03f25203d629078c3784303d07205e56_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

03f25203d629078c3784303d07205e56_JaffaCakes118
Size

996KB
MD5

03f25203d629078c3784303d07205e56
SHA1

b02c2b0399655b8a562181b5d11e27f177b5b99a
SHA256

c198192e45e7fc212c7b6e23a06d6e0aeff9a08c97f4671dad7c772f5416c240
SHA512

c50cdf3f551b7dc6ab3f49c50c8dbfd651537d23b975316ac214ea40ebf787f5b1ffd6c4e9351d0b807db8542bf550bde03b747c5cd2b3f5b34a93d0c77f5bdc
SSDEEP

12288:AnKMHIV1RaMc2cCeywtm2lIp6GfBY61QuWP+6V+HDoLFk+HfXpDSs9yhv/:8xmCIp661x6+6V+johNkB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03f25203d629078c3784303d07205e56_JaffaCakes118

Files

03f25203d629078c3784303d07205e56_JaffaCakes118
.exe windows:4 windows x86 arch:x86

afeee7f2b2f265e131c3f0f2c4e21c80

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\DevBackup\Src\UpdateModule\release\npdownx.pdb

Imports

shlwapi

PathIsUNCA
PathFindExtensionA
PathRemoveExtensionA
PathFindFileNameA
UrlUnescapeA
PathFileExistsA
PathStripToRootA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

GopherGetAttributeA
HttpSendRequestExA
HttpEndRequestA
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
GopherFindFirstFileA
InternetFindNextFileA
HttpAddRequestHeadersA
InternetErrorDlg
FtpGetFileA
FtpCommandA
FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpRemoveDirectoryA
FtpCreateDirectoryA
FtpRenameFileA
FtpDeleteFileA
InternetQueryDataAvailable
InternetSetCookieA
InternetSetOptionExA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
GopherCreateLocatorA
FtpFindFirstFileA
FtpPutFileA
GopherOpenFileA
InternetOpenA
InternetConnectA
HttpOpenRequestA
InternetReadFile
InternetCloseHandle
InternetSetOptionA
FtpOpenFileA
InternetOpenUrlA
HttpQueryInfoA
InternetGetCookieA
HttpSendRequestA

ws2_32

WSAStartup
WSACleanup
WSAGetLastError
gethostname
gethostbyname
inet_ntoa

user32

LockWindowUpdate
GetDCEx
PostThreadMessageA
UnionRect
SetParent
RegisterClipboardFormatA
UnpackDDElParam
SetRect
FrameRect
LoadImageA
CreateIconIndirect
GetIconInfo
GetSysColor
CopyRect
DrawStateA
FillRect
OffsetRect
DrawFocusRect
InflateRect
TrackPopupMenuEx
GetActiveWindow
WindowFromPoint
ClientToScreen
InvalidateRect
GetParent
GetNextDlgTabItem
GetWindowLongA
DestroyIcon
DestroyMenu
DestroyCursor
KillTimer
BringWindowToTop
AttachThreadInput
GetForegroundWindow
GetWindowThreadProcessId
SetTimer
EnableMenuItem
CharUpperA
CharLowerW
CharLowerA
CharUpperW
ReuseDDElParam
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
SetMenu
TranslateAcceleratorA
GetDialogBaseUnits
UnregisterClassA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableA
DeleteMenu
WaitMessage
ReleaseCapture
SetCapture
GetSysColorBrush
GetMenuItemInfoA
ScrollWindowEx
ShowWindow
MoveWindow
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
MessageBoxA
LoadCursorA
SetCursor
SetWindowPos
EnableWindow
SetForegroundWindow
GetCursorPos
GetSubMenu
LoadMenuA
GetWindowDC
FindWindowA
SendMessageA
PostMessageA
GetWindowRect
ReleaseDC
GetDC
AppendMenuA
GetSystemMenu
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
LoadIconA
PostQuitMessage
wsprintfA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
ScrollWindow
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetMenu
MapWindowPoints
CreateWindowExA
GetMessageTime
GetMessagePos
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
PtInRect
SetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetLastActivePopup
ShowOwnedPopups
SetWindowsHookExA
CallNextHookEx
GetMessageA
IsWindowVisible
GetKeyState
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
CheckMenuItem
MapVirtualKeyA
GetKeyNameTextA
EndPaint
BeginPaint
CharUpperBuffA
CharPrevA
CharNextA
OemToCharA
UpdateWindow
DispatchMessageA
TranslateMessage
PeekMessageA
GetClassNameA
DialogBoxParamA
EndDialog
SetWindowTextA
SetDlgItemTextA
EnumWindows
WaitForInputIdle
IsWindow
RemoveMenu
GetMenuItemCount
InsertMenuA
GetMenuItemID
GetMenuStringA
GetMenuState
MapDialogRect
SetWindowContextHelpId
GetWindow
UnhookWindowsHookEx
IsWindowEnabled
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetDesktopWindow
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ScreenToClient

kernel32

GetEnvironmentVariableA
CompareStringW
MultiByteToWideChar
lstrlenW
GetStringTypeExA
InterlockedExchange
lstrcmpiA
lstrcmpiW
CompareStringA
GetVersion
GetCurrentThreadId
CreateFileA
GetFileSize
ReadFile
GlobalLock
GlobalUnlock
GlobalFree
ResumeThread
GlobalAlloc
FreeResource
GetFileAttributesA
SetFileAttributesA
SetFilePointer
WriteFile
SetEndOfFile
FlushFileBuffers
OutputDebugStringA
TlsAlloc
lstrcpyA
GlobalHandle
TlsSetValue
TlsFree
IsBadReadPtr
TlsGetValue
GetDriveTypeA
lstrcpynA
GlobalReAlloc
GlobalSize
lstrcatA
IsDBCSLeadByte
FindClose
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindFirstFileA
IsBadStringPtrA
GetTickCount
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
LocalFree
FormatMessageA
CopyFileA
MoveFileA
LockFile
UnlockFile
GetThreadLocale
GetStringTypeExW
GetFullPathNameA
GetShortPathNameA
FileTimeToSystemTime
SystemTimeToFileTime
GetFileTime
GlobalDeleteAtom
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GetModuleFileNameW
InterlockedDecrement
SetThreadPriority
SuspendThread
GlobalAddAtomA
GetCurrentProcessId
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
FindNextFileA
LocalAlloc
InterlockedIncrement
LocalReAlloc
GetAtomNameA
SetErrorMode
GetPrivateProfileIntA
GlobalFlags
GetCPInfo
GetOEMCP
HeapFree
GetSystemTimeAsFileTime
ExitProcess
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
ExitThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetProcessHeap
GetStartupInfoA
SetCurrentDirectoryA
RtlUnwind
RaiseException
SetStdHandle
GetFileType
HeapSize
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
GetACP
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetStdHandle
SetConsoleCtrlHandler
SetHandleCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
lstrlenA
GetEnvironmentVariableW
SetLastError
InitializeCriticalSectionAndSpinCount
OpenEventA
ResetEvent
OpenProcess
FreeLibrary
LoadLibraryA
TerminateThread
DeleteCriticalSection
MulDiv
GetSystemDefaultLangID
WaitForSingleObject
CreateThread
InitializeCriticalSection
ReleaseMutex
Sleep
CreateMutexA
GetCurrentProcess
GetProcAddress
GetModuleHandleA
SetEvent
CreateEventA
DeleteFileA
CreateProcessA
GetTimeFormatA
GetDateFormatA
GetCurrentDirectoryA
LeaveCriticalSection
EnterCriticalSection
MapViewOfFile
OpenFileMappingA
CloseHandle
UnmapViewOfFile
CreateFileMappingA
GetPrivateProfileStringA
WritePrivateProfileSectionA
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
WritePrivateProfileStringA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetLocalTime
lstrcmpA
GetVersionExA
GetLastError
GetVolumeInformationA
CreateDirectoryA
GetWindowsDirectoryA
GetSystemDirectoryA
GetModuleFileNameA
DuplicateHandle

gdi32

ScaleWindowExtEx
ArcTo
PolyDraw
PolylineTo
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
PolyBezierTo
ExtSelectClipRgn
CreateDIBPatternBrushPt
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateHatchBrush
CreateRectRgnIndirect
PatBlt
GetDCOrgEx
GetTextExtentPoint32A
SetRectRgn
CombineRgn
GetTextColor
GetRgnBox
GetTextMetricsA
GetCharWidthA
StretchDIBits
CreatePatternBrush
TextOutA
RectVisible
PtVisible
StartDocA
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
CopyMetaFileA
GetBkColor
SetBkMode
CreateSolidBrush
CreateFontIndirectA
GetMapMode
SetMapMode
DPtoLP
CreateDIBitmap
GetObjectA
SetPixel
GetPixel
CreateCompatibleBitmap
DeleteDC
SetTextColor
BitBlt
SetBkColor
SelectObject
CreateCompatibleDC
CreateBitmap
GetStockObject
DeleteObject
CreateDCA
CreateFontA
GetDeviceCaps
GetCurrentPositionEx

comdlg32

GetSaveFileNameA
GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

CloseServiceHandle
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RevertToSelf
CreateProcessAsUserA
ImpersonateLoggedOnUser
SetTokenInformation
DuplicateTokenEx
OpenProcessToken
RegSetValueExA
RegCreateKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
OpenSCManagerA
OpenServiceA
ControlService
CreateServiceA
ChangeServiceConfig2A
QueryServiceStatus
StartServiceA
DeleteService
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextA
CryptGenKey
CryptGetUserKey
CryptCreateHash
CryptHashData
CryptSignHashA
CryptImportKey
CryptVerifySignatureA
CryptExportKey
CryptDeriveKey
CryptEncrypt
CryptDecrypt
CryptGetHashParam
RegSetValueA
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
CryptDestroyKey
RegCreateKeyExA
RegDeleteValueA

shell32

Shell_NotifyIconA
DragQueryFileA
DragFinish
ExtractIconA
SHGetFileInfoA
ShellExecuteA
ShellExecuteExA
SHGetFolderPathA

comctl32

_TrackMouseEvent

oledlg

ord8

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleRun
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
StringFromGUID2
CoDisconnectObject
CLSIDFromString
OleIsCurrentClipboard
OleFlushClipboard
CoTaskMemAlloc
ReleaseStgMedium
CoRegisterClassObject
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal
CoRegisterMessageFilter
CoRevokeClassObject
CreateBindCtx
OleSetClipboard
OleDuplicateData
CLSIDFromProgID

oleaut32

LoadTypeLi
SysAllocString
OleCreateFontIndirect
VarBstrFromDate
VarCyFromStr
VarDecFromStr
VarBstrFromDec
OleLoadPicture
VarBstrFromCy
VariantInit
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocStringByteLen
SysStringByteLen
VariantClear
VariantChangeType
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysReAllocStringLen
VarDateFromStr

winmm

PlaySoundA

Sections

.text
Size: 692KB - Virtual size: 691KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

afeee7f2b2f265e131c3f0f2c4e21c80

Headers

File Characteristics

PDB Paths

Imports

shlwapi

version

wininet

ws2_32

user32

kernel32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

oleaut32

winmm

Sections

.text Size: 692KB - Virtual size: 691KB

.rdata Size: 144KB - Virtual size: 143KB

.data Size: 24KB - Virtual size: 40KB

.rsrc Size: 132KB - Virtual size: 128KB

.text
Size: 692KB - Virtual size: 691KB

.rdata
Size: 144KB - Virtual size: 143KB

.data
Size: 24KB - Virtual size: 40KB

.rsrc
Size: 132KB - Virtual size: 128KB