2393987a86af045670ecef507ed83fb9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2393987a86af045670ecef507ed83fb9_JaffaCakes118
Size

1.1MB
MD5

2393987a86af045670ecef507ed83fb9
SHA1

d2b015088de8680db5f6a65ec519f8145145e57f
SHA256

a461a2e55a4b09daaa6c864bbff14c3e1057504b99272c13db7174d6a33b9c13
SHA512

83be0662e3e0661b29309366945a28b4e34dfbb4b645ecce738642509940cb3c3978247f69116cea3a93d6b7c03a724d53a33c66d080260ace7d50be6784bb77
SSDEEP

24576:SLclb9WzcKszoGZuqbYeqxXtn6+TeDX35kTUaTP7Wd7KZurIYz57L1O17V:SLcbwcKszRuqnqxXE+TeDX35kTUaTP7t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2393987a86af045670ecef507ed83fb9_JaffaCakes118

Files

2393987a86af045670ecef507ed83fb9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

904ff547c9298864e4ae2f69be684b4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

GoogleToolbarManager_unsigned.pdb

Imports

wininet

InternetOpenW
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersW
InternetSetOptionW
InternetCloseHandle
InternetGetConnectedState
HttpSendRequestW
InternetReadFile
InternetQueryDataAvailable
HttpQueryInfoW
DeleteUrlCacheEntryW

rasapi32

RasEnumConnectionsW

msi

ord88
ord141
ord190
ord16

kernel32

MapViewOfFile
GetUserDefaultUILanguage
SetThreadLocale
SetFileAttributesW
GetVersionExA
PostQueuedCompletionStatus
QueryPerformanceCounter
EnumResourceLanguagesW
GetACP
GetLocaleInfoA
GetThreadLocale
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetStringTypeW
GetStringTypeA
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentVariableW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetModuleFileNameA
GetStdHandle
HeapCreate
GetCPInfo
LCMapStringA
RtlUnwind
ExitProcess
VirtualQuery
GetStartupInfoW
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEndOfFile
CompareStringA
ProcessIdToSessionId
GetSystemTime
SystemTimeToFileTime
LocalAlloc
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
TerminateProcess
GetCurrentThread
VerSetConditionMask
VerifyVersionInfoW
CompareStringW
SetEnvironmentVariableA
GetTempPathW
LCMapStringW
VirtualAlloc
VirtualFree
VirtualProtect
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
CreateThread
lstrlenA
LoadLibraryA
GetFileSizeEx
GetSystemInfo
WaitForMultipleObjects
FlushFileBuffers
CopyFileW
GetTempFileNameW
GetFileAttributesExW
GetSystemTimeAsFileTime
CreateFileMappingW
OpenFileMappingW
UnmapViewOfFile
CreateProcessW
OpenEventW
GetExitCodeProcess
GetVersionExW
GetCurrentProcess
GetCommandLineW
RaiseException
MultiByteToWideChar
LockResource
SizeofResource
LoadResource
FindResourceW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
CloseHandle
EnterCriticalSection
LeaveCriticalSection
GetTickCount
FormatMessageW
LocalFree
EnumResourceNamesW
CreateFileW
CompareFileTime
GetFileSize
SetFilePointer
WriteFile
ReadFile
RemoveDirectoryW
WideCharToMultiByte
SetThreadPriority
ResumeThread
MoveFileExW
InterlockedExchange
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
GetCurrentProcessId
CreateEventW
FreeLibrary
CreateMutexW
WaitForSingleObject
ReleaseMutex
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
lstrlenW
LoadLibraryExW
GetCurrentThreadId
Sleep
OpenProcess
InitializeCriticalSection
SetEvent
OutputDebugStringA
GetModuleFileNameW
SetLastError
LoadLibraryW
GetLastError
FindResourceExW
DeleteCriticalSection

user32

CharLowerBuffW
IsWindow
DestroyWindow
CharNextW
PostQuitMessage
SendMessageW
MessageBoxIndirectW
DialogBoxParamW
LoadImageW
GetWindowThreadProcessId
EnumChildWindows
MsgWaitForMultipleObjects
GetMessageW
wvsprintfA
wvsprintfW
IsWindowVisible
RegisterClassW
PeekMessageW
TranslateMessage
DispatchMessageW
MessageBoxW
KillTimer
EndDialog
SetWindowLongW
PostMessageW
GetClassNameW
SetTimer
UnregisterClassA
GetGUIThreadInfo
DefWindowProcW
GetWindowLongW
CreateWindowExW
FindWindowExW

advapi32

MakeAbsoluteSD
CryptVerifySignatureW
RegNotifyChangeKeyValue
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
RegOpenCurrentUser
SetTokenInformation
CreateProcessAsUserW
EqualPrefixSid
OpenThreadToken
SetThreadToken
DuplicateTokenEx
GetSidSubAuthorityCount
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
CryptCreateHash
CryptHashData
CryptAcquireContextW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
ConvertSidToStringSidW
RegGetKeySecurity
RegSetKeySecurity
GetAce
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
EqualSid
CopySid
IsValidSid
GetLengthSid
SetSecurityDescriptorControl
GetAclInformation
InitializeAcl
AddAce
RegFlushKey
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSidToSidW
RegEnumValueW
CryptDestroyKey
CryptDestroyHash
OpenSCManagerW
OpenServiceW
DeleteService
CloseServiceHandle
CreateServiceW
StartServiceW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
ImpersonateLoggedOnUser
GetUserNameW
RevertToSelf
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorControl

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
CoInitializeEx
CoCreateGuid
CoGetClassObject
CLSIDFromString
OleRun

shell32

ord165
SHGetFolderPathW

oleaut32

VariantCopy
VariantClear
VariantInit
VarUI4FromStr
SysAllocString
SysAllocStringLen
SysFreeString

shlwapi

PathIsDirectoryEmptyW
PathIsDirectoryW
PathRemoveFileSpecW
PathIsRelativeW
PathFileExistsW
PathAppendW
SHDeleteEmptyKeyW
SHDeleteValueW
StrCatBuffA
PathCombineW
SHCopyKeyW
SHGetValueW
SHSetValueW
SHDeleteKeyW

userenv

UnloadUserProfile
CreateEnvironmentBlock
DestroyEnvironmentBlock

crypt32

CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertGetNameStringW
CertFreeCertificateChain
CertCreateContext
CryptQueryObject
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertNameToStrW
CertFreeCertificateContext
CryptImportPublicKeyInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wtsapi32

WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSFreeMemory

wintrust

WinVerifyTrust

Sections

.text
Size: 399KB - Virtual size: 398KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 28KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.crdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

904ff547c9298864e4ae2f69be684b4b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

rasapi32

msi

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

userenv

crypt32

version

wtsapi32

wintrust

Sections

.text Size: 399KB - Virtual size: 398KB

.rdata Size: 281KB - Virtual size: 281KB

.data Size: 28KB - Virtual size: 71KB

shared Size: 512B - Virtual size: 4B

.rsrc Size: 232KB - Virtual size: 231KB

.reloc Size: 72KB - Virtual size: 72KB

.crdata Size: 60KB - Virtual size: 60KB

.text
Size: 399KB - Virtual size: 398KB

.rdata
Size: 281KB - Virtual size: 281KB

.data
Size: 28KB - Virtual size: 71KB

shared
Size: 512B - Virtual size: 4B

.rsrc
Size: 232KB - Virtual size: 231KB

.reloc
Size: 72KB - Virtual size: 72KB

.crdata
Size: 60KB - Virtual size: 60KB