6fa8701f0ae09710f323217bb0d95762_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6fa8701f0ae09710f323217bb0d95762_JaffaCakes118
Size

1.3MB
MD5

6fa8701f0ae09710f323217bb0d95762
SHA1

d679a0f596c2c67550ebdc701409dfc8d4411e6d
SHA256

585d96e48bde555239d12217b1e3bb444602e43fce4886f16df1aba98e3fb8bc
SHA512

42394a67aa7be7dbe1834d52eb47bdbbbf6f591a63befb1bc304dbb3c09ce63fa335242f2bc72787662fa8cf5f35457c2a097eb9010649b7d68f09e62de0e84e
SSDEEP

24576:imkKHE53Gzh/XaHdY4tgE8myNRwzDIlw5dDRZeIFgsXC2p/EO8IjISRtz:AKE5giHdY4tgLmyNRwz+Ed9FgU/T8Ika

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fa8701f0ae09710f323217bb0d95762_JaffaCakes118

Files

6fa8701f0ae09710f323217bb0d95762_JaffaCakes118
.exe windows:5 windows x86 arch:x86

79be5385fb6435bb912885876d0d3994

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Work\Shareware\Build\rw_5.0.1\Release\RegWorkshop.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

urlmon

URLDownloadToCacheFileW

kernel32

HeapSize
GetCurrentThread
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapDestroy
HeapCreate
HeapReAlloc
FatalAppExitA
GetStartupInfoW
GetSystemTimeAsFileTime
IsDebuggerPresent
LCMapStringW
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
LCMapStringA
VirtualQuery
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
InitializeCriticalSectionAndSpinCount
LoadLibraryA
ExpandEnvironmentStringsA
FormatMessageW
GetFileSize
WideCharToMultiByte
GetSystemInfo
GetComputerNameW
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
GetTempPathW
GetLocaleInfoW
GetSystemDefaultLangID
GetModuleFileNameW
LoadLibraryExW
InterlockedExchange
LocalAlloc
LocalFree
GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
lstrcpynA
WritePrivateProfileSectionW
WinExec
GetProcessHeap
HeapAlloc
HeapFree
VerLanguageNameW
lstrcmpW
SetFilePointer
ReadFile
GetCurrentProcessId
OpenProcess
LoadLibraryW
FreeLibrary
GetSystemDirectoryW
GetWindowsDirectoryW
OpenEventW
WaitForSingleObject
GetTempFileNameW
FindResourceW
SizeofResource
LoadResource
LockResource
GetModuleHandleA
GetProcAddress
CreateEventW
CreateThread
FindFirstChangeNotificationW
WaitForMultipleObjects
ResetEvent
FindNextChangeNotification
GlobalSize
SetEvent
FindCloseChangeNotification
GetFileAttributesExW
MoveFileW
GetPrivateProfileStringW
ExpandEnvironmentStringsW
GlobalAlloc
GlobalLock
GlobalUnlock
MultiByteToWideChar
MulDiv
lstrcatW
lstrcpynW
GetVersionExW
Sleep
SetConsoleCtrlHandler
DeleteCriticalSection
InitializeCriticalSection
WritePrivateProfileStringW
CreateFileW
WriteFile
CloseHandle
FindFirstFileW
GetDateFormatW
FindNextFileW
FindClose
GetPrivateProfileIntW
RemoveDirectoryW
CreateDirectoryW
DeleteFileW
GetFileAttributesW
CopyFileW
GetLastError
SetLastError
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
RaiseException
InterlockedIncrement
OutputDebugStringW
DebugBreak
lstrlenA
lstrcmpiW
CompareStringW
InterlockedDecrement
GetCurrentProcess
FlushInstructionCache
lstrlenW
lstrcpyW
WriteConsoleW
CreateFileA
FlushFileBuffers
CompareStringA
SetEnvironmentVariableA
SetUnhandledExceptionFilter
GetStringTypeA

user32

IsMenu
TranslateMDISysAccel
GetMenuItemID
ModifyMenuW
SetMenuItemInfoW
GetMenuItemInfoW
LoadBitmapW
EqualRect
InsertMenuW
SetParent
LockWindowUpdate
SetWindowPlacement
GetWindowPlacement
SetMenu
GetMenu
SetRectEmpty
GetDlgItemTextW
SetDlgItemInt
GetDlgItemInt
LoadImageW
MessageBeep
DrawIconEx
IsWindowEnabled
MonitorFromPoint
GetMessageW
PostQuitMessage
UnregisterClassW
RegisterWindowMessageW
DrawFrameControl
InflateRect
CopyRect
GetDlgCtrlID
DrawEdge
DrawFocusRect
FrameRect
GetClipboardData
GetSysColor
IntersectRect
DispatchMessageW
PeekMessageW
CharLowerW
GetSystemMetrics
GetCursorPos
PtInRect
GetSubMenu
SetCaretPos
EndPaint
BeginPaint
GetCapture
EnableMenuItem
FillRect
TrackPopupMenu
CallWindowProcW
DestroyMenu
LoadMenuW
SystemParametersInfoW
DestroyCaret
ReleaseCapture
SetScrollInfo
GetScrollInfo
ShowCaret
CreateCaret
ShowScrollBar
GetDoubleClickTime
CallNextHookEx
EndDeferWindowPos
UnregisterClassA
BeginDeferWindowPos
GetMessagePos
DefMDIChildProcW
UnhookWindowsHookEx
SetWindowsHookExW
LoadAcceleratorsW
SetScrollPos
ScrollWindowEx
SetCapture
KillTimer
SetTimer
UpdateWindow
RedrawWindow
EmptyClipboard
CloseClipboard
SetClipboardData
RegisterClassExW
GetWindowDC
DragDetect
GetSystemMenu
LoadStringA
AdjustWindowRectEx
GetMenuStringW
DrawMenuBar
BringWindowToTop
TranslateMessage
GetSysColorBrush
GetDesktopWindow
GetWindowThreadProcessId
GetMenuDefaultItem
GetClassLongW
WindowFromPoint
SetMenuDefaultItem
DefFrameProcW
SetForegroundWindow
FindWindowW
GetKeyState
IsWindowVisible
SetRect
RegisterClipboardFormatW
IsClipboardFormatAvailable
GetFocus
GetClassInfoW
DefWindowProcW
RegisterClassW
AppendMenuW
GetMenuItemCount
GetClassInfoExW
TranslateAcceleratorW
RemoveMenu
CreatePopupMenu
OpenClipboard
IsChild
SetFocus
InvalidateRect
ScreenToClient
ClientToScreen
PostMessageW
LoadIconW
MoveWindow
DestroyWindow
GetActiveWindow
ExitWindowsEx
DialogBoxParamW
SetCursor
MessageBoxW
EnableWindow
ShowWindow
GetClassNameW
LoadCursorW
OffsetRect
ReleaseDC
GetDC
CharNextW
DrawTextW
LoadStringW
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
SetWindowPos
IsWindow
GetDlgItem
GetParent
SetDlgItemTextW
GetClientRect
SendMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetWindowLongW
CreateWindowExW
SetWindowLongW
wvsprintfW
EndDialog
TrackPopupMenuEx
DeferWindowPos

gdi32

CreateDIBSection
SetBrushOrgEx
GetViewportOrgEx
CreateRectRgn
GetClipRgn
CreateBitmap
CreatePatternBrush
Polyline
SelectClipRgn
PatBlt
IntersectClipRect
LineTo
MoveToEx
GetTextMetricsW
GetTextExtentPointW
CreatePen
Polygon
CreatePalette
ExtTextOutW
Rectangle
SetPolyFillMode
SetBkMode
RealizePalette
SelectPalette
LPtoDP
DPtoLP
SetBkColor
CreateSolidBrush
SetTextColor
BitBlt
GetClipBox
CreateCompatibleBitmap
SetWindowOrgEx
SetViewportOrgEx
CreateCompatibleDC
TextOutW
RestoreDC
SaveDC
GetDeviceCaps
CreateFontW
GetTextExtentPoint32W
DeleteObject
GetObjectW
SelectObject
DeleteDC
GetStockObject
CreateFontIndirectW

comdlg32

ChooseFontW
ChooseColorW
GetOpenFileNameW
GetSaveFileNameW

advapi32

CopySid
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
GetLengthSid
RegEnumValueW
GetUserNameW
IsTextUnicode
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegConnectRegistryW
RegSetKeySecurity
RegGetKeySecurity
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExA
RegQueryValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
InitializeAcl
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetSecurityDescriptorDacl
BuildTrusteeWithSidW
GetEffectiveRightsFromAclW
MapGenericMask
RegEnumValueA
RegUnLoadKeyW
RegLoadKeyW
RegReplaceKeyW
RegRestoreKeyW
RegSaveKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegDeleteValueW
RegSetValueExW
GetSidIdentifierAuthority

shell32

FindExecutableW
DragQueryFileW
DragFinish
DragAcceptFiles
SHBrowseForFolderW
ShellExecuteW
SHGetDesktopFolder
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

RegisterDragDrop
RevokeDragDrop
ReleaseStgMedium
CoTaskMemRealloc
CoTaskMemFree
DoDragDrop
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
OleInitialize
OleDuplicateData

oleaut32

VarUI4FromStr
VarDecFromStr
VarDecCmp
SystemTimeToVariantTime
SysFreeString
VarI4FromStr
VarR8FromStr

shlwapi

SHSetValueW
PathFileExistsW
StrStrIW
PathAddExtensionW
PathStripPathW
PathFindExtensionW
StrCmpIW
SHDeleteKeyW
PathRemoveFileSpecW
SHGetValueW

comctl32

ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_Draw
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_Remove
ImageList_GetIcon
CreateStatusWindowW
ord8
ImageList_Destroy
DestroyPropertySheetPage
ImageList_LoadImageW
PropertySheetW
ImageList_AddMasked
InitCommonControlsEx
ImageList_DrawIndirect
CreatePropertySheetPageW
ImageList_Create

Sections

.text
Size: 812KB - Virtual size: 812KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79be5385fb6435bb912885876d0d3994

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

urlmon

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Sections

.text Size: 812KB - Virtual size: 812KB

.rdata Size: 114KB - Virtual size: 114KB

.data Size: 32KB - Virtual size: 114KB

.rsrc Size: 356KB - Virtual size: 355KB

.text
Size: 812KB - Virtual size: 812KB

.rdata
Size: 114KB - Virtual size: 114KB

.data
Size: 32KB - Virtual size: 114KB

.rsrc
Size: 356KB - Virtual size: 355KB