bc752e3f2e651eaabb1728a5220f05da_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bc752e3f2e651eaabb1728a5220f05da_JaffaCakes118
Size

671KB
MD5

bc752e3f2e651eaabb1728a5220f05da
SHA1

589313ce9d328355473028a07b98aacfd771a7ae
SHA256

d73dd40304c55bfe5ad9baa00bc54b362816dcfce4b807d99b4b0d951c9113eb
SHA512

6d527d09dedf620893b3dfab5b8455f5c6fdbee820c1ff31502fbb911a8e54edf5643bf1c18c3836332c7a2e492324b530c70b94e9664d9e9cf5863a6f45ba3d
SSDEEP

12288:EhT+VkIzcrh6H+jL1RfTS3juYVigZZ6igYc99gPAF9RfAMUYFMErxF2R/:EhOP+jh9TS3juYVbYiAgPAFxUKkR/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc752e3f2e651eaabb1728a5220f05da_JaffaCakes118

Files

bc752e3f2e651eaabb1728a5220f05da_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cad4d1b6d58caede68318188be2dffe4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Meta\ov\Release\smther.pdb

Imports

kernel32

OpenEventA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetACP
HeapReAlloc
HeapSize
HeapAlloc
VirtualFree
HeapFree
HeapCreate
HeapDestroy
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTickCount
QueryPerformanceCounter
LoadLibraryW
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
GetSystemInfo
ExitProcess
Sleep
IsBadReadPtr
HeapValidate
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetModuleHandleW
FlushFileBuffers
SetFilePointer
GetCurrentProcess
WritePrivateProfileStringA
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
GetOEMCP
GetCPInfo
GlobalFlags
LocalFree
GetAtomNameA
SetErrorMode
InterlockedDecrement
GetModuleFileNameW
GlobalFree
GetCurrentProcessId
SetEvent
InterlockedExchange
GlobalAlloc
lstrcmpA
GetCurrentThread
GetLocaleInfoA
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
CompareStringA
MultiByteToWideChar
FreeResource
lstrcmpW
FreeLibrary
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
WideCharToMultiByte
LockResource
SizeofResource
FindResourceA
LoadLibraryA
GetProcAddress
GetLastError
VirtualAlloc
CreateEventA
lstrlenA
MulDiv
WaitForSingleObject
SetLastError
GlobalLock
GlobalUnlock
GetUserDefaultLangID
EnumTimeFormatsA
FindResourceExW
GetModuleHandleA
FindResourceW
LoadResource
CreateFileA
WriteFile
CloseHandle
CreateThread
ExitThread
RaiseException

user32

IsDialogMessageA
GetMenuCheckMarkDimensions
RegisterWindowMessageA
GetClassInfoExA
GetClassInfoA
RegisterClassA
PeekMessageA
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
WinHelpA
TrackPopupMenu
GetWindowTextA
GetKeyState
GetDlgCtrlID
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMenu
GetMessageTime
GetMessagePos
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowLongA
EnableWindow
GetForegroundWindow
SetWindowTextA
GetParent
GetLastActivePopup
GetWindow
GetTopWindow
GetNextDlgTabItem
GetDesktopWindow
GetFocus
GetCapture
SetActiveWindow
GetActiveWindow
ShowOwnedPopups
IsWindowVisible
ReuseDDElParam
ValidateRect
InvalidateRect
MapWindowPoints
GetWindowRect
BringWindowToTop
PostMessageA
LoadImageA
GetSystemMetrics
GetDlgItem
EndPaint
GetSysColor
GetWindowDC
ReleaseDC
ClientToScreen
IsWindow
ScreenToClient
LoadMenuA
SetMenuItemBitmaps
ModifyMenuA
InsertMenuItemA
GetSubMenu
GetMenuItemInfoA
GetMenuState
GetMenuItemID
MoveWindow
IsWindowEnabled
SetCursor
GetWindowThreadProcessId
EndDialog
DestroyMenu
GetMenuItemCount
SetRectEmpty
ReleaseCapture
GetClipboardFormatNameA
UnpackDDElParam
PtInRect
SetCursorPos
GetCursorPos
InflateRect
DestroyWindow
GetClientRect
SendDlgItemMessageA
PostQuitMessage
BeginPaint
GetDC
GetWindowTextW
DefWindowProcA
SetScrollInfo
DdeUninitialize
TranslateAcceleratorA
LoadAcceleratorsA
LoadIconA
UnregisterClassA
EnableMenuItem
CheckMenuItem
IsMenu
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DrawIcon
FillRect
LoadBitmapA
GetSysColorBrush
SendMessageA
FindWindowA
IsIconic
ShowWindow
SetForegroundWindow
LoadCursorA
RegisterClassExA
CreateWindowExA
MessageBoxA
CreatePopupMenu
AppendMenuA
CreateMenu
SetMenu
UpdateWindow
DrawMenuBar
TranslateMessage
DispatchMessageA
GetMessageA
CreateDialogIndirectParamA

gdi32

PtVisible
RectVisible
BitBlt
StretchBlt
GetPixel
ExtTextOutA
Escape
DeleteDC
SaveDC
RestoreDC
SetBkColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetTextExtentPoint32A
GetDeviceCaps
CreateCompatibleDC
DeleteObject
SelectObject
GetObjectA
GetDIBColorTable
SetViewportExtEx
TextOutW
MoveToEx
SetTextAlign
GetTextAlign
SetTextColor
SetBkMode
CreateFontIndirectA
CreateCompatibleBitmap
CreateBitmap
CreatePatternBrush
CreateSolidBrush
GetObjectType
GetStockObject
TextOutA
Rectangle
GetCurrentObject

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegDeleteKeyA
RegOpenKeyExW
RegSetValueExA
RegCreateKeyExA
SetThreadToken
RevertToSelf
OpenThreadToken
RegQueryValueExW
RegOpenKeyA
RegEnumKeyA
RegQueryValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
DuplicateTokenEx
GetSecurityDescriptorSacl
GetAclInformation
GetAce
LookupAccountSidW

shell32

Shell_NotifyIconA
DragFinish
DragQueryFileA
SHGetSpecialFolderLocation

comctl32

ord17
InitCommonControlsEx

shlwapi

PathIsRelativeW
PathFindExtensionA
PathFindFileNameA
PathRemoveFileSpecW
PathFileExistsW

ole32

StringFromCLSID
CoTaskMemFree
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
OleGetClipboard
ReleaseStgMedium
CoCreateInstance
OleInitialize
CoLockObjectExternal

oleaut32

VariantInit
VariantChangeType
VariantClear

opengl32

glDrawBuffer
glMultMatrixd
glMatrixMode
glFlush

iphlpapi

AddIPAddress
CreateIpForwardEntry

pdh

PdhValidatePathA
PdhVerifySQLDBA

wintrust

CryptCATAdminAddCatalog
CryptCATAdminCalcHashFromFileHandle

gdiplus

GdipDrawImageRectI
GdipDeleteMatrix
GdipDeleteGraphics
GdipCreateMatrix
GdipCreateFromHDC

oleacc

LresultFromObject
CreateStdAccessibleObject

wtsapi32

WTSQueryUserToken

Sections

.text
Size: 433KB - Virtual size: 433KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cad4d1b6d58caede68318188be2dffe4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

opengl32

iphlpapi

pdh

wintrust

gdiplus

oleacc

wtsapi32

Sections

.text Size: 433KB - Virtual size: 433KB

.rdata Size: 108KB - Virtual size: 108KB

.data Size: 9KB - Virtual size: 25KB

.rsrc Size: 119KB - Virtual size: 118KB

.text
Size: 433KB - Virtual size: 433KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 9KB - Virtual size: 25KB

.rsrc
Size: 119KB - Virtual size: 118KB