6fca964b54af287dc1e3d4dc46ed7a41_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6fca964b54af287dc1e3d4dc46ed7a41_JaffaCakes118
Size

14.7MB
MD5

6fca964b54af287dc1e3d4dc46ed7a41
SHA1

fe1cb2a9e8d2299a522e590ac823fc746c5bb3ad
SHA256

5b345628a38f3a4f0b673ec3eebe9e6ee85f881c9a33d67dde971afaa83a5221
SHA512

659edff66ed094fb739e7e1d46b6ae41f9ac5ee6b4161540278894b412f37f9512b1c23f7bf33535ebb29d95166e4b0d50cf0370cd43e14cb8c9318227e63a4f
SSDEEP

393216:ChoKnk/2QrKNEwNEPtnyhoKnk/2QrKNEwNEPtxhajvidQ9TPx6V3nmX/mx9sTtSB:jFhWidQvy3o/8sTtfz2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
6fca964b54af287dc1e3d4dc46ed7a41_JaffaCakes118

Files

6fca964b54af287dc1e3d4dc46ed7a41_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d5cef5f0cf5abce95d350e5d17f0218e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\svn\APPS\GMGameStart\bin\release_static\GMUnPacker.pdb

Imports

wininet

InternetOpenW
InternetCloseHandle
InternetSetOptionA
InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetOpenUrlW
HttpQueryInfoW
InternetSetOptionW

msimg32

AlphaBlend

comctl32

_TrackMouseEvent

riched20

ord4

kernel32

LoadResource
HeapAlloc
LoadLibraryExW
GetCurrentProcess
HeapFree
SizeofResource
LockResource
GetLastError
GetProcAddress
FreeResource
GetProcessHeap
GetCurrentThreadId
ResumeThread
CreateEventW
SetFileTime
FindClose
GetLogicalDriveStringsW
GetVolumeInformationW
GetDriveTypeW
GetDiskFreeSpaceW
GetExitCodeProcess
SuspendThread
RemoveDirectoryW
CreateDirectoryW
InterlockedDecrement
GetVersionExW
MultiByteToWideChar
SetPriorityClass
QueryPerformanceCounter
LoadLibraryW
GetSystemInfo
lstrcpyW
LocalFree
GetTickCount
WideCharToMultiByte
GetFullPathNameW
GetTempFileNameW
SetCurrentDirectoryW
GetTempPathW
GetSystemDirectoryW
FreeLibrary
GetCurrentDirectoryW
GetLongPathNameW
lstrcmpiW
ReleaseSemaphore
CreateSemaphoreW
MulDiv
InterlockedIncrement
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalLock
GetSystemTimeAsFileTime
GetModuleHandleA
SetLastError
LocalAlloc
CreateProcessA
lstrcmpW
VerifyVersionInfoW
VerSetConditionMask
lstrcmpA
GetOEMCP
GetACP
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetStringTypeA
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
RaiseException
HeapReAlloc
RtlUnwind
CreateThread
ExitThread
GetStartupInfoW
GetVersionExA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedExchange
ExpandEnvironmentStringsW
TerminateProcess
FindResourceW
GetFileAttributesW
SetFileAttributesW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateProcessW
ReadFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCurrentProcessId
GetUserDefaultLCID
lstrlenW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetFilePointer
GetFileSize
SetEndOfFile
CreateFileW
MoveFileW
FindNextFileW
DeleteFileW
OutputDebugStringW
FindFirstFileW
SetEvent
ResetEvent
WritePrivateProfileStringW
GetModuleFileNameA
CreateFileA
CloseHandle
lstrlenA
WriteFile
lstrcpyA
Sleep
lstrcatA
GetPrivateProfileStringW
GetCommandLineW
FormatMessageW
WaitForSingleObject
GetModuleFileNameW
GetPrivateProfileIntW
GetModuleHandleW
GetTempPathA
IsValidCodePage
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetStdHandle
GetFileType
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetThreadLocale
DeviceIoControl
GetStartupInfoA

user32

DrawFocusRect
CharNextW
ClientToScreen
GetSysColor
SetCursor
IntersectRect
LoadBitmapW
LoadCursorW
EnableWindow
DestroyIcon
LoadImageW
GetClassInfoExW
GetPropW
SetPropW
CallWindowProcW
DefWindowProcW
RegisterClassW
RegisterClassExW
CharNextA
ScreenToClient
MonitorFromWindow
GetFocus
GetUpdateRect
GetDC
IsWindowEnabled
TranslateMessage
GetCursorPos
GetMessageW
EndPaint
CreateCaret
InvalidateRect
MoveWindow
IsRectEmpty
CopyImage
DrawIconEx
DrawTextW
FillRect
CharPrevW
ChildWindowFromPointEx
GetAsyncKeyState
IsWindow
DestroyWindow
SetFocus
ShowCaret
SetCapture
GetMonitorInfoW
CreateWindowExW
BeginPaint
TranslateAcceleratorW
ReleaseCapture
PtInRect
UpdateLayeredWindow
SetWindowRgn
SetCaretPos
DispatchMessageW
GetKeyState
ReleaseDC
SendMessageW
HideCaret
GetActiveWindow
LoadStringW
GetWindowRect
GetParent
OffsetRect
RedrawWindow
IsIconic
IsChild
MapWindowPoints
GetClientRect
GetWindow
GetWindowTextW
IsZoomed
SystemParametersInfoW
GetWindowTextLengthW
SetForegroundWindow
wsprintfW
MessageBoxW
PostMessageW
SetWindowTextW
KillTimer
GetSystemMetrics
IsWindowVisible
wsprintfA
SetTimer
PostQuitMessage
ShowWindow
SetWindowLongW
GetWindowLongW
SetWindowPos
DestroyAcceleratorTable
InvalidateRgn
CreateAcceleratorTableW

gdi32

CreateRectRgnIndirect
GetTextExtentPoint32W
StretchBlt
SelectClipRgn
GetTextMetricsW
CreateEllipticRgn
GetObjectW
CreateCompatibleDC
CreateFontIndirectW
SetBkColor
CreateSolidBrush
GetClipBox
CreateCompatibleBitmap
RoundRect
ExtTextOutW
ExtSelectClipRgn
TextOutW
GetBitmapBits
SetBitmapBits
SetBkMode
CreateDIBSection
DeleteDC
GetStockObject
SetStretchBltMode
SetTextColor
GetDeviceCaps
DeleteObject
EnumFontsW
SelectObject
CreatePen
BitBlt
LineTo
Rectangle
CreateRectRgn
MoveToEx
CreateRoundRectRgn
CombineRgn
GetCharABCWidthsW

advapi32

RegEnumKeyW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegEnumValueW
FreeSid
CheckTokenMembership
RegQueryInfoKeyW
AllocateAndInitializeSid

shell32

SHGetFileInfoW
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderPathW
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteA

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CoInitializeSecurity
CLSIDFromProgID
CLSIDFromString
DoDragDrop
CreateStreamOnHGlobal
OleLockRunning
OleDuplicateData
ReleaseStgMedium
CoInitialize

oleaut32

VariantClear
OleLoadPicture
SysAllocString
SysFreeString

shlwapi

StrStrIW
PathGetArgsW
StrStrIA

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 384KB - Virtual size: 382KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5cef5f0cf5abce95d350e5d17f0218e

Headers

File Characteristics

PDB Paths

Imports

wininet

msimg32

comctl32

riched20

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 188KB - Virtual size: 187KB

.data Size: 24KB - Virtual size: 34KB

.tls Size: 4KB - Virtual size: 9B

.rsrc Size: 384KB - Virtual size: 382KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 188KB - Virtual size: 187KB

.data
Size: 24KB - Virtual size: 34KB

.tls
Size: 4KB - Virtual size: 9B

.rsrc
Size: 384KB - Virtual size: 382KB