b16eeb020820d77cee88397a32575511_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b16eeb020820d77cee88397a32575511_JaffaCakes118
Size

2.5MB
MD5

b16eeb020820d77cee88397a32575511
SHA1

7961b165eff900fed9351ba49885f04ff778ba04
SHA256

27b9e221e7ed84091604bc7b451a9cd107043edc93632dfcbc1110e5e75dec58
SHA512

9a85fd4946703f48a61a5b7bafe54c3d334d0733bad75b62d1a41546c3f891775d348d1b805a826e4c8c77e10e7c317c5965cfd9e0711c83724f6f4f8c26832b
SSDEEP

49152:ZbF95tVafteE2DOOMG6ZAiheJElE5K98cTyn:n95tVMtRZxUeC5K98cTA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b16eeb020820d77cee88397a32575511_JaffaCakes118

Files

b16eeb020820d77cee88397a32575511_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f9fe8a392ce17f4c1200c9a496ae8403

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\jenkins_Trunk\workspace\CEN_Hive_QQPCDownload_ForDCom\qqpcmgr_proj\bin\BinFinal\QQPCDownload.pdb

Imports

ws2_32

htons
ntohl
htonl

psapi

GetModuleInformation
GetModuleFileNameExW
EnumProcesses
GetProcessImageFileNameW

kernel32

GetCurrentThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventW
SetEvent
InterlockedCompareExchange
InterlockedExchange
WritePrivateProfileStringW
MultiByteToWideChar
FindFirstFileW
FindClose
FreeLibrary
GetLogicalDrives
CopyFileW
GetDriveTypeW
DeleteFileW
GetFileSize
ReadFile
WriteFile
LocalFree
ExpandEnvironmentStringsW
GetCurrentProcessId
IsBadWritePtr
GetSystemDirectoryW
InterlockedIncrement
VirtualAlloc
GetWindowsDirectoryW
InterlockedDecrement
DuplicateHandle
VirtualFree
SetDllDirectoryW
GetCommandLineW
FreeResource
LoadLibraryExW
GetPrivateProfileStringW
TerminateThread
WaitForMultipleObjects
GetCurrentThreadId
CreateMutexW
GetLongPathNameW
RaiseException
GetFullPathNameW
CreateFileMappingW
MapViewOfFileEx
OpenFileMappingW
UnmapViewOfFile
GetCPInfo
MapViewOfFile
OpenMutexW
SetFilePointer
GetSystemTime
SystemTimeToFileTime
OutputDebugStringW
GetLocalTime
FindNextFileW
SetLastError
FlushInstructionCache
lstrlenA
HeapAlloc
GetProcessHeap
HeapFree
GetTickCount
ReadProcessMemory
VirtualAllocEx
lstrcpynW
GetSystemTimeAsFileTime
GetTempPathW
MoveFileW
OpenEventW
WriteProcessMemory
CreateDirectoryW
ReleaseMutex
SwitchToThread
CreateThread
Module32FirstW
Module32NextW
GetExitCodeThread
GetVersion
GetModuleHandleExW
CreateRemoteThread
ResumeThread
GetFileAttributesExW
GetModuleFileNameA
GetTempFileNameW
FileTimeToLocalFileTime
FileTimeToSystemTime
RemoveDirectoryW
GetFileAttributesW
InterlockedExchangeAdd
VirtualQuery
GetSystemInfo
GetSystemDefaultLangID
LoadLibraryA
ResetEvent
InitializeCriticalSectionAndSpinCount
IsBadReadPtr
IsDebuggerPresent
GetQueuedCompletionStatus
CreateIoCompletionPort
PostQueuedCompletionStatus
GetCurrentDirectoryW
LocalFileTimeToFileTime
SetFileTime
VirtualProtectEx
GetThreadContext
SetThreadContext
GetThreadLocale
GetLocaleInfoA
GetACP
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetStdHandle
ExitProcess
VirtualQueryEx
SuspendThread
GetStringTypeA
GetStringTypeW
GetModuleHandleA
GetOEMCP
IsValidCodePage
HeapCreate
VirtualProtect
WideCharToMultiByte
lstrlenW
TlsSetValue
TlsGetValue
TlsFree
SetUnhandledExceptionFilter
TlsAlloc
GetUserDefaultLCID
EnumSystemLocalesA
GetConsoleCP
GetConsoleMode
GetCurrentDirectoryA
GetTimeZoneInformation
CompareStringA
CompareStringW
SetHandleCount
GetFileType
GetStartupInfoA
FlushFileBuffers
IsValidLocale
GetModuleFileNameW
FindResourceW
FindResourceExW
LoadResource
LockResource
SizeofResource
LoadLibraryW
CreateFileW
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
GetLastError
ProcessIdToSessionId
CompareFileTime
GetProcessTimes
OpenProcess
SleepEx
Thread32Next
Thread32First
Sleep
CreateProcessW
GetModuleHandleW
GetProcAddress
GetVersionExW
Process32NextW
lstrcmpiW
DeviceIoControl
Process32FirstW
CreateToolhelp32Snapshot
GetThreadTimes
OpenThread
GetCurrentProcess
CloseHandle
IsProcessorFeaturePresent
ExitThread
UnhandledExceptionFilter
GetCommandLineA
RtlUnwind
GetDriveTypeA
CreateFileA
SetEndOfFile
SetEnvironmentVariableA
LCMapStringA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
MoveFileExW
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
FreeEnvironmentStringsA

user32

KillTimer
WaitMessage
IsIconic
FindWindowA
SetForegroundWindow
GetClassNameW
GetLastInputInfo
MsgWaitForMultipleObjectsEx
GetUserObjectInformationW
GetDesktopWindow
wsprintfW
UnregisterClassW
GetForegroundWindow
RegisterWindowMessageW
LoadCursorW
SetTimer
RegisterClassExW
TranslateMessage
GetMessageW
CreateWindowExW
PostQuitMessage
GetWindowLongW
DestroyWindow
SetWindowLongW
IsWindow
CallWindowProcW
CharNextW
DefWindowProcW
PostMessageW
MessageBoxW
SendMessageTimeoutW
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects
SetThreadDesktop
CloseDesktop
SendMessageW
ShowWindow
CharUpperW
GetWindowThreadProcessId
FindWindowExW
FindWindowW
GetQueueStatus
EnumWindows
GetClassInfoExW
CallNextHookEx
UnregisterClassA
CreateDesktopW

advapi32

RegCreateKeyW
AdjustTokenPrivileges
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ImpersonateLoggedOnUser
RegOpenKeyW
RevertToSelf
GetUserNameW
RegQueryInfoKeyW
DeleteService
ChangeServiceConfig2W
CreateServiceW
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
StartServiceW
ConvertSidToStringSidW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
LookupAccountNameW
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExW
RegSetValueExW
CreateProcessAsUserW
DuplicateTokenEx
LookupPrivilegeValueW
GetTokenInformation
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHCreateDirectoryExW

ole32

CoTaskMemFree
CoInitializeEx
CoTaskMemRealloc
CoUninitialize
CoCreateGuid
CoInitializeSecurity
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoFreeLibrary
CoLoadLibrary
CoCreateInstance
CoSetProxyBlanket
CoTaskMemAlloc
CoInitialize
StringFromGUID2
CLSIDFromProgID

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringByteLen
SysStringByteLen
VarBstrCmp
SysAllocStringLen
SysFreeString
VariantClear
VarUI4FromStr
SysAllocString
SysStringLen

shlwapi

PathCombineW
PathRemoveFileSpecW
PathAddExtensionW
PathRemoveExtensionW
PathQuoteSpacesW
SHDeleteKeyW
PathUnquoteSpacesW
PathFindFileNameA
PathFileExistsW
PathAppendW
PathFindFileNameW
PathAddBackslashW

userenv

CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

Netbios
NetApiBufferFree
NetWkstaTransportEnum

wininet

InternetReadFile
InternetGetConnectedState
InternetCloseHandle
InternetOpenW
InternetOpenUrlW
HttpQueryInfoW

Exports

Exports

Tx8Dl_InitDownloadEngine
Tx8Dl_LoadRoutine
Tx8Dl_Main
Tx8Dl_NotifyQuit

Sections

.text
Size: 512KB - Virtual size: 509KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9fe8a392ce17f4c1200c9a496ae8403

Headers

File Characteristics

PDB Paths

Imports

ws2_32

psapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

userenv

wtsapi32

version

netapi32

wininet

Exports

Exports

Sections

.text Size: 512KB - Virtual size: 509KB

.rdata Size: 116KB - Virtual size: 112KB

.data Size: 124KB - Virtual size: 158KB

.rsrc Size: 3.2MB - Virtual size: 3.2MB

.reloc Size: 52KB - Virtual size: 51KB

.text
Size: 512KB - Virtual size: 509KB

.rdata
Size: 116KB - Virtual size: 112KB

.data
Size: 124KB - Virtual size: 158KB

.rsrc
Size: 3.2MB - Virtual size: 3.2MB

.reloc
Size: 52KB - Virtual size: 51KB