29f51e6f305af628ad1e826943eb4ef2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

29f51e6f305af628ad1e826943eb4ef2_JaffaCakes118
Size

368KB
MD5

29f51e6f305af628ad1e826943eb4ef2
SHA1

afbd572c077bfada959d2e2fde9e33a83d0de738
SHA256

86336919e8d062c0ab6e41948b55df0257f8352e350eb271fa13cee5e445619f
SHA512

ae71e2bf4fc86e097b43e967024f585201616fb6dd85dcdd1c59edb801ec1fadcb1ac967f6c3013886794b03962367979bf82dc33342dd8990b188cccca8b0a3
SSDEEP

6144:XTIHgNBKQREDovMuxM+4voADuG4ysiv+mWyMcMlKTBJ52gQwd6EPX:XTIA/vMZ+xAiG4yfMcMlKTr5PoEPX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29f51e6f305af628ad1e826943eb4ef2_JaffaCakes118

Files

29f51e6f305af628ad1e826943eb4ef2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

294d863b715042c4413f565672013c9f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\交接工作-郑永明+++++++++++++++\E\Development\SDK22ForVS2005\Captiv8\Clients\OverFile\Release\OverFile.pdb

Imports

kernel32

UnlockFile
SetEndOfFile
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetFullPathNameA
GetCPInfo
GetOEMCP
SetErrorMode
GetTickCount
FileTimeToLocalFileTime
GetFileTime
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
ExitProcess
RaiseException
LockFile
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
GetACP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
FlushFileBuffers
InterlockedIncrement
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
FileTimeToSystemTime
GetThreadLocale
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GetCurrentProcessId
GlobalAddAtomA
FormatMessageA
LocalFree
MulDiv
FreeResource
GlobalFree
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalAlloc
GlobalDeleteAtom
InterlockedDecrement
GetModuleFileNameW
GetModuleHandleA
GetVersion
CompareStringA
InterlockedExchange
CompareStringW
CreateProcessA
MoveFileExA
WritePrivateProfileStringA
GetPrivateProfileStringA
Sleep
TerminateProcess
Process32Next
GetPriorityClass
OpenProcess
Process32First
CreateToolhelp32Snapshot
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
SetCurrentDirectoryA
GetCurrentDirectoryA
GetProcAddress
CreateDirectoryA
GetLastError
FindFirstFileA
FindClose
FreeLibrary
LoadLibraryA
MultiByteToWideChar
GetFileAttributesA
GetModuleFileNameA
SetFilePointer
GetFileSize
ReadFile
GlobalUnlock
WriteFile
GlobalLock
CloseHandle
CreateFileA
lstrlenA
HeapSize
SetLastError

user32

RegisterClipboardFormatA
PostThreadMessageA
ReleaseCapture
LoadCursorA
SetCapture
UnregisterClassA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
GetWindowPlacement
GetWindowRect
GetSysColor
SystemParametersInfoA
DestroyMenu
CopyRect
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemID
GetSysColorBrush
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
GetMenuItemCount
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
GetMessageTime
GetSubMenu
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetWindow
SetWindowContextHelpId
GetParent
MapDialogRect
SetWindowPos
PostQuitMessage
PostMessageA
UnhookWindowsHookEx
CharUpperA
EnableWindow
GetClientRect
GetSystemMetrics
IsIconic
LoadIconA
SendMessageA
IsWindow
RegisterClassA

gdi32

ExtSelectClipRgn
GetWindowExtEx
DeleteDC
GetStockObject
ScaleWindowExtEx
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
GetViewportExtEx
DeleteObject
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetBkColor
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
ExtTextOutA
GetObjectA
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegDeleteKeyA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
OleFlushClipboard
CoFreeUnusedLibraries
CLSIDFromString
CLSIDFromProgID
CoTaskMemFree
CoRegisterMessageFilter
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysAllocStringByteLen
SysFreeString
SysStringLen

Sections

.text
Size: 248KB - Virtual size: 246KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

294d863b715042c4413f565672013c9f

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 248KB - Virtual size: 246KB

.rdata Size: 64KB - Virtual size: 62KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 40KB - Virtual size: 40KB

.text
Size: 248KB - Virtual size: 246KB

.rdata
Size: 64KB - Virtual size: 62KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 40KB - Virtual size: 40KB