23f2c73e3ee5b8bde6e5dfb558fe2da0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

23f2c73e3ee5b8bde6e5dfb558fe2da0_JaffaCakes118
Size

1.6MB
MD5

23f2c73e3ee5b8bde6e5dfb558fe2da0
SHA1

f7207c018339631d3b02241cc5ac84dc0c8d0d82
SHA256

313c14b609f5f053b50b2038ae1e29685636ad1bd7dcc638c42dbfec3f32885c
SHA512

90290af7d2e4683eb7019052a548ec39acfd24ad8ad3386861a56856be5bbd9196dcaac60c91dc64d444b82a50e85cc91fc6a80fd0530f21be1a2a16f4b2b5c9
SSDEEP

24576:IGMhJnYNLqsM+IUeRNH/mKqjZzhwHvdxzWAugNBZ9LVmoSo+ps:wB+LqsM+IUOFSwPP75Z/Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23f2c73e3ee5b8bde6e5dfb558fe2da0_JaffaCakes118

Files

23f2c73e3ee5b8bde6e5dfb558fe2da0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6ef9b2816eb87ad2f810b66f0aab976c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

s:\ice\BUILDSHELF\Release\Setup\HPZscr01.pdb

Imports

wtsapi32

WTSEnumerateSessionsA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

setupapi

SetupDiCallClassInstaller
SetupDiOpenDeviceInfoA
SetupDiGetDeviceInstallParamsA

mpr

WNetCancelConnection2A
WNetGetConnectionA

shlwapi

PathRemoveExtensionA
PathRemoveFileSpecW
SHDeleteKeyA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
UrlUnescapeA
PathFindFileNameA

kernel32

ReadFile
SetFilePointer
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationA
GetFileAttributesExA
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
GetFileSizeEx
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedExchange
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
SetThreadPriority
SuspendThread
GetCurrentProcessId
GetModuleHandleW
GlobalFlags
GetCPInfo
GetOEMCP
GetAtomNameA
SetErrorMode
GetPrivateProfileIntA
GetThreadLocale
LocalLock
RtlUnwind
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualProtect
VirtualAlloc
VirtualQuery
ExitProcess
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapReAlloc
SetStdHandle
GetFileType
ExitThread
HeapSize
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
FatalAppExitA
VirtualFree
HeapCreate
HeapDestroy
GetStdHandle
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetConsoleCP
GetConsoleMode
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetStringTypeExA
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalFindAtomA
CompareStringA
lstrcmpW
GetModuleFileNameW
GlobalSize
ExpandEnvironmentStringsA
PulseEvent
OpenEventA
ReleaseMutex
OpenMutexA
GetExitCodeThread
CreateThread
GetStartupInfoA
GetExitCodeProcess
CreateDirectoryA
lstrcatA
FlushFileBuffers
GetDiskFreeSpaceA
GlobalFree
HeapFree
GetProcessHeap
HeapAlloc
lstrcmpiA
lstrcpyA
GetPrivateProfileSectionA
GetFileTime
CompareFileTime
WritePrivateProfileStringA
CreateToolhelp32Snapshot
Process32First
Process32Next
WaitForMultipleObjectsEx
MoveFileA
LocalAlloc
GetSystemDefaultLCID
GetUserDefaultLCID
QueryDosDeviceA
GetUserDefaultLangID
FormatMessageA
GetSystemInfo
GetVersionExA
InitializeCriticalSection
GetFileSize
DeleteCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
WriteFile
OutputDebugStringA
CreateFileA
CopyFileA
WritePrivateProfileSectionA
GetCommandLineA
SetFileAttributesA
MoveFileExA
CreateMutexA
lstrlenW
InterlockedDecrement
LocalFree
InterlockedIncrement
CreateProcessA
WaitForSingleObject
GlobalGetAtomNameA
ResumeThread
OpenProcess
TerminateProcess
GetLogicalDrives
GetDriveTypeA
FindResourceExA
Sleep
SetEvent
CreateEventA
ResetEvent
SetCurrentDirectoryA
GetProfileStringA
WriteProfileStringA
GlobalAlloc
FreeResource
GlobalLock
GlobalUnlock
MulDiv
GetModuleFileNameA
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThreadId
GetTickCount
DeleteFileA
GetTempFileNameA
lstrlenA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
FreeLibrary
GetSystemDirectoryA
GetShortPathNameA
GetWindowsDirectoryA
GetEnvironmentVariableA
GetTempPathA
GetLocaleInfoA
GetCurrentDirectoryA
GetSystemDefaultLangID
GetLocalTime
GetLogicalDriveStringsA
RemoveDirectoryA
GetPrivateProfileStringA
FindFirstFileA
lstrcmpA
FindNextFileA
SetLastError
FindClose
GetFullPathNameA
GetFileAttributesA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetCurrentProcess
CloseHandle
GetModuleHandleA
GetLastError
EnterCriticalSection
LeaveCriticalSection
LocalUnlock

user32

LockWindowUpdate
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
BringWindowToTop
TranslateAcceleratorA
RegisterClipboardFormatA
DestroyMenu
GetMenuItemInfoA
UnregisterClassA
GetDialogBaseUnits
GetSysColorBrush
ShowOwnedPopups
ValidateRect
GetCursorPos
SetWindowRgn
DrawIcon
CharNextA
MessageBeep
GetNextDlgGroupItem
SetWindowContextHelpId
MapDialogRect
SetCapture
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharUpperA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
MapVirtualKeyA
GetKeyNameTextA
ScrollWindowEx
ShowWindow
MoveWindow
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
IsWindowVisible
CreateWindowExA
GetClassInfoExA
GetClassInfoA
GetDCEx
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
GetDlgCtrlID
DefWindowProcA
GetMenu
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
WindowFromPoint
UnionRect
SetParent
GetSystemMenu
UnhookWindowsHookEx
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
EndDialog
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
MsgWaitForMultipleObjects
PostQuitMessage
SetWindowTextA
GetSystemMetrics
LoadStringA
MessageBoxExA
MessageBoxA
EnumWindows
EnumChildWindows
GetWindowTextA
GetWindowModuleFileNameA
GetMessagePos
KillTimer
SetTimer
ScreenToClient
DrawFocusRect
InflateRect
SetRectEmpty
PtInRect
DestroyCursor
LoadCursorA
CopyIcon
SetCursor
GetMessageA
PostThreadMessageA
WaitForInputIdle
IsWindow
RedrawWindow
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
GetDesktopWindow
InvalidateRect
UpdateWindow
IsIconic
LoadBitmapA
GetDC
SetWindowLongA
ReleaseDC
PeekMessageA
TranslateMessage
DispatchMessageA
PostMessageA
RegisterWindowMessageA
GetSysColor
GetWindowLongA
GetParent
GetNextDlgTabItem
GetClientRect
ReleaseCapture
GetKeyState
ExitWindowsEx
GetWindowRect
LoadIconA
SendMessageA
EnableWindow
DestroyIcon
GetTabbedTextExtentA
IsClipboardFormatAvailable
DeleteMenu
UnpackDDElParam
ReuseDDElParam
LoadMenuA
RegisterClassA
GetMenuBarInfo
CallWindowProcA

gdi32

GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateHatchBrush
GetRgnBox
GetBkColor
GetTextColor
CreateEllipticRgn
DPtoLP
LPtoDP
PlayMetaFileRecord
SetRectRgn
CombineRgn
GetMapMode
GetTextMetricsA
GetCharWidthA
StretchDIBits
StartPage
StartDocA
EndPage
CreatePatternBrush
AbortDoc
EndDoc
Ellipse
SelectPalette
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
CreateDCA
CopyMetaFileA
GetTextExtentPoint32A
CreateFontIndirectA
GetStockObject
StretchBlt
BitBlt
GetObjectA
CreateFontA
GetLayout
SetLayout
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SetAbortProc
CreateSolidBrush
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
PatBlt
CreateRectRgnIndirect
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
PtVisible

comdlg32

GetFileTitleA

winspool.drv

EnumMonitorsA
AddMonitorA
EnumPrintersA
GetPrinterDriverA
StartDocPrinterA
StartPagePrinter
EndDocPrinter
EndPagePrinter
GetPrinterA
SetPrinterA
DeletePrinterDriverA
ClosePrinter
DeletePortA
GetPrinterDataA
EnumPortsA
EnumPrinterDriversA
DocumentPropertiesA
GetJobA
OpenPrinterA
DeleteMonitorA
GetPrinterDriverDirectoryA
DeletePrinter

advapi32

SetFileSecurityA
RegQueryValueA
IsTextUnicode
RegSetValueA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetValueExA
GetTokenInformation
AllocateAndInitializeSid
EqualSid
LookupAccountSidA
FreeSid
StartServiceA
CreateProcessAsUserA
RegCreateKeyA
RegCreateKeyExA
RegOpenKeyA
RegDeleteKeyA
QueryServiceConfigA
QueryServiceStatus
ControlService
DeleteService
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegDeleteValueA
RegQueryInfoKeyA
RegEnumValueA
RegOpenKeyExA
RegEnumKeyA
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetFileSecurityA

oledlg

ord8

ole32

CoGetClassObject
OleUninitialize
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CreateBindCtx
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
OleRun
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromProgID
CLSIDFromString
StringFromGUID2
CoDisconnectObject
CoInitializeEx
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
CoRevokeClassObject
CoRegisterClassObject
OleInitialize
CoFreeUnusedLibraries

oleaut32

LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
OleCreateFontIndirect
VarBstrFromDate
VarCyFromStr
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarDateFromStr
SysReAllocStringLen
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayCreateVector
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
SysStringLen
VariantChangeType
VariantInit
VariantCopy
SafeArrayGetElement
SysFreeString
SysStringByteLen
SysAllocStringByteLen
OleLoadPicturePath
OleLoadPicture
SysAllocString
SysAllocStringLen
VariantClear
GetErrorInfo
SetErrorInfo
CreateErrorInfo

wininet

FtpCreateDirectoryA
InternetErrorDlg
FtpRenameFileA
FtpDeleteFileA
InternetQueryDataAvailable
InternetGetCookieA
HttpOpenRequestA
InternetOpenUrlA
GopherOpenFileA
InternetConnectA
FtpFindFirstFileA
GopherCreateLocatorA
FtpCommandA
FtpOpenFileA
GopherGetAttributeA
HttpSendRequestExA
HttpEndRequestA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
GopherFindFirstFileA
InternetCloseHandle
InternetFindNextFileA
HttpQueryInfoA
HttpAddRequestHeadersA
FtpRemoveDirectoryA
FtpGetFileA
FtpPutFileA
FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA
InternetSetCookieA
InternetSetOptionExA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA

Sections

.text
Size: 906KB - Virtual size: 905KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 44KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 377KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.1rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6ef9b2816eb87ad2f810b66f0aab976c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wtsapi32

version

setupapi

mpr

shlwapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

oledlg

ole32

oleaut32

wininet

Sections

.text Size: 906KB - Virtual size: 905KB

.rdata Size: 268KB - Virtual size: 268KB

.data Size: 44KB - Virtual size: 125KB

.rsrc Size: 377KB - Virtual size: 377KB

.1rdata Size: 60KB - Virtual size: 60KB

.text
Size: 906KB - Virtual size: 905KB

.rdata
Size: 268KB - Virtual size: 268KB

.data
Size: 44KB - Virtual size: 125KB

.rsrc
Size: 377KB - Virtual size: 377KB

.1rdata
Size: 60KB - Virtual size: 60KB