2f047e9b37c823c6393568e8e9515b20_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2f047e9b37c823c6393568e8e9515b20_JaffaCakes118
Size

892KB
MD5

2f047e9b37c823c6393568e8e9515b20
SHA1

7630b70c6968774de36997917e71cee1d2064d97
SHA256

cee1bed1f7f266bd59b1b70c43d4bf3e436bdcfcad7434fbd641ba2669fc335f
SHA512

6eb31892d8781086f8d539dbb2f83a280b7f2b2ba63cd6cd6cb4f76d4621c05ad7f14ee349ba94b03daa2f68fb45d965694226d29f7f864157e93d4cf3267757
SSDEEP

24576:v6KNTSKxkEvxVKXp5Ao2KDOEPL/EEn840o+G:yKVkkKrAo2KDOErn8jG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f047e9b37c823c6393568e8e9515b20_JaffaCakes118

Files

2f047e9b37c823c6393568e8e9515b20_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b32e42a299117d496f18df5e84e49ac6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\xl9_client\xl9_install\pdb\Product_Release\ThunderInstall.pdb

Imports

wininet

InternetOpenUrlA
InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

WSAAsyncSelect
WSAStartup
WSACleanup
gethostbyname
inet_addr
htons
socket
connect
send
WSAGetLastError
closesocket
recv

kernel32

CreateDirectoryW
GetFileAttributesW
MoveFileExW
FindFirstFileW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
SizeofResource
GetSystemDefaultLCID
WaitForMultipleObjects
TerminateThread
CreateThread
InterlockedIncrement
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetSystemDirectoryW
SetDllDirectoryW
GetVersionExW
CreateFileMappingW
FileTimeToSystemTime
SetFilePointer
WriteFile
GetFileSize
GetPrivateProfileStringA
GetPrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetLocalTime
TerminateProcess
OpenProcess
GetCurrentProcessId
ResetEvent
GetCurrentDirectoryW
SetCurrentDirectoryW
IsBadCodePtr
VirtualQuery
FindResourceExW
DuplicateHandle
ReleaseMutex
HeapAlloc
HeapFree
VirtualFree
GetProcessHeap
lstrcpynW
VirtualAlloc
GetFileInformationByHandle
GetVolumeInformationW
CreateFileA
ReadFile
CopyFileW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetLocaleInfoA
SetStdHandle
GetDateFormatA
EnumResourceNamesW
GetCurrentDirectoryA
PeekNamedPipe
GetFullPathNameW
GetTimeZoneInformation
QueryPerformanceCounter
GetStartupInfoA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
GetModuleFileNameA
GetStdHandle
GetModuleHandleA
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
GetFileType
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
ExitThread
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
MoveFileW
SetEndOfFile
FindNextFileW
FindClose
GetDriveTypeA
RemoveDirectoryW
ResumeThread
GetVersionExA
GetFileSizeEx
DeleteCriticalSection
SetPriorityClass
DeviceIoControl
lstrcpyA
GetFileAttributesA
CreateDirectoryA
lstrcatA
GetSystemDirectoryA
GetVolumeInformationA
WritePrivateProfileStringA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetCurrentProcess
GetCurrentThread
CloseHandle
CreateProcessW
LocalFree
GetStartupInfoW
GetExitCodeProcess
WaitForSingleObject
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
InitializeCriticalSection
WritePrivateProfileStringW
DeleteFileW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateEventW
OpenEventW
SetEvent
FreeLibrary
LoadLibraryW
GetModuleHandleW
ExitProcess
SetFileAttributesW
CreateFileW
GetDiskFreeSpaceExW
LoadResource
LockResource
GlobalHandle
GlobalFree
GetTempPathW
GetTickCount
GetACP
GlobalLock
GlobalUnlock
GetModuleFileNameW
MulDiv
lstrcmpW
GetLastError
OutputDebugStringW
DebugBreak
lstrlenA
Sleep
SetLastError
lstrlenW
GetCurrentThreadId
InterlockedDecrement
FindResourceW
GlobalAlloc
FlushInstructionCache
GetLogicalDriveStringsW
GetDriveTypeW
OpenMutexW
CreateMutexW
GetTimeFormatA

user32

BeginPaint
DestroyAcceleratorTable
SetFocus
GetWindow
GetFocus
RedrawWindow
MessageBoxW
GetDesktopWindow
SetWindowLongW
GetWindowLongW
PostMessageW
EndPaint
CharUpperW
PostThreadMessageW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
UpdateLayeredWindow
SetRect
EqualRect
IsRectEmpty
CallWindowProcW
DestroyWindow
FillRect
UnregisterClassA
MsgWaitForMultipleObjects
DrawFocusRect
DrawIcon
GetWindowDC
DrawTextW
GetDlgCtrlID
SetCursor
ShowCursor
SetRectEmpty
OffsetRect
UnionRect
PtInRect
GetActiveWindow
ShowWindow
IsWindowVisible
IsWindow
GetClassInfoExW
LoadCursorW
wvsprintfW
DestroyIcon
LoadImageW
CopyRect
GetTopWindow
MonitorFromWindow
GetMonitorInfoW
SendMessageW
CreateAcceleratorTableW
MapWindowPoints
SetWindowContextHelpId
MapDialogRect
GetWindowRect
GetSystemMetrics
BringWindowToTop
DefWindowProcW
RegisterClassExW
CreateWindowExW
GetSysColor
CharNextW
MoveWindow
SetWindowPos
wsprintfW
GetClientRect
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
SetCapture
IsChild
GetParent
GetDlgItem
GetClassNameW
EnableWindow
IsWindowEnabled
KillTimer
SetTimer
UpdateWindow
LoadStringW
FindWindowW
CreateDialogIndirectParamW
DialogBoxIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
ReleaseCapture

gdi32

SetDIBitsToDevice
StretchDIBits
SetWindowOrgEx
OffsetWindowOrgEx
GetWindowOrgEx
ExtSelectClipRgn
ExtTextOutW
SetBkColor
LineTo
CreatePen
MoveToEx
CreateRectRgnIndirect
SetTextColor
SetBkMode
SelectClipRgn
CreateRectRgn
GetClipBox
IntersectClipRect
CreateFontIndirectW
CombineRgn
GetTextMetricsW
SetViewportOrgEx
GetTextExtentPoint32W
GetStockObject
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
CreateDIBSection
ExcludeClipRect
GetObjectW

advapi32

RegCreateKeyExW
GetNamedSecurityInfoW
GetAclInformation
GetAce
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
EqualSid
CopySid
IsValidSid
SetNamedSecurityInfoW
InitializeAcl
AddAce
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyW
RegSetValueExW
RegCloseKey
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
CreateProcessAsUserW
OpenThreadToken
OpenProcessToken
DuplicateTokenEx

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
ord680
ShellExecuteExW
SHGetFileInfoW
ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW
Shell_NotifyIconW
SHGetSpecialFolderPathA

ole32

CoUninitialize
OleUninitialize
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
OleInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoInitialize

oleaut32

RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen

shlwapi

StrStrW
SHSetValueW
StrCmpNW
PathIsDirectoryW
SHGetValueW
PathIsRootW
StrCpyNW
PathRemoveBlanksW
StrCmpW
PathFindFileNameW
PathGetDriveNumberW
PathAppendW
PathCombineW
StrCmpIW
PathFileExistsW
PathFindExtensionW

comctl32

_TrackMouseEvent

msimg32

AlphaBlend

userenv

UnloadUserProfile

iphlpapi

GetAdaptersInfo

imm32

ImmDisableIME

gdiplus

GdipGetImageWidth
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetImageHeight
GdipLoadImageFromStream
GdiplusStartup
GdipDeleteGraphics
GdipCreateFromHDC
GdipDrawImageRectI
GdipCloneImage

Sections

.text
Size: 709KB - Virtual size: 708KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39.4MB - Virtual size: 39.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b32e42a299117d496f18df5e84e49ac6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

version

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

userenv

iphlpapi

imm32

gdiplus

Sections

.text Size: 709KB - Virtual size: 708KB

.rdata Size: 105KB - Virtual size: 105KB

.data Size: 21KB - Virtual size: 77KB

.rsrc Size: 39.4MB - Virtual size: 39.4MB

.text
Size: 709KB - Virtual size: 708KB

.rdata
Size: 105KB - Virtual size: 105KB

.data
Size: 21KB - Virtual size: 77KB

.rsrc
Size: 39.4MB - Virtual size: 39.4MB