2f69caed995c794a6903455600c9c9bc_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2f69caed995c794a6903455600c9c9bc_JaffaCakes118
Size

3.6MB
MD5

2f69caed995c794a6903455600c9c9bc
SHA1

2a688ba776f28fcbd5a4b51cd4ab36143c03ca2d
SHA256

af047e46c1cf750947fec1de937c120cb052e8cb8f98744b0b3725e9e70f39af
SHA512

a37ac5d1c2e7769fac36d9bf57630e0f775c82034fdc4d29a0a732b01b5b9d49d0f6d3e532cacbeb0cf1d33e7e536d6bfbbe1987ffd49b654e211e631d198eac
SSDEEP

49152:0u7kJzG+ACjULxW10p9J4jTfbdz4s8OYVW5Um5cA49SSyByLKyV6fTj:D7kJzG+ACjCweJ43Nh8OYVW5UcH4kSyJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f69caed995c794a6903455600c9c9bc_JaffaCakes118

Files

2f69caed995c794a6903455600c9c9bc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

97f817858899b8d6afd64350e0b5ab45

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\home\luntbuild\work\app-winrd\products\winrd\bin\release\Player.pdb

Imports

crashcatcher

InstallCrashCatcher
?SetSubject@CMailMsg@@QAEAAV1@PB_W@Z
?SetMessage@CMailMsg@@QAEAAV1@PB_W@Z
?Send@CMailMsg@@QAEHXZ
??1CMailMsg@@UAE@XZ
??0CMailMsg@@QAE@XZ

libcurl

curl_easy_setopt
curl_global_init
curl_easy_cleanup
curl_easy_getinfo
curl_easy_init
curl_easy_perform

autoupgrade

AGDSetAppInfo
AGDSetServiceInfo
AGDStopUpdate
AGDRunInstall
AGDCheckLastUpdate
AGDInitialize
AGDSetMessageReceiver
AGDDoUpdate

version

GetFileVersionInfoW
VerQueryValueW
VerQueryValueA
GetFileVersionInfoSizeW

kernel32

InterlockedExchange
ReleaseMutex
CreateMutexW
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
LocalFree
GetModuleFileNameW
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
UnmapViewOfFile
SetErrorMode
Sleep
lstrcpyW
CompareStringW
VirtualQuery
VirtualProtect
VirtualAlloc
InterlockedCompareExchange
ResumeThread
GetThreadContext
SetThreadContext
LoadLibraryW
DisableThreadLibraryCalls
GetTickCount
CreateThread
CreateMutexA
LockResource
FindResourceExW
GetFileSize
ReadFile
CreateFileW
GetCurrentDirectoryW
CompareFileTime
ResetEvent
GetProcAddress
GetModuleHandleA
GetCurrentDirectoryA
CreateSemaphoreW
ReleaseSemaphore
GetDiskFreeSpaceA
CreateEventA
CreateSemaphoreA
MoveFileW
GetDriveTypeW
FileTimeToLocalFileTime
CreatePipe
FindClose
SuspendThread
WideCharToMultiByte
FreeLibrary
AllocConsole
GetCurrentThread
LocalAlloc
GetVersionExW
GetSystemInfo
MoveFileExW
SetThreadPriority
CreateNamedPipeA
ConnectNamedPipe
DisconnectNamedPipe
OutputDebugStringA
GetProcessTimes
TerminateThread
CreateRemoteThread
GetExitCodeThread
GetSystemDirectoryA
OpenProcess
CreateFileMappingA
CreateProcessA
GetSystemTime
FormatMessageA
GetFullPathNameW
GetFullPathNameA
GetTempPathW
GetTempPathA
DeleteFileW
GetFileAttributesA
UnlockFile
LockFileEx
LockFile
AreFileApisANSI
GetVersionExA
SetEnvironmentVariableA
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateFileA
GetLocaleInfoW
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapCreate
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
WriteFile
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
FatalAppExitA
GetDateFormatA
GetTimeFormatA
IsValidCodePage
GetOEMCP
GetACP
TlsFree
GetStringTypeW
LCMapStringW
LCMapStringA
CreateDirectoryA
GetFileAttributesW
GetTimeZoneInformation
GetStartupInfoW
GetCPInfo
GetSystemTimeAsFileTime
DeleteFileA
ExitProcess
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
HeapSize
HeapReAlloc
HeapDestroy
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
CloseHandle
GetLastError
GetModuleHandleW
SetEvent
CreateEventW
GetExitCodeProcess
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
SystemTimeToFileTime
FileTimeToSystemTime
GetLocaleInfoA
GetLocalTime
SetLastError
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
OutputDebugStringW
DebugBreak
lstrlenW
MultiByteToWideChar
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
RaiseException
FindFirstFileW
FindNextFileW
CreateDirectoryW
GetFileInformationByHandle
PeekNamedPipe
SetCurrentDirectoryA
GetDriveTypeA
DuplicateHandle

user32

SetWindowsHookExW
EqualRect
GetWindowRgn
IntersectRect
SetParent
UpdateLayeredWindow
SetRect
SetWindowRgn
CharLowerW
CharUpperW
GetMenuItemCount
GetWindowThreadProcessId
GetClientRect
IsIconic
UnhookWindowsHookEx
GetWindowRect
IsWindow
ShowWindow
MoveWindow
GetMonitorInfoW
MonitorFromWindow
UnregisterClassA
InvalidateRect
SetCursor
LoadCursorW
MessageBoxW
BeginPaint
EndPaint
wvsprintfW
CharNextW
DefWindowProcW
SetWindowLongW
GetWindowLongW
CallWindowProcW
CreateWindowExW
GetClassInfoExW
RegisterClassExW
PostMessageW
SystemParametersInfoW
SetFocus
wsprintfW
CallNextHookEx
SendMessageW
IsZoomed
RegisterClassW
EnableWindow
SetDlgItemTextW
GetParent
GetDlgItem
SetWindowPos
MapWindowPoints
GetWindow
DialogBoxParamW
EndDialog
GetSysColor
GetCursorPos
PostThreadMessageW
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
SetLayeredWindowAttributes
MonitorFromPoint
LoadBitmapW
GetDC
DrawTextW
GetKeyState
EnumDisplaySettingsExW
EnumDisplayDevicesW
GetFocus
ShowCursor
SetTimer
KillTimer
LoadIconW
SetWindowTextW
IsWindowVisible
LoadStringW
GetSystemMetrics
CheckRadioButton
GetDlgItemTextW
GetActiveWindow
InSendMessage
DrawMenuBar
IsMenu
FillRect
SendMessageA
SetMenuItemInfoW
ReleaseCapture
PtInRect
SetCapture
GetDlgCtrlID
ReleaseDC
GetWindowPlacement
PostQuitMessage
ClientToScreen
SetActiveWindow
FlashWindow
BringWindowToTop
FindWindowW
ScreenToClient
UpdateWindow
ReplyMessage
GetWindowTextW
EnumThreadWindows
EnumChildWindows
SetRectEmpty
CreateDialogParamW
RegisterWindowMessageW
SetForegroundWindow
CreatePopupMenu
TrackPopupMenu
CopyRect
DrawFocusRect
OffsetRect
IsWindowEnabled
GetWindowTextLengthW
GetClassNameW
GetCapture
SetMenuDefaultItem
GetMenuItemID
GetSubMenu
DestroyMenu
LoadMenuW
EnableMenuItem
CheckMenuItem
AppendMenuW

gdi32

DeleteObject
DeleteDC
CombineRgn
ExtCreateRegion
BitBlt
CreateDIBSection
GetObjectW
CreateCompatibleDC
CreateSolidBrush
CreateFontIndirectW
SetTextColor
SetBkMode
GetStockObject
CreateCompatibleBitmap
CreateRoundRectRgn
SetBkColor
GetDeviceCaps
GetRgnBox
CreateRectRgn
SelectObject

advapi32

OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
SetNamedSecurityInfoW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteKeyW
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegCloseKey

shell32

ShellExecuteW
SHGetPathFromIDListW
Shell_NotifyIconW
SHCreateDirectoryExW
SHGetSpecialFolderLocation

ole32

OleCreate
OleSetContainedObject
OleDraw
CoCreateGuid
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
OleInitialize
OleUninitialize
CoTaskMemAlloc
StringFromGUID2
CoInitialize

oleaut32

VariantChangeType
VariantInit
CreateErrorInfo
VariantClear
VariantCopy
SafeArrayDestroy
VarUI4FromStr
SafeArrayAccessData
SafeArrayCreateVector
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysAllocStringLen
SysFreeString
SetErrorInfo
GetErrorInfo
SafeArrayUnaccessData
SysAllocString

shlwapi

SHSetValueW
PathFileExistsW
PathFileExistsA

comctl32

InitCommonControlsEx
ImageList_LoadImageW
_TrackMouseEvent
ImageList_Destroy

gdiplus

GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipAlloc
GdipFree
GdipGraphicsClear
GdipGetClipBoundsI
GdipSetClipRectI
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipGetFontStyle
GdipGetFamily
GdipDrawLineI
GdiplusStartup
GdipGetLogFontW
GdipMeasureString
GdipFillPath
GdipDrawPath
GdipSetPenColor
GdipDeletePen
GdipCreatePen1
GdipCreateLineBrushFromRect
GdipAddPathArcI
GdipAddPathLineI
GdipCreateCachedBitmap
GdipDeletePath
GdipCreatePath
GdipClonePath
GdipSetSolidFillColor
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipFillRectangleI
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipSetImageAttributesWrapMode
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDeleteStringFormat
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipCreateFont
GdipDrawString
GdipDeleteCachedBitmap
GdipCreateBitmapFromScan0
GdipFillRectangle
GdipSetCompositingQuality
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateStringFormat
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDisposeImage
GdipCloneImage
GdipCreateHBITMAPFromBitmap
GdipDrawCachedBitmap
GdipDeleteFont
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectI
GdipGetFontSize
GdipSetImageAttributesColorKeys

ws2_32

select
closesocket
connect
WSARecvFrom
WSASendTo
setsockopt
getpeername
socket
htons
send
recv
gethostbyname
inet_addr
shutdown
ioctlsocket
WSAGetLastError
getsockname
accept
__WSAFDIsSet
htonl
bind
listen
ntohs
gethostname
inet_ntoa
ntohl
WSAStartup
WSACleanup

wininet

InternetAttemptConnect
InternetGetConnectedStateExW

libexpatw

ord52
ord10
ord11
ord12
ord31
ord16
ord2
ord25
ord18
ord53
ord21

libeay32

ord2915
ord2936
ord2821
ord269
ord316
ord2630
ord3109
ord510
ord3106
ord3024
ord3171
ord2399
ord961
ord509
ord315
ord256
ord2602
ord259

dbghelp

MakeSureDirectoryPathExists

iphlpapi

GetAdaptersInfo

netapi32

Netbios
NetWkstaTransportEnum
NetApiBufferFree

snmpapi

SnmpUtilOidNCmp
SnmpUtilOidCpy
SnmpUtilVarBindFree

psapi

EnumProcessModules
GetModuleBaseNameW
EnumProcesses

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 418KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 40KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

97f817858899b8d6afd64350e0b5ab45

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crashcatcher

libcurl

autoupgrade

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

ws2_32

wininet

libexpatw

libeay32

dbghelp

iphlpapi

netapi32

snmpapi

psapi

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 418KB - Virtual size: 418KB

.data Size: 40KB - Virtual size: 1.6MB

.rsrc Size: 139KB - Virtual size: 139KB

.rrdata Size: 60KB - Virtual size: 60KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 418KB - Virtual size: 418KB

.data
Size: 40KB - Virtual size: 1.6MB

.rsrc
Size: 139KB - Virtual size: 139KB

.rrdata
Size: 60KB - Virtual size: 60KB