8849fa0f739aac7bf99a77d29f39708d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8849fa0f739aac7bf99a77d29f39708d_JaffaCakes118
Size

2.9MB
MD5

8849fa0f739aac7bf99a77d29f39708d
SHA1

eb48e3a9dde3f3e197eae6a7381a83af96fb266f
SHA256

6b7e00a4ba1d9747e68fc89ccd2ba3d186e24e0652f0753ae0490aa7c9940f55
SHA512

ae9d882c6a219d92b66c9a3bef9f7eba4430cd43dabfc6f6b49a7240129d25610381ed0e78e7042f8a20abebbf56a7e5364dbf38c3dec0c6fac7709a5c9ef374
SSDEEP

49152:5tE4UL1ptFDbeB59uyqUuS8f/HixpVjsMwLpv5fU/lvxTF1di5xqW:8DbeBLLqUuSAHophivilvH1Exq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8849fa0f739aac7bf99a77d29f39708d_JaffaCakes118

Files

8849fa0f739aac7bf99a77d29f39708d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4bcdc352f319a69d66c9f65cf997f57b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\HDwnlder\HDwnlder\bin\Hao123Downloader.pdb

Imports

kernel32

HeapFree
HeapSize
GetProcessHeap
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
SizeofResource
lstrlenW
FindResourceW
FindResourceExW
MultiByteToWideChar
GetLocaleInfoW
GetNumberFormatW
LeaveCriticalSection
WaitForSingleObject
CloseHandle
GetTickCount
lstrcpyW
CreateProcessW
FreeResource
GetModuleFileNameW
GetCommandLineW
Sleep
InterlockedIncrement
InterlockedDecrement
TerminateThread
GetExitCodeThread
ResumeThread
InitializeCriticalSection
EnterCriticalSection
WideCharToMultiByte
CreateSemaphoreW
CreateEventW
lstrcmpiW
HeapAlloc
ReleaseSemaphore
SetEvent
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
SetConsoleCtrlHandler
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetStdHandle
GetCurrentThread
GetOEMCP
IsValidCodePage
GetModuleHandleExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStartupInfoW
TlsGetValue
SetLastError
UnhandledExceptionFilter
GetCPInfo
FatalAppExitA
VirtualQuery
VirtualProtect
VirtualAlloc
GetCommandLineA
LoadLibraryExW
WaitForMultipleObjects
HeapReAlloc
ExitThread
IsProcessorFeaturePresent
RtlUnwind
GetStringTypeW
HeapDestroy
LockResource
DecodePointer
lstrcpynW
CreateDirectoryW
CreateFileW
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
SetFileAttributesW
RemoveDirectoryW
CopyFileW
MoveFileW
MoveFileExW
OpenProcess
TerminateProcess
LocalFree
WriteFile
GetCurrentProcess
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetCurrentProcessId
CreateThread
GetModuleHandleA
FreeLibrary
GetWindowsDirectoryW
LocalAlloc
WTSGetActiveConsoleSessionId
WinExec
GetFileAttributesW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetComputerNameExW
GetTempPathW
SetPriorityClass
SetThreadPriority
GetVersionExW
GetSystemInfo
GetFileSize
ReadFile
GetFileSizeEx
LoadLibraryA
ReadProcessMemory
OpenThread
VirtualQueryEx
WritePrivateProfileSectionW
IsBadReadPtr
GetCurrentThreadId
OpenEventW
SetUnhandledExceptionFilter
CreateMutexW
GetSystemTimeAsFileTime
SetFilePointer
SetFileTime
IsBadWritePtr
TlsSetValue
CancelWaitableTimer
ResetEvent
GetTempFileNameW
CreateWaitableTimerW
SetWaitableTimer
SystemTimeToFileTime
GetDiskFreeSpaceExW
SetEndOfFile
TlsAlloc
TlsFree
GetLocalTime
GlobalAlloc
GlobalFree
GetVolumeInformationW
DeviceIoControl
SuspendThread
GetFileAttributesExW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTime
ReleaseMutex
GetFullPathNameW
GetFullPathNameA
CreateFileA
HeapCompact
TryEnterCriticalSection
MapViewOfFile
UnmapViewOfFile
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
OutputDebugStringW
UnlockFileEx
FormatMessageA
FormatMessageW
GetFileAttributesA
HeapCreate
HeapValidate
FlushFileBuffers
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
OutputDebugStringA
GetVersionExA
GetTempPathA
AreFileApisANSI
DeleteFileA
GetACP
GetCurrentDirectoryW
SetCurrentDirectoryW
ExitProcess
DosDateTimeToFileTime
GetFileType
DuplicateHandle
MulDiv
QueryDosDeviceW
IsDebuggerPresent
EncodePointer

user32

SendMessageTimeoutW
FindWindowExW
GetSystemMetrics
PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
KillTimer
OffsetRect
InflateRect
UnionRect
wvsprintfW
SetCursor
LoadCursorW
GetKeyState
ReleaseDC
GetDC
GetClientRect
SetWindowPos
GetWindowLongW
SetWindowLongW
GetWindow
MessageBoxW
GetUpdateRect
BeginPaint
EndPaint
IsRectEmpty
InvalidateRect
GetWindowRect
MapWindowPoints
CreateWindowExW
ScreenToClient
GetCursorPos
GetFocus
SetCapture
ReleaseCapture
PtInRect
GetParent
DefWindowProcW
EnableWindow
GetMonitorInfoW
MonitorFromWindow
LoadImageW
RegisterClassW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
SetPropW
GetPropW
AdjustWindowRectEx
GetMenu
IntersectRect
CharNextW
IsIconic
IsZoomed
SetWindowRgn
CreateCaret
ShowCaret
HideCaret
SetCaretPos
ClientToScreen
GetSysColor
FillRect
DrawTextW
SetRect
CharPrevW
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
InvalidateRgn
CreateAcceleratorTableW
MoveWindow
SetTimer
IsWindowVisible
ShowWindow
DestroyWindow
PostQuitMessage
IsWindow
SendMessageW
wsprintfW
UnregisterClassW
PostMessageW
SetFocus

advapi32

CryptAcquireContextW
RegQueryValueExW
RegDeleteValueW
OpenProcessToken
GetTokenInformation
RegSetValueExW
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptGetHashParam
CryptDestroyHash
OpenSCManagerW
OpenServiceW
ControlService
DeleteService
CloseServiceHandle
RegOpenKeyExW
RegCloseKey
DuplicateTokenEx
SaferComputeTokenFromLevel
SaferCloseLevel
SaferCreateLevel
CreateProcessAsUserW
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
GetUserNameW
RegOpenKeyW
RegEnumKeyExW

shell32

ord680
ShellExecuteExW
SHGetFolderPathW
SHGetSpecialFolderPathW
CommandLineToArgvW
ShellExecuteW
SHPathPrepareForWriteW

ole32

CoTaskMemFree
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateGuid
StringFromGUID2
OleLockRunning
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysAllocStringByteLen
VariantClear
VariantInit
SysAllocString
SysFreeString

fltlib

FilterSendMessage
FilterConnectCommunicationPort

crypt32

CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CryptMsgClose

shlwapi

SHDeleteValueW
SHSetValueW
PathFindFileNameW
SHGetValueA
PathRemoveExtensionW
UrlEscapeW
StrCmpIW
SHDeleteKeyW
PathGetDriveNumberW
SHGetValueW
StrStrIW
PathFileExistsW
PathMatchSpecW
SHRegGetPathW
PathAppendW
PathFindExtensionW
PathRemoveFileSpecW
PathIsDirectoryW
PathCombineW

gdiplus

GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCreateFontFromDC
GdipCloneBrush
GdipDeleteFont
GdipCreateFromHDC
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipCreateLineBrushI
GdipDrawString
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteBrush
GdipCreateFontFromLogfontA
GdipSetTextRenderingHint
GdipDeleteGraphics

wininet

InternetSetStatusCallbackW
CreateUrlCacheEntryW
GetUrlCacheEntryInfoW
CommitUrlCacheEntryW
FtpGetFileSize
HttpQueryInfoW
HttpSendRequestExW
HttpOpenRequestW
InternetSetOptionA
InternetConnectW
InternetOpenW
InternetGetCookieExW
InternetSetCookieExW
InternetSetCookieW
InternetGetCookieExA
InternetCrackUrlW
InternetQueryOptionW
InternetSetOptionW
InternetGetLastResponseInfoW
FtpCommandW
InternetWriteFile
HttpEndRequestW
InternetCloseHandle
InternetReadFileExA
InternetReadFile
FtpOpenFileW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseContext

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExW

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

comctl32

_TrackMouseEvent
ord17

gdi32

BitBlt
RestoreDC
Rectangle
SetWindowOrgEx
GetTextMetricsW
CreateRoundRectRgn
GetDeviceCaps
SelectClipRgn
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
CombineRgn
SaveDC
StretchBlt
SetBkColor
ExtTextOutW
CreateSolidBrush
CreatePenIndirect
MoveToEx
LineTo
RoundRect
SetBkMode
SetTextColor
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
CreatePen
CreateFontIndirectW
GetStockObject
GetObjectW
CreateDIBSection
SetStretchBltMode
GdiFlush
GetObjectA

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bcdc352f319a69d66c9f65cf997f57b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

fltlib

crypt32

shlwapi

gdiplus

wininet

userenv

wintrust

psapi

iphlpapi

version

comctl32

gdi32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 248KB - Virtual size: 247KB

.data Size: 18KB - Virtual size: 47KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 61KB - Virtual size: 60KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 248KB - Virtual size: 247KB

.data
Size: 18KB - Virtual size: 47KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 61KB - Virtual size: 60KB