051fb0a250bdd04b6a6110f4a2a6fa3e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

051fb0a250bdd04b6a6110f4a2a6fa3e_JaffaCakes118
Size

264KB
MD5

051fb0a250bdd04b6a6110f4a2a6fa3e
SHA1

4663e1137c09268892f32d86132c1aac1787c359
SHA256

be311a3a0c9065dfe313311177f4a94367b05692da0f79f6a8ac393400901832
SHA512

115c972e941652aa739ab11d6120da6bd18306a79c9f0410130b7c229880adf6bad4d2ec733220d26f1bccdd7285e8cf72ff56dd8f83271853611f23c53f826c
SSDEEP

3072:HUN/xLScCN9NeCp5osiJUd3QKRTE2CZRW28H3X4Hdpx1f9F06lycTJCkq8OdGrZJ:wxD2jovoORgH3oApAJCk3plgrzN2R1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
051fb0a250bdd04b6a6110f4a2a6fa3e_JaffaCakes118

Files

051fb0a250bdd04b6a6110f4a2a6fa3e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

99af5681f7537480a62b81528479862f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\Ybrowser_v35\src\YCommon_EXE\ReleaseMinDependency\YCommonExe.pdb

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

winmm

PlaySoundA

kernel32

GetCurrentProcessId
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
lstrlenW
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
GetLastError
lstrcmpiA
CompareStringA
CloseHandle
CreateEventA
ResetEvent
CreateThread
WaitForSingleObject
SetEvent
HeapFree
GetCurrentProcess
FlushInstructionCache
GetProcessHeap
HeapAlloc
RaiseException
GetComputerNameA
lstrcpyA
Sleep
TerminateThread
lstrcatA
OpenEventA
FormatMessageA
IsBadReadPtr
WaitForMultipleObjects
GetCommandLineA
GetModuleFileNameA
GetShortPathNameA
CreateSemaphoreA
ReleaseSemaphore
FreeLibrary
IsDBCSLeadByte
lstrcpynA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
LoadLibraryA
GetProcAddress
GetUserDefaultLangID
LockResource
FindResourceExA
GetCurrentThreadId
GetExitCodeThread
WinExec
CancelWaitableTimer
CreateWaitableTimerA
SetWaitableTimer
SleepEx
LCMapStringA
IsBadWritePtr
VirtualFree
HeapCreate
GetCPInfo
GetOEMCP
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
TerminateProcess
SetStdHandle
GetStdHandle
SetHandleCount
ExitProcess
GetStartupInfoA
GetModuleHandleA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
FlushFileBuffers
WriteFile
GetSystemTimeAsFileTime
SetFilePointer
GetFileType
UnhandledExceptionFilter
HeapSize
HeapReAlloc
HeapDestroy
LocalAlloc
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
RtlUnwind
GetStringTypeA
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
lstrlenA
DeleteCriticalSection
InitializeCriticalSection
LCMapStringW
SetUnhandledExceptionFilter
SetThreadPriority
IsBadCodePtr

user32

GetWindowRect
SystemParametersInfoA
GetWindow
GetForegroundWindow
AttachThreadInput
MapWindowPoints
IsDlgButtonChecked
EndDialog
GetActiveWindow
MessageBoxA
DialogBoxParamA
SetForegroundWindow
CheckDlgButton
SendMessageA
GetDlgItem
LoadIconA
SetDlgItemTextA
GetDlgItemTextA
GetWindowTextA
GetClientRect
SetWindowPos
GetParent
PeekMessageA
LoadStringA
GetDesktopWindow
SetTimer
KillTimer
DestroyWindow
CharNextA
PostThreadMessageA
EnumWindows
GetClassNameA
CallWindowProcA
CreateWindowExA
GetWindowLongA
SetWindowLongA
DefWindowProcA
LoadCursorA
wsprintfA
GetClassInfoExA
RegisterClassExA
DispatchMessageA
GetMessageA
IsWindow
PostMessageA
GetWindowThreadProcessId
FindWindowA
UnregisterClassA
SetWindowTextA

gdi32

DeleteObject

advapi32

RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA
RegEnumValueA

shell32

ShellExecuteA

ole32

CoRevokeClassObject
CoRegisterClassObject
CoInitializeSecurity
StringFromGUID2
CoTaskMemRealloc
CoUninitialize
CoInitialize
CoCreateInstance
CoCreateGuid
CoMarshalInterThreadInterfaceInStream
CoTaskMemAlloc
CoGetInterfaceAndReleaseStream
CoInitializeEx
CoTaskMemFree

oleaut32

SysAllocString
RegisterTypeLi
SafeArrayUnlock
SafeArrayDestroy
SafeArrayLock
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
VariantCopy
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
VariantInit
VariantClear
SysFreeString
SysAllocStringLen
UnRegisterTypeLi
SysStringLen

shlwapi

PathFindExtensionA

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99af5681f7537480a62b81528479862f

Headers

File Characteristics

PDB Paths

Imports

version

winmm

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 128KB - Virtual size: 127KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 36KB - Virtual size: 32KB

.text
Size: 128KB - Virtual size: 127KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 36KB - Virtual size: 32KB