47ef0b1465468c04b7dbd218ada803f4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

47ef0b1465468c04b7dbd218ada803f4_JaffaCakes118
Size

1.5MB
MD5

47ef0b1465468c04b7dbd218ada803f4
SHA1

481ec06c26f0ee3fed7a595f75091c0661d4127e
SHA256

4ad5831589a63645830f076a6fc28e69894637858b08b03e8a1ed6044e825dfa
SHA512

c4b523645036849b129b225c7ee28af0b1be612a7162fbd12ff4477a2cd4a0bf17fe363d785cf668fa4419e0ac9f2fb7a856a65c4f3845ded8cadbd749821c52
SSDEEP

49152:bzeNJgtQi06z76bjvsi5dnwUgjNtOs83zKGSwOLE4s:v+DxW+bjvvgjuWnw6E4s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/w4hatloader_1_0_beta-installer.exe

Files

47ef0b1465468c04b7dbd218ada803f4_JaffaCakes118
.zip
w4hatloader_1_0_beta-installer.exe
.exe windows:4 windows x86 arch:x86

734104af4f5702e678eb34ea3646f5c5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
_strnicmp
strncmp
strncpy
_strdup
free
sprintf
_stricmp
strlen
strcmp
memmove
strcpy
strcat
memcmp
memcpy
_CIlog
floor
ceil
_CIpow
fclose
fopen
fseek
localtime
mktime
atoi
gmtime
time
srand
rand
malloc
fread
fwrite
ftell
ferror

kernel32

GetModuleHandleA
HeapCreate
CreateMutexA
GetLastError
HeapDestroy
ExitProcess
MultiByteToWideChar
WaitForSingleObject
GetStartupInfoA
CreateProcessA
GetDiskFreeSpaceExA
SetErrorMode
GetDriveTypeA
WritePrivateProfileSectionA
WritePrivateProfileStringA
GetVersionExA
GetCurrentProcess
SetFileAttributesA
RemoveDirectoryA
HeapFree
HeapAlloc
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
CreateThread
SuspendThread
ResumeThread
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameA
DuplicateHandle
CreatePipe
GetStdHandle
GetEnvironmentVariableA
SetEnvironmentVariableA
PeekNamedPipe
GetExitCodeProcess
CreateFileA
SetFilePointer
SetEndOfFile
WriteFile
GetFileSize
ReadFile
TlsAlloc
TlsSetValue
GetTickCount
TlsGetValue
Sleep
WideCharToMultiByte
GlobalAlloc
GlobalFree
SetLastError
MulDiv
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
GetFileAttributesA
CreateDirectoryA
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
DeleteFileA
FindNextFileA
CopyFileA
SetCurrentDirectoryA
GetTempPathA
GetCurrentDirectoryA
GetLocalTime
WaitForMultipleObjects
GetCurrentThread
CreateSemaphoreA
ReleaseSemaphore

comctl32

InitCommonControls
InitCommonControlsEx
ImageList_Destroy
ImageList_Remove
ImageList_AddMasked
ImageList_Create
ImageList_Add
ImageList_ReplaceIcon

user32

GetClassLongA
GetSysColor
GetWindowLongA
SetWindowLongA
SetWindowPos
GetDesktopWindow
GetWindow
GetWindowTextA
GetWindowTextLengthA
GetDC
SendMessageA
ReleaseDC
ExitWindowsEx
GetSystemMenu
EnableMenuItem
DrawMenuBar
GetDlgCtrlID
IsWindowVisible
SetForegroundWindow
ShowWindow
IsWindow
DestroyWindow
GetParent
SetPropA
MessageBoxA
GetWindowThreadProcessId
IsWindowEnabled
GetForegroundWindow
EnableWindow
EnumWindows
DestroyIcon
GetIconInfo
FillRect
CopyImage
LoadImageA
CreateIconFromResourceEx
CreateIconFromResource
GetSysColorBrush
CreateWindowExA
SetWindowTextA
GetWindowRect
ScreenToClient
RedrawWindow
InvalidateRect
UpdateWindow
ReleaseCapture
BeginPaint
DrawStateA
EndPaint
SetCapture
CallWindowProcA
GetSystemMetrics
PostMessageA
GetClientRect
DefWindowProcA
LoadCursorA
RegisterClassExA
SetClassLongA
GetPropA
MapWindowPoints
MoveWindow
SetCursor
GetCapture
ValidateRect
RemovePropA
PeekMessageA
TranslateMessage
DispatchMessageA
SetActiveWindow
UnregisterClassA
DestroyAcceleratorTable
LoadIconA
RegisterClassA
AdjustWindowRect
GetActiveWindow
CreateAcceleratorTableA
IsZoomed
IsIconic
MsgWaitForMultipleObjects
GetMessageA
TranslateAcceleratorA
EnumChildWindows
DefFrameProcA
SetCursorPos
SystemParametersInfoA
GetKeyState
GetCursorPos
SetFocus
GetFocus
IsChild
GetClassNameA
EnumDisplaySettingsA

gdi32

CreateSolidBrush
GetStockObject
SelectObject
GetTextExtentPoint32A
AddFontResourceA
GetObjectType
DeleteObject
CreateCompatibleDC
SetDIBits
DeleteDC
GetObjectA
SetStretchBltMode
SetBrushOrgEx
StretchBlt
CreateDCA
CreateCompatibleBitmap
CreateDIBSection
SetBkColor
SetTextColor
CreateRectRgnIndirect
SelectClipRgn
SetBkMode
TextOutA
CreatePen
MoveToEx
LineTo
GetDeviceCaps
CreateFontA
SetTextAlign
SetROP2

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegConnectRegistryA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegCreateKeyA
RegSetValueExA
RegEnumValueA

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
RevokeDragDrop

shell32

ShellExecuteExA
SHChangeNotify
SHGetSpecialFolderLocation
SHGetPathFromIDListA

Sections

.code
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

734104af4f5702e678eb34ea3646f5c5

Headers

File Characteristics

Imports

msvcrt

kernel32

comctl32

user32

gdi32

advapi32

ole32

shell32

Sections

.code Size: 75KB - Virtual size: 74KB

.text Size: 99KB - Virtual size: 98KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 62KB - Virtual size: 65KB

.rsrc Size: 11KB - Virtual size: 11KB

.code
Size: 75KB - Virtual size: 74KB

.text
Size: 99KB - Virtual size: 98KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 62KB - Virtual size: 65KB

.rsrc
Size: 11KB - Virtual size: 11KB