4c0259ba42b957fa115277e6490336f9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4c0259ba42b957fa115277e6490336f9_JaffaCakes118
Size

1.4MB
MD5

4c0259ba42b957fa115277e6490336f9
SHA1

0ebc31e4d6b138c55fa20497f43dd0f247a71b24
SHA256

8e3c82100cd57481951c5e869f56fdd5f3a62b3fb50542b45769116fb0d63424
SHA512

fb38aa31ebb1e4075a974d1fd8875a8249f8d3b56d3d89437d889cddbb954a9f2e4624e1171e98d1dfae0a49d67fb4d4bc7d1fb59254d264309d4ee3e3d5a708
SSDEEP

24576:/8DSF8DFQ5vaVJRqncYOCLP/ExxXCtUqX51NZuiCAZtdC3KM11QmC:r8Du6JonrF/+OjXb68C31/QmC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c0259ba42b957fa115277e6490336f9_JaffaCakes118

Files

4c0259ba42b957fa115277e6490336f9_JaffaCakes118
.exe windows:6 windows x86 arch:x86

cd6c6f173959900587f95fe63c7a07d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\projects\kanan-new\Release\Launcher.pdb

Imports

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW

bcrypt

BCryptDestroyKey
BCryptCreateHash
BCryptGetProperty
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptDecrypt
BCryptSetProperty
BCryptHashData
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptGenRandom
BCryptOpenAlgorithmProvider

crypt32

CryptBinaryToStringW

winhttp

WinHttpReadData
WinHttpCrackUrl
WinHttpConnect
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpCloseHandle

d3d9

Direct3DCreate9

kernel32

GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetCommandLineW
GetEnvironmentStringsW
GetUserDefaultLCID
IsValidLocale
GetConsoleOutputCP
FlushFileBuffers
GetFileSizeEx
HeapAlloc
HeapReAlloc
HeapFree
ReadConsoleW
GetModuleHandleW
CloseHandle
CreateProcessW
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceFrequency
QueryPerformanceCounter
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GetThreadPriority
GetConsoleMode
WriteFile
FreeEnvironmentStringsW
WriteConsoleW
GetFileType
GetStdHandle
ReadFile
RtlUnwind
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
LoadLibraryExW
GetModuleHandleA
GetModuleFileNameW
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
HeapSize
GetLogicalProcessorInformation
CreateTimerQueueTimer
GetCurrentThread
OutputDebugStringW
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
SetThreadPriority
CreateThread
GetNumaHighestNodeNumber
GetProcessAffinityMask
ChangeTimerQueueTimer
DeleteTimerQueueTimer
ExitProcess
RaiseException
GetCurrentDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
GetLastError
SetLastError
GetProcAddress
SignalObjectAndWait
GetCurrentThreadId
IsProcessorFeaturePresent
QueueUserWorkItem
GetModuleHandleExW
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
LocalFree
FormatMessageA
InitOnceComplete
InitOnceBeginInitialize
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
WaitForSingleObjectEx
Sleep
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
CreateTimerQueue

user32

TranslateMessage
UpdateWindow
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetKeyState
ScreenToClient
GetActiveWindow
GetCapture
ClientToScreen
LoadCursorW
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos
GetDesktopWindow
MessageBoxW
PostQuitMessage
DefWindowProcW
DestroyWindow
CreateWindowExW
UnregisterClassW
RegisterClassExW
ShowWindow
DispatchMessageW
PeekMessageW

comdlg32

GetOpenFileNameW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

ole32

CoSetProxyBlanket
CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

VariantClear
SysAllocString
SysFreeString

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

Sections

.text
Size: 1018KB - Virtual size: 1017KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 373KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd6c6f173959900587f95fe63c7a07d8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

bcrypt

crypt32

winhttp

d3d9

kernel32

user32

comdlg32

advapi32

ole32

oleaut32

imm32

Sections

.text Size: 1018KB - Virtual size: 1017KB

.rdata Size: 373KB - Virtual size: 372KB

.data Size: 26KB - Virtual size: 32KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 1018KB - Virtual size: 1017KB

.rdata
Size: 373KB - Virtual size: 372KB

.data
Size: 26KB - Virtual size: 32KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 36KB - Virtual size: 35KB