29fb48ee4debea0521db72a113384b15_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

29fb48ee4debea0521db72a113384b15_JaffaCakes118
Size

242KB
MD5

29fb48ee4debea0521db72a113384b15
SHA1

78ac63206ba8a5af5687b2694ddd3f0b92687d06
SHA256

9533bbaafcf9238d77a3b1d7baf34ac2286bc31ea2cfd072b9ad59c93e153abb
SHA512

9fad335500eae433beebdc801abeb2a9a3f21c92904a466b78846361670a5fac5f016c6f792fe243edb9e1979e213810a20715f0a4c064bd65434bf7566f1807
SSDEEP

6144:EFy3qt0YFiLOG2FIkCnT4JW0yjgDO91O:2yaXQN4IpsJnD2O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29fb48ee4debea0521db72a113384b15_JaffaCakes118

Files

29fb48ee4debea0521db72a113384b15_JaffaCakes118
.exe windows:4 windows x86 arch:x86

43b0daf86af0da4d2683f68f96d50036

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\HaoZip-publish\HaoZip1.8\trunk\bin\win32\release_min\pdb\HaoZipUpdate.pdb

Imports

kernel32

GetTickCount
CompareStringW
GetCurrentDirectoryW
CopyFileW
MoveFileW
WaitForSingleObject
CloseHandle
LoadLibraryW
ResumeThread
FileTimeToSystemTime
DeleteFileW
CreateDirectoryW
GetFileAttributesW
RemoveDirectoryW
GetACP
WideCharToMultiByte
FileTimeToLocalFileTime
SystemTimeToFileTime
GetSystemTime
GetFileSize
WriteFile
SetFilePointer
ReadFile
CreateFileW
SetEndOfFile
SetFileTime
FindClose
FindNextFileW
FindFirstFileW
GetLongPathNameW
SetFileAttributesW
InterlockedIncrement
GetTempPathW
GetTempFileNameW
GetWindowsDirectoryW
FormatMessageW
LocalFree
GetComputerNameW
DeviceIoControl
GetVersionExW
SetPriorityClass
GetSystemDefaultLangID
ExpandEnvironmentStringsW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
OpenProcess
GetThreadLocale
GetLocaleInfoA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
FreeLibrary
RaiseException
FlushInstructionCache
GetCurrentProcessId
GetSystemTimeAsFileTime
GetPrivateProfileStringW
lstrcmpiW
GetCurrentProcess
LeaveCriticalSection
GetModuleHandleW
GetProcAddress
LoadLibraryA
InitializeCriticalSection
GetCurrentThreadId
Sleep
GetLastError
CreateMutexW
lstrlenW
InterlockedExchange
DeleteCriticalSection
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
EnterCriticalSection
MultiByteToWideChar
SetLastError
GetFullPathNameW
InterlockedDecrement
GetVersionExA

user32

UnregisterClassA
SystemParametersInfoW
SetCursor
GetWindowRect
GetClientRect
MapWindowPoints
GetParent
IsWindow
GetWindow
SetWindowPos
GetSystemMenu
IsMenu
LoadImageW
EndDialog
GetSystemMetrics
ModifyMenuW
GetWindowLongW
DestroyMenu
PtInRect
GetDC
DrawTextW
InvalidateRect
ReleaseDC
DialogBoxParamW
PostQuitMessage
IsWindowEnabled
GetCursorPos
ScreenToClient
OffsetRect
SetForegroundWindow
IsWindowVisible
GetClassNameW
RegisterClassExW
TrackPopupMenu
GetMenuDefaultItem
LoadMenuW
SetMenuDefaultItem
DestroyIcon
GetClassInfoExW
RegisterWindowMessageW
GetSubMenu
LoadCursorW
PostMessageW
GetActiveWindow
SetDlgItemTextW
ReleaseCapture
GetWindowTextW
GetDlgCtrlID
GetCapture
SetTimer
IsIconic
DrawFocusRect
SetCapture
KillTimer
FillRect
GetFocus
IsDialogMessageW
GetWindowTextLengthW
GetSysColor
UpdateWindow
SetFocus
EndPaint
BeginPaint
CreateWindowExW
SetRectEmpty
CallWindowProcW
SetWindowTextW
GetDlgItem
SendMessageW
LoadIconW
SetWindowLongW
CharNextW
DefWindowProcW
MessageBoxW
DestroyWindow
CreateDialogParamW
ShowWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW

gdi32

SelectObject
SetTextColor
SetBkMode
CreateFontIndirectW
GetStockObject
DeleteObject
GetObjectW

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegEnumKeyW
GetUserNameW
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegSetValueExW
RegDeleteValueW

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
SHChangeNotify
SHGetPathFromIDListW

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoTaskMemRealloc

oleaut32

VarUI4FromStr

comctl32

_TrackMouseEvent
InitCommonControlsEx

msvcr80

??0exception@std@@QAE@ABQBD@Z
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__CxxFrameHandler3
_CxxThrowException
swprintf_s
_splitpath_s
_stricmp
strncpy
_vswprintf
swscanf_s
vswprintf_s
memcmp
_vswprintf_c_l
_localtime64_s
memmove
memcpy
strcmp
srand
_time64
rand
_waccess
_errno
towlower
towupper
wcschr
_beginthreadex
_vsnwprintf_s
strlen
_invalid_parameter_noinfo
_purecall
wcscpy_s
_wtoi
??0exception@std@@QAE@XZ
??_V@YAXPAX@Z
memcpy_s
_recalloc
wcsncpy_s
wcslen
??0exception@std@@QAE@ABV01@@Z
free
??2@YAPAXI@Z
sprintf_s
malloc
??1exception@std@@UAE@XZ
memset
?what@exception@std@@UBEPBDXZ
memmove_s
??3@YAXPAX@Z
_controlfp_s

wininet

HttpSendRequestExW
InternetConnectW
InternetReadFile
HttpQueryInfoW
HttpOpenRequestW
InternetCrackUrlW
InternetSetOptionW
InternetOpenW
InternetCloseHandle
HttpEndRequestW
InternetOpenUrlW
InternetWriteFile

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

etnbpxd
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

43b0daf86af0da4d2683f68f96d50036

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msvcr80

wininet

version

Sections

.text Size: 155KB - Virtual size: 155KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 44KB - Virtual size: 45KB

etnbpxd Size: - Virtual size: 4KB

.text
Size: 155KB - Virtual size: 155KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 44KB - Virtual size: 45KB

etnbpxd
Size: - Virtual size: 4KB