31e0ea0b4defed141c83ef4562095c42_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

31e0ea0b4defed141c83ef4562095c42_JaffaCakes118
Size

557KB
MD5

31e0ea0b4defed141c83ef4562095c42
SHA1

8c52f33c692c0a1256b3c0a1ea5bad7e2d6ef46f
SHA256

a143f6d8926a063e52343400ef938f9b8a06953da35a67d2d2cd44acea2672ec
SHA512

5174560ce269c90cd6213ab718b20cf5a9a2ce13f3f917cf5eff92a44af229ad365784aa1b9a98ae3489183499804d120b88e58f6920aee33a9b7ac349ed4cb0
SSDEEP

6144:4FobE8fxvOUQtp5mzk0nWisiWa1dEqTm4AOrDf6M/9dmID/vWog:PBxGUy505s1qTm4BDnjmc3C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31e0ea0b4defed141c83ef4562095c42_JaffaCakes118

Files

31e0ea0b4defed141c83ef4562095c42_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c7230cb4999f1de904363c8e616f4405

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\090527_100055_build_BECKS\Client_Build_BECKS_10.3.85.0\compile\source_weather\DPA Client\Release\ZangoWeather.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wininet

InternetGetConnectedState
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

shlwapi

PathFileExistsA

kernel32

RaiseException
GetCurrentThreadId
SetLastError
FreeLibrary
CloseHandle
WaitForSingleObject
LoadLibraryExA
CreateDirectoryA
CopyFileA
CreateThread
InterlockedIncrement
InterlockedDecrement
DeleteFileA
GlobalFree
GlobalHandle
GetExitCodeProcess
CreateProcessA
ExitProcess
GetExitCodeThread
TerminateThread
GetTickCount
GetTempPathA
ResetEvent
SetEvent
GetModuleHandleA
CreateEventA
FreeResource
FormatMessageA
SystemTimeToTzSpecificLocalTime
GetSystemTime
InterlockedExchange
GetVersion
CompareStringA
CompareStringW
lstrcmpiW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
lstrcpynA
Sleep
ResumeThread
InitializeCriticalSection
DeleteCriticalSection
IsDBCSLeadByte
OutputDebugStringA
GetCurrentProcessId
GetCommandLineA
CreateMutexA
GetProcAddress
LoadLibraryA
GetTimeFormatA
GetModuleFileNameA
HeapFree
GetProcessHeap
GetOEMCP
GetCPInfo
GetCurrentThread
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
WriteFile
FatalAppExitA
HeapCreate
GetStartupInfoA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualProtect
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
ReadFile
SetHandleCount
GetFileType
SetFilePointer
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
LCMapStringA
LCMapStringW
GetUserDefaultLCID
MulDiv
lstrcmpA
GetLastError
lstrlenW
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenA
LocalFree
GetCurrentProcess
FlushInstructionCache
lstrcmpiA
FindResourceExA
FindResourceA
LoadResource
LockResource
GetConsoleMode
SizeofResource
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
MultiByteToWideChar
IsValidCodePage
GetConsoleCP
EnumSystemLocalesA
IsValidLocale
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetLocaleInfoW
SetEndOfFile
GetDateFormatA
SetEnvironmentVariableA

user32

CharLowerW
CharLowerA
GetCursorPos
PtInRect
EndDialog
GetClipboardData
CloseClipboard
OpenClipboard
IsWindowEnabled
PostMessageA
wsprintfA
SetCursor
IsWindowVisible
GetUpdateRect
CopyRect
CreateDialogIndirectParamA
DialogBoxIndirectParamA
wvsprintfA
GetDlgCtrlID
SetRect
GetSystemMetrics
LoadIconA
RemoveMenu
CreateAcceleratorTableA
SetWindowContextHelpId
MapDialogRect
CreateWindowExA
IsWindow
GetDesktopWindow
GetFocus
SetFocus
DestroyAcceleratorTable
CallWindowProcA
FillRect
ReleaseCapture
CharUpperBuffA
BringWindowToTop
GetClassNameA
IsChild
SetCapture
GetMessageA
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ClientToScreen
CharNextA
GetSysColor
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
RegisterClassExA
GetWindowTextLengthA
GetWindowTextA
TranslateMessage
DispatchMessageA
GetActiveWindow
UnregisterClassA
GetClassInfoA
RegisterClassA
LoadStringA
CharLowerBuffA
SetTimer
PostThreadMessageA
DestroyMenu
DestroyIcon
FindWindowA
GetWindowDC
CreateIconIndirect
GetMenuState
CheckMenuItem
CreatePopupMenu
AppendMenuA
TrackPopupMenu
CharUpperW
DefWindowProcA
DrawTextA
EnableMenuItem
GetParent
GetWindow
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowRgn
MessageBoxA
GetDlgItem
GetLastActivePopup
EnableWindow
KillTimer
ShowWindow
EndPaint
BeginPaint
ScreenToClient
GetWindowRect
SetWindowPos
MoveWindow
IsIconic
GetSystemMenu
SetWindowTextA
SendMessageA
GetWindowLongA
SetWindowLongA
DestroyWindow
SetForegroundWindow
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
RedrawWindow
CharUpperA
PostQuitMessage

gdi32

Ellipse
CreatePen
TextOutA
CreateFontIndirectA
CreateRoundRectRgn
MoveToEx
GetPixel
PatBlt
CreateDIBSection
GetStockObject
GetObjectA
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
DeleteDC
SetBkMode
LineTo
SetTextColor
SelectObject

advapi32

RegOpenKeyA
RegCreateKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

StringFromGUID2
OleUninitialize
OleLockRunning
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
OleInitialize

oleaut32

LoadRegTypeLi
CreateErrorInfo
SetErrorInfo
GetErrorInfo
SysAllocStringByteLen
VariantChangeType
RegisterTypeLi
UnRegisterTypeLi
VarUI4FromStr
OleLoadPicture
DispCallFunc
LoadTypeLi
SysFreeString
OleCreateFontIndirect
VariantInit
SysStringByteLen
SysAllocString
SysAllocStringLen
VariantClear
SysStringLen

Sections

.text
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c7230cb4999f1de904363c8e616f4405

Headers

File Characteristics

PDB Paths

Imports

version

wininet

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 364KB - Virtual size: 363KB

.rdata Size: 92KB - Virtual size: 91KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 16KB - Virtual size: 12KB

.rrdata Size: 68KB - Virtual size: 68KB

.text
Size: 364KB - Virtual size: 363KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 16KB - Virtual size: 12KB

.rrdata
Size: 68KB - Virtual size: 68KB