f847b1f4b09d68a61d059b568ab4f537434fd6df531e0b4f205e58a9be8dfbc511640b45485434001822a9fe44e568e784db778ff340fff44fe8ac21b730b4e
SSDEEP

6144:iXCbvVLWtvKgFjDmbxYQ2moTHCQUskH8bpulmFNplwIAv/2GnwSIxTQnlm7699il:IRQbixuTJcpYmFnl42T2ls699i8Oo6aS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2c0dbf8517aeb0a99ef388e49ea67f66_JaffaCakes118

Files

2c0dbf8517aeb0a99ef388e49ea67f66_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b99e5e83f8a6e313a6477d085060fc2e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\\Release\fllManaged.pdb

Imports

kernel32

RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetProcessHeap
GetStartupInfoA
ExitProcess
CreateThread
HeapSize
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
Sleep
GetACP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetVersion
InterlockedExchange
HeapReAlloc
HeapFree
HeapAlloc
SetErrorMode
SystemTimeToFileTime
MultiByteToWideChar
CompareStringW
LocalFileTimeToFileTime
FileTimeToLocalFileTime
CompareStringA
WideCharToMultiByte
RaiseException
GetStringTypeExA
lstrcmpiA
lstrlenA
GetLastError
FindResourceA
SizeofResource
LockResource
LoadResource
ExitThread
CopyFileW
FindFirstFileA
CreateFileA
SystemTimeToTzSpecificLocalTime
GetFileAttributesExA
FileTimeToSystemTime
GetFileTime
EnumDateFormatsA
VirtualAlloc
WaitForSingleObject
GetConsoleWindow
CreateEventA
FreeResource
GlobalFree
GlobalUnlock
GlobalLock
GetProcAddress
GetModuleHandleA
FreeLibrary
GlobalAlloc
lstrcmpA
LoadLibraryA
GetLocaleInfoA
EnumResourceLanguagesA
GetModuleFileNameA
ConvertDefaultLocale
GetCurrentThreadId
GetCurrentThread
GlobalDeleteAtom
SetLastError
CloseHandle
SetThreadPriority
GetOEMCP
GetCPInfo
GetShortPathNameA
GetVolumeInformationA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
DeleteFileA
MoveFileA
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentDirectoryA
GlobalFlags
LocalFree
InterlockedDecrement
GetModuleFileNameW
MulDiv
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
SetFileTime
GetFileAttributesA
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetCurrentProcessId
GlobalAddAtomA
SuspendThread
ResumeThread
SetEvent

user32

FindWindowA
GetMenuItemInfoA
DestroyIcon
GetSysColorBrush
GetMenuStringA
SetParent
GetSystemMenu
AppendMenuA
DeleteMenu
IsRectEmpty
IsZoomed
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
InsertMenuItemA
SetRectEmpty
BringWindowToTop
TranslateAcceleratorA
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
DestroyCursor
SetCursorPos
ReleaseCapture
RedrawWindow
ClientToScreen
RegisterWindowMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetScrollPos
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetClassInfoExA
ScreenToClient
DeferWindowPos
CopyRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetWindow
GetWindowThreadProcessId
GetLastActivePopup
ShowOwnedPopups
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
PeekMessageA
ValidateRect
SetMenuItemBitmaps
LoadBitmapA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
PostMessageA
GetDesktopWindow
CharUpperA
UpdateWindow
EnableWindow
GetSysColor
InflateRect
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
PtInRect
SetForegroundWindow
InsertMenuA
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
EndDialog
UnregisterClassA
LockWindowUpdate
GetDCEx
WindowFromPoint
SetRect
SetClipboardData
SetWindowPos
KillTimer
IntersectRect
EqualRect
GetWindowRect
GetParent
EndDeferWindowPos
BeginDeferWindowPos
GetClientRect
InvalidateRect
OffsetRect
CreateCaret
SendMessageA
ChangeDisplaySettingsA
ReleaseDC
wsprintfA
GetDC
LoadCursorA
LoadIconA
ShowWindow
RegisterClassA
CreateWindowExA
AdjustWindowRectEx
ShowCursor
GetCursorPos
GetWindowTextLengthA
SetScrollPos
GetKeyboardState
SetKeyboardState
GetSystemMetrics
DrawFrameControl
GetDialogBaseUnits
SetScrollInfo
GetScrollInfo
ScrollWindow
BeginPaint
EndPaint
IsDlgButtonChecked
GetMenuCheckMarkDimensions
CreateMenu
CreatePopupMenu
SetCapture
SetMenu
TrackPopupMenu
DestroyMenu
GetForegroundWindow
GetFocus
GetKeyState
GetClassNameA
SetTimer
SetWindowLongA
SetFocus
MoveWindow
PostQuitMessage
DefWindowProcA
GetWindowTextA
CallWindowProcA
GetClassInfoA

gdi32

CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetDeviceCaps
DeleteObject
CreatePatternBrush
SaveDC
RestoreDC
SetBkMode
SetMapMode
IntersectClipRect
SelectClipRgn
BitBlt
GetPixel
PtVisible
CreateRectRgn
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
CreateCompatibleDC
CreateSolidBrush
CreateCompatibleBitmap
GetCharWidthA
CreateFontA
StretchDIBits
GetTextExtentPoint32A
GetBkColor
CreateFontIndirectA
ExtTextOutA
PatBlt
GetObjectA
SetBkColor
GetClipBox
CreateBitmap
SetWindowOrgEx
CreatePen
GetTextMetricsA
TextOutA
ExcludeClipRect
EnumEnhMetaFile
SetTextColor
SelectObject
RectVisible
GetStockObject

comdlg32

ChooseColorA
GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA
ord201

advapi32

RegCreateKeyExA
RegCreateKeyA
RegSetValueA
GetFileSecurityA
SetFileSecurityA
RegDeleteValueA
RegSetValueExA
RegConnectRegistryA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

DragQueryFileA
ExtractIconA
SHGetFileInfoA
DragFinish

comctl32

ImageList_GetIconSize

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

ole32

GetHGlobalFromStream
StgOpenStorage
CoInitialize

oleaut32

VariantChangeType
VariantInit
SysAllocStringLen
VariantClear
UnRegisterTypeLi
OleLoadPicturePath

opengl32

glLoadIdentity
glMatrixMode
glViewport
glClear
glBegin
glEnd

glu32

gluPerspective

ws2_32

socket
inet_addr
htons
bind
listen

netapi32

NetWkstaUserGetInfo
NetShareGetInfo

imm32

ImmSetOpenStatus
ImmReleaseContext
ImmGetOpenStatus
ImmGetConversionStatus
ImmGetContext
ImmGetCompositionWindow
ImmGetCompositionStringA
ImmGetCompositionFontA

uxtheme

OpenThemeData

powrprof

DeletePwrScheme
ReadProcessorPwrScheme

Sections

.text
Size: 312KB - Virtual size: 310KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b99e5e83f8a6e313a6477d085060fc2e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

opengl32

glu32

ws2_32

netapi32

imm32

uxtheme

powrprof

Sections

.text Size: 312KB - Virtual size: 310KB

.rdata Size: 68KB - Virtual size: 66KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 156KB - Virtual size: 239KB

.text
Size: 312KB - Virtual size: 310KB

.rdata
Size: 68KB - Virtual size: 66KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 156KB - Virtual size: 239KB