2a5c65f4e2a78a196cf10693d76a627f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2a5c65f4e2a78a196cf10693d76a627f_JaffaCakes118
Size

580KB
MD5

2a5c65f4e2a78a196cf10693d76a627f
SHA1

a78ff719a8212d1e97bd4df3d92fae6cd9d40a14
SHA256

818de305b366e29aea55ed79541e7d1735e600fb9e484e0076d965be6f926308
SHA512

ccc8313109fc3455ae4399d33d697a425eb82c0fdf99aba4c0623a70a2c2644a0feea673bb215f4ef3b60f92fde3dc2104c9b0768beafa49a724cd870b660d39
SSDEEP

12288:MyY9IMYL+oYYlG/re/uTW7sIv8NlLz7MxGf8Uv:MyUZdYw/OuTWIIvW7f8Uv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2a5c65f4e2a78a196cf10693d76a627f_JaffaCakes118

Files

2a5c65f4e2a78a196cf10693d76a627f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7ecf130919df64f8e5495d3ed698b2c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\bjectTr\Release\hli.pdb

Imports

kernel32

GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
HeapSize
Sleep
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
GetACP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TerminateProcess
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
ExitProcess
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
VirtualQuery
GetSystemInfo
VirtualProtect
HeapReAlloc
HeapFree
GetFileTime
GetFileAttributesA
IsDebuggerPresent
SetUnhandledExceptionFilter
GetTimeZoneInformation
UnhandledExceptionFilter
FileTimeToLocalFileTime
SetErrorMode
FileTimeToSystemTime
GetOEMCP
InterlockedExchange
GetCPInfo
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
InterlockedIncrement
WritePrivateProfileStringA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
FormatMessageA
LocalFree
InterlockedDecrement
GetModuleFileNameW
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
MulDiv
GetCurrentProcessId
SuspendThread
ResumeThread
SetThreadPriority
CloseHandle
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
lstrcmpA
FreeLibrary
GetModuleHandleA
GetProcAddress
SetLastError
FreeResource
DeleteFileA
GetTickCount
GetModuleFileNameA
CreateEventA
GlobalLock
VirtualAlloc
GetProcessWorkingSetSize
lstrcpyA
GlobalUnlock
GlobalAlloc
WaitForSingleObject
GlobalFree
GlobalAddAtomA
HeapAlloc
GetCurrentThread
lstrcatA
LocalLock
GlobalDeleteAtom
SetEvent
WaitForMultipleObjectsEx
LoadResource
ExitThread
LockResource
SizeofResource
CreateThread
FindResourceA
CompareStringA
lstrlenA
lstrlenW
GetLastError
WideCharToMultiByte
MultiByteToWideChar
RaiseException
CompareStringW
GetVersion
QueryPerformanceCounter

user32

PostThreadMessageA
UnregisterClassA
MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
GetSysColorBrush
ShowWindow
MoveWindow
IsDialogMessageA
DestroyMenu
RegisterWindowMessageA
SendDlgItemMessageA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
UpdateWindow
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
CallWindowProcA
IntersectRect
GetWindowRect
CharUpperA
EnableWindow
IsIconic
AppendMenuA
GetSysColor
GetWindowDC
ReleaseDC
GrayStringA
DrawTextExA
TabbedTextOutA
GetWindowThreadProcessId
GetLastActivePopup
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
ValidateRect
GetWindow
SetWindowContextHelpId
MapDialogRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
GetSubMenu
LoadBitmapA
SetCursor
EndPaint
SendMessageA
GetSystemMetrics
GetSystemMenu
DrawIcon
GetClientRect
LoadIconA
GetWindowTextA
HideCaret
LoadCursorA
KillTimer
SetMenuItemInfoA
GetWindowPlacement
DrawFrameControl
MessageBoxA
GetMenu
ScreenToClient
ClientToScreen
GetMenuItemID
IsWindow
SetWindowPos
SetTimer
LoadImageA
GetCursorPos
wsprintfA
SystemParametersInfoA
CheckDlgButton
GetMenuItemCount
EndDialog
SetDlgItemInt
GetMenuStringA
RegisterClipboardFormatA
InSendMessage
InsertMenuItemA
PackDDElParam
GetDC
GetMenuItemInfoA
GetKeyboardLayout
GetWindowWord
SetDlgItemTextA
OffsetRect
CheckMenuRadioItem
FreeDDElParam
SetWindowTextA
SetWindowPlacement
InvalidateRect
DefMDIChildProcA
SetWindowLongA
GetClipboardData
MsgWaitForMultipleObjectsEx
CloseClipboard
GetParent
SetFocus
PostMessageA
OpenClipboard
GetTopWindow
DefWindowProcA
BeginPaint
GetDesktopWindow
GetDlgItemTextA
DrawTextA
SetForegroundWindow
CreateWindowExA
PostQuitMessage
WinHelpA

gdi32

GetMapMode
GetRgnBox
CreateRectRgnIndirect
GetTextColor
GetDeviceCaps
GetBkColor
ExtSelectClipRgn
ScaleWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetClipBox
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
SelectObject
SetPixelFormat
SetStretchBltMode
GetObjectA
DeleteObject
GetTextExtentPointA
GetTextExtentPointW
DeleteDC
PatBlt
SetWindowExtEx
GetStockObject
CreateICA
ChoosePixelFormat
TextOutA
SetBkMode
SetMapMode
BitBlt
CreateCompatibleDC
StretchBlt
SelectPalette

comdlg32

PrintDlgExA
GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegOpenKeyExA
ImpersonateSelf
MapGenericMask
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
AccessCheck
GetFileSecurityA
RegQueryValueExA
GetAce
OpenThreadToken
RegOpenKeyA
GetAclInformation
EqualSid
RegCloseKey

shell32

ord17
SHGetFileInfoW
SHBrowseForFolderA
ShellExecuteA
ord16
SHGetPathFromIDListA

comctl32

ord17

shlwapi

ord14
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oledlg

ord8
ord3

ole32

CoTaskMemAlloc
CoGetClassObject
CLSIDFromString
CoDisconnectObject
StgCreatePropStg
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CLSIDFromProgID
ReleaseStgMedium
CoRevokeClassObject
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
OleFlushClipboard
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
OleInitialize
CoTaskMemFree
OleUninitialize
CoRegisterMessageFilter

oleaut32

VariantCopy
GetActiveObject
SysFreeString
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysStringLen
SysAllocStringByteLen
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString

urlmon

WriteHitLogging

opengl32

glShadeModel
wglCreateContext
glClearColor
glEnable
glHint
glClearDepth
glDepthFunc

netapi32

NetShareGetInfo

avifil32

AVIStreamWrite
AVIStreamStart

odbc32

ord75

winmm

SendDriverMessage

pdh

PdhCollectQueryData
PdhAddCounterW

gdiplus

GdipSaveImageToFile
GdipDisposeImage
GdipFree
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipCloneImage

imm32

ImmAssociateContext
ImmGetProperty
ImmCreateContext

setupapi

CM_Get_Device_Interface_AliasA
CM_Get_Device_Interface_ListA
CM_Get_DevNode_Registry_PropertyA
CM_Get_Device_IDW
CM_Get_Device_ID_ListW
CM_Get_Device_ID_Size

tapi32

phoneGetMessage
phoneGetRing

Sections

.text
Size: 352KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ecf130919df64f8e5495d3ed698b2c7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

opengl32

netapi32

avifil32

odbc32

winmm

pdh

gdiplus

imm32

setupapi

tapi32

Sections

.text Size: 352KB - Virtual size: 349KB

.rdata Size: 72KB - Virtual size: 68KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 140KB - Virtual size: 248KB

.text
Size: 352KB - Virtual size: 349KB

.rdata
Size: 72KB - Virtual size: 68KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 140KB - Virtual size: 248KB