2e6fc62fcac43407a28863c2994c8e87_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2e6fc62fcac43407a28863c2994c8e87_JaffaCakes118
Size

2.2MB
MD5

2e6fc62fcac43407a28863c2994c8e87
SHA1

c1a1e078ce8dfca3d79b1750746bce2063ab01ea
SHA256

1ee4326901fae0a1d8be552ff85195baf98dcac40cc8508cec125c308746e71f
SHA512

0a04c6bde9acef82bf4a9bd37044e127a713a55d91f3a95f73ce3a9a177e65993e3c7ec77e0c0b6ed41c9915be22f69cfaf94cbd26acf25171840a60045355ef
SSDEEP

49152:ddYqET7uMhKLB2zzQT5FhBmmWMyM9B5y:daqEG92zmhBv9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e6fc62fcac43407a28863c2994c8e87_JaffaCakes118

Files

2e6fc62fcac43407a28863c2994c8e87_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ffee0d7201a0fe41689d15fe944ee5d1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\TeamViewer\TeamViewer\release\TeamViewer.pdb

Imports

comctl32

ImageList_SetBkColor
ImageList_Create
ImageList_Remove
ImageList_ReplaceIcon
CreatePropertySheetPageW
PropertySheetW
DestroyPropertySheetPage
InitCommonControlsEx
ImageList_LoadImageW

iphlpapi

GetAdaptersInfo

mpr

WNetEnumResourceW
WNetCloseEnum
WNetOpenEnumW

kernel32

QueryPerformanceCounter
SetHandleCount
GetEnvironmentStrings
FreeEnvironmentStringsA
GetOEMCP
GetConsoleMode
GetConsoleCP
HeapCreate
ExitThread
GetDateFormatA
GetTimeFormatA
GetStringTypeA
GetTimeZoneInformation
RtlUnwind
ExitProcess
GetStdHandle
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
ReleaseSemaphore
CreateSemaphoreA
GetThreadLocale
GetLocaleInfoA
GetACP
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
lstrcmpW
CreateEventA
SetEvent
GetCurrentThread
SetThreadPriority
ResumeThread
CreateThread
GetVersionExW
GlobalFree
CreateFileA
GetCurrentProcessId
SetUnhandledExceptionFilter
InterlockedExchange
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleHandleA
CompareStringA
GetLocalTime
CompareFileTime
GetFileTime
SetFileTime
GetFileType
SetEndOfFile
SetFilePointer
ReadFile
FindClose
SystemTimeToTzSpecificLocalTime
SetErrorMode
FileTimeToSystemTime
ResetEvent
WaitForSingleObject
FlushFileBuffers
WriteFile
GetModuleFileNameA
InterlockedDecrement
ReleaseMutex
LocalFree
InterlockedIncrement
GetCommandLineW
OpenProcess
GlobalUnlock
GlobalLock
GlobalAlloc
FreeLibrary
UnmapViewOfFile
LoadLibraryA
Sleep
CloseHandle
SetProcessShutdownParameters
MulDiv
CreateMutexA
DeleteCriticalSection
InitializeCriticalSection
LoadResource
LockResource
SizeofResource
GetLastError
LeaveCriticalSection
SetLastError
EnterCriticalSection
RaiseException
GetCurrentThreadId
FlushInstructionCache
VirtualQuery
GetCurrentProcess
GetTickCount
GetSystemTime
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
SetStdHandle
SetEnvironmentVariableA
LCMapStringA

user32

GetSystemMenu
DrawEdge
DestroyAcceleratorTable
SetRectEmpty
GetWindowPlacement
SetWindowPlacement
GetSysColor
PtInRect
EndDeferWindowPos
GetNextDlgTabItem
BeginDeferWindowPos
GetCapture
GetMessagePos
FlashWindow
GetDialogBaseUnits
MapDialogRect
DeferWindowPos
SetCapture
ReleaseCapture
GetShellWindow
TrackPopupMenuEx
BringWindowToTop
ChildWindowFromPointEx
EnableMenuItem
GetSubMenu
ActivateKeyboardLayout
GetKeyboardLayout
GetDlgCtrlID
PostQuitMessage
IsWindowEnabled
FillRect
GetMenu
MessageBoxA
UnhookWindowsHookEx
DestroyCursor
GetFocus
ToUnicode
GetKeyboardState
ToAscii
GetAsyncKeyState
GetKeyState
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CreateWindowExA
ScreenToClient
MessageBeep
GetDlgItemTextA
GetGUIThreadInfo
GetWindowThreadProcessId
SendInput
ChangeClipboardChain
SetClipboardViewer
BlockInput
WindowFromPoint
CloseDesktop
GetUserObjectInformationW
GetForegroundWindow
GetThreadDesktop
RedrawWindow
EqualRect
SetRect
SetThreadDesktop
DrawFocusRect
ClientToScreen
FrameRect
UnregisterClassA
GetMenuStringW
GetMenuItemInfoW
RegisterWindowMessageW
TranslateMessage
UpdateWindow
OffsetRect
IsWindowVisible
ShowWindow
CreateIconIndirect
CallNextHookEx
BeginPaint
SetCursor
SetCursorPos
SetForegroundWindow
GetScrollInfo
OpenDesktopW
EndPaint
InflateRect
GetClientRect
SetScrollPos
GetDC
IsWindow
GetWindow
GetCursorPos
SetParent
GetWindowRect
GetParent
MapWindowPoints
InvalidateRect
SetWindowPos
DestroyIcon
ScrollWindowEx
MoveWindow
GetDlgItem
InvalidateRgn
DestroyWindow
SetScrollInfo
ReleaseDC
SetTimer
GetActiveWindow
KillTimer
EndDialog
SetWindowRgn
ShowScrollBar
CopyRect
GetSystemMetrics
AdjustWindowRect
SetFocus
EnumWindows
UnionRect
GetWindowDC
GetCursorInfo
GetIconInfo
IntersectRect
OpenInputDesktop

gdi32

MaskBlt
CreatePatternBrush
PatBlt
SetDIBitsToDevice
RoundRect
CreateSolidBrush
StrokeAndFillPath
EndPath
BeginPath
CreatePen
SetBkMode
CreateBitmap
GetPixel
GetDIBits
GetSystemPaletteEntries
CreateRoundRectRgn
LineTo
DeleteObject
StretchBlt
SetStretchBltMode
SelectObject
GetDeviceCaps
SetPixel
CreateCompatibleBitmap
CreateCompatibleDC
CombineRgn
CreateRectRgn
SetBrushOrgEx
CreatePalette
BitBlt
GetObjectType
SetBkColor
SetTextColor
SetViewportOrgEx
SelectPalette
RealizePalette
MoveToEx
ExtEscape
GetStockObject
DeleteDC
DPtoLP
Rectangle
CreateDIBSection

advapi32

SetSecurityDescriptorDacl
RegCloseKey
CryptDestroyHash
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RevertToSelf
ImpersonateLoggedOnUser
DuplicateToken
GetUserNameA
CryptGetUserKey
CryptDecrypt
CryptEncrypt
CryptVerifySignatureW
CryptSignHashW
CryptReleaseContext
CryptAcquireContextA
CryptGenKey
CryptGetKeyParam
RegQueryValueExA
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptImportKey
CryptExportKey
CreateProcessAsUserW
RegOpenKeyW
DuplicateTokenEx
SetTokenInformation
CryptDestroyKey
RegSetValueExA
RegEnumValueW
RegEnumKeyExA
RegEnumValueA
OpenProcessToken
InitializeSecurityDescriptor

shell32

CommandLineToArgvW
SHGetSpecialFolderLocation

ole32

ReleaseStgMedium
CoTaskMemAlloc
CoTaskMemRealloc
OleInitialize
RevokeDragDrop
RegisterDragDrop
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree

oleaut32

VarUI4FromStr

shlwapi

PathCompactPathW

wsock32

htonl
bind
listen
accept
connect
getsockname
getpeername
send
WSAGetLastError
__WSAFDIsSet
recvfrom
select
recv
inet_ntoa
sendto
socket
setsockopt
gethostname
gethostbyname
ntohs
inet_addr
htons
WSAStartup
WSACleanup
shutdown
closesocket
ioctlsocket

wininet

InternetConnectW
HttpSendRequestA
InternetGoOnlineA
HttpQueryInfoA
InternetErrorDlg
InternetReadFile
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
InternetQueryOptionW
InternetCloseHandle
InternetOpenW
InternetSetOptionW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 132KB - Virtual size: 414KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 379KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ffee0d7201a0fe41689d15fe944ee5d1

Headers

File Characteristics

PDB Paths

Imports

comctl32

iphlpapi

mpr

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wsock32

wininet

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 304KB - Virtual size: 303KB

.data Size: 132KB - Virtual size: 414KB

.rsrc Size: 379KB - Virtual size: 384KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 304KB - Virtual size: 303KB

.data
Size: 132KB - Virtual size: 414KB

.rsrc
Size: 379KB - Virtual size: 384KB