04bf349d146cc5a7354bb144b756f496_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

04bf349d146cc5a7354bb144b756f496_JaffaCakes118
Size

320KB
MD5

04bf349d146cc5a7354bb144b756f496
SHA1

89ddf33ec18a52483913fa4592280d60999b887f
SHA256

e37f74ce864aea77bdd64764fca81a54bfc1972d0ac2d25c96c98063b9a6680d
SHA512

db531034dee8942b4f78a35ccd992611d995991ece423d938794e8e35e39abc5eabf5550b2d2d3edabbfa8202a6e20dae8b1e178ae98cde9615992db00107dd8
SSDEEP

6144:jmzUb5umpTKTihmVcU8TnfNvrYK1/22RPG+vnuw:jOU1umgihmmU8zNvrPJnGG9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04bf349d146cc5a7354bb144b756f496_JaffaCakes118

Files

04bf349d146cc5a7354bb144b756f496_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7176e88c59a290ded9c9364b54da9f1d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\Svn\Client\BundleInstall\MSD\BundleInstall.pdb

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetGetConnectedState
InternetReadFile

comctl32

ord17

wsock32

bind
listen
setsockopt
accept
shutdown
ioctlsocket
gethostbyname
htons
socket
connect
send
WSAGetLastError
__WSAFDIsSet
select
recv
WSASetLastError
WSAStartup
closesocket

kernel32

GetTempPathA
GetStartupInfoA
GetCurrentProcess
GetSystemDirectoryA
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenW
GetModuleFileNameA
WideCharToMultiByte
Sleep
CreateDirectoryA
RemoveDirectoryA
SetEvent
OpenEventA
GetVolumeInformationA
GetVersionExA
GetUserDefaultLangID
GetWindowsDirectoryA
SetFileAttributesA
GetFileAttributesA
MoveFileExA
CopyFileA
WritePrivateProfileStringA
FreeLibrary
GetProcAddress
LoadLibraryA
WaitForSingleObject
CreateProcessA
lstrcmpiA
ReadFile
GetSystemTimeAsFileTime
CompareFileTime
GetTimeZoneInformation
GetDiskFreeSpaceExA
GetDiskFreeSpaceA
GetModuleHandleA
FindClose
FindNextFileA
FindFirstFileA
HeapFree
HeapAlloc
GetProcessHeap
GetLocalTime
OutputDebugStringA
EnterCriticalSection
LeaveCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
CloseHandle
VirtualFree
HeapCreate
HeapDestroy
GetStdHandle
SetHandleCount
GetFileType
SetStdHandle
HeapSize
TerminateProcess
HeapReAlloc
SetUnhandledExceptionFilter
GetTempFileNameA
TlsSetValue
TlsFree
GetCurrentThread
SetLastError
TlsAlloc
DeleteFileA
GetTickCount
GetEnvironmentStringsW
VirtualQuery
GetACP
GetOEMCP
IsBadReadPtr
IsBadCodePtr
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
QueryPerformanceCounter
FatalAppExitA
GetCPInfo
LCMapStringW
LCMapStringA
VirtualProtect
GetSystemInfo
SetConsoleCtrlHandler
SetEndOfFile
GetLastError
CreateFileA
UnmapViewOfFile
GetComputerNameA
GetCurrentProcessId
MapViewOfFile
CreateFileMappingA
Process32Next
Process32First
CreateToolhelp32Snapshot
SetFilePointer
OpenProcess
LocalAlloc
LocalFree
WaitForMultipleObjects
CreateEventA
ResetEvent
CreateMutexA
OpenMutexA
ReleaseMutex
CreateSemaphoreA
ReleaseSemaphore
GetVersion
GetShortPathNameA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
FormatMessageA
LoadLibraryExA
MultiByteToWideChar
GetFileSize
GetCommandLineA
CreateThread
GetCurrentThreadId
ExitThread
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
TlsGetValue
WriteFile
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
FlushFileBuffers
RaiseException
RtlUnwind
ExitProcess
lstrlenA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
VirtualAlloc
PeekNamedPipe
InterlockedExchange

user32

DispatchMessageA
LoadMenuA
GetSystemMetrics
LoadImageA
ExitWindowsEx
SetForegroundWindow
ReleaseDC
GetDC
TranslateMessage
TranslateAcceleratorA
GetMessageA
RegisterClassExA
LoadCursorA
KillTimer
GetClientRect
SetWindowTextA
PostMessageA
SetWindowPos
LoadStringA
PostQuitMessage
GetDesktopWindow
GetWindowRect
MoveWindow
DestroyWindow
DefWindowProcA
CreateWindowExA
ShowWindow
UpdateWindow
LoadIconA

advapi32

RegSaveKeyA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
AdjustTokenPrivileges
LookupPrivilegeValueA
RegSetKeySecurity
SetTokenInformation
IsValidSid
GetSidSubAuthority
GetSidSubAuthorityCount
SetSecurityInfo
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegEnumKeyA
RegEnumValueA
RegCloseKey
OpenProcessToken
DuplicateTokenEx
CreateProcessAsUserA
RegFlushKey

ole32

CoCreateInstance
OleRun
StringFromGUID2
OleInitialize
CoTaskMemFree

oleaut32

VariantClear
VariantInit
SysFreeString
LoadTypeLi
DispGetIDsOfNames
GetErrorInfo
SysAllocString
VariantChangeType
SetErrorInfo
CreateErrorInfo

gdi32

GetDeviceCaps

shell32

SHGetSpecialFolderPathA

shlwapi

SHCopyKeyA

Sections

.text
Size: 248KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7176e88c59a290ded9c9364b54da9f1d

Headers

File Characteristics

PDB Paths

Imports

version

wininet

comctl32

wsock32

kernel32

user32

advapi32

ole32

oleaut32

gdi32

shell32

shlwapi

Sections

.text Size: 248KB - Virtual size: 244KB

.rdata Size: 48KB - Virtual size: 45KB

.data Size: 16KB - Virtual size: 38KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 248KB - Virtual size: 244KB

.rdata
Size: 48KB - Virtual size: 45KB

.data
Size: 16KB - Virtual size: 38KB

.rsrc
Size: 4KB - Virtual size: 2KB