36b08b67f2c8f912f1312e106cb706b7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

36b08b67f2c8f912f1312e106cb706b7_JaffaCakes118
Size

2.4MB
MD5

36b08b67f2c8f912f1312e106cb706b7
SHA1

b49389c313fac21ec351ed6d766fcab62f755caf
SHA256

e5ee36eae2ea7821e11a416f45b7d439f9cee740f2fd55b7e6a8611cc03cf6f9
SHA512

9f537b3975f00003041982ab6f96e334e1f9539fb336e896223cb457919b015b624ab652aebff6b2c4dab4d9d4b8728999fea80dac18e1f76544487f690c8354
SSDEEP

49152:n8JuEC3qDg+FPhPRdtSjd4CcwlcQ95JdWqOYuFQN2PC+MpTCnuuuuuuuuuuuuuuf:n8wEC3qk+bPvtSjd4CcwlcAOYuFQN26O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36b08b67f2c8f912f1312e106cb706b7_JaffaCakes118

Files

36b08b67f2c8f912f1312e106cb706b7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ff439a5f19037fa8b8a303672e338e47

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\flashfarm\depot\main\player\branches\FlashPlayer\FlashPlayer9_DotReleases\platform\win32\standalone\Release\SAFlashPlayer.pdb

Imports

wininet

HttpQueryInfoA

crypt32

CertFreeCertificateContext
CertVerifySubjectCertificateContext
CertFindCertificateInStore
CertCreateCertificateContext
CryptGetMessageCertificates
CryptVerifyMessageSignature
CertCloseStore

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

winmm

waveInOpen
waveOutOpen
waveOutClose
waveOutUnprepareHeader
waveOutReset
waveOutWrite
waveOutPrepareHeader
waveOutGetDevCapsA
timeBeginPeriod
timeGetDevCaps
waveInGetDevCapsA
waveOutGetNumDevs
waveInGetNumDevs
waveInStart
waveInAddBuffer
waveInStop
waveInClose
waveInUnprepareHeader
waveInReset
waveInPrepareHeader
timeKillEvent
timeGetTime
timeSetEvent
timeEndPeriod

oleaut32

SysFreeString

kernel32

GetSystemInfo
GetUserDefaultLangID
ExitThread
GlobalFree
GetFileAttributesW
WriteFile
SetFilePointer
CreateFileA
LockResource
LoadResource
FindResourceExA
FindResourceExW
GlobalAlloc
CreateThread
SetUnhandledExceptionFilter
GetTempPathA
GetCurrentProcess
GetCurrentProcessId
FindClose
FindNextFileA
FindFirstFileA
GetTimeZoneInformation
GetSystemTime
SystemTimeToFileTime
WideCharToMultiByte
CreateDirectoryA
ReadFile
GetFileSize
GetModuleFileNameA
CreateMutexA
GetFileAttributesExA
GetCurrentDirectoryA
SetCurrentDirectoryA
VirtualQuery
GetTempFileNameA
GetSystemDirectoryA
UnmapViewOfFile
WaitForSingleObject
ReleaseMutex
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
InterlockedIncrement
InterlockedDecrement
GlobalUnlock
GlobalLock
IsDBCSLeadByteEx
DeleteFileW
SetEndOfFile
SetFileAttributesA
CopyFileA
GetCommandLineW
GetModuleHandleA
ExitProcess
GetStartupInfoA
GetCommandLineA
GetProcessTimes
CreateEventA
SetEvent
TlsAlloc
SetThreadPriority
ResetEvent
WaitForMultipleObjects
VirtualFree
VirtualAlloc
GetThreadPriority
GetCurrentThread
GetFileAttributesA
DeleteFileA
MoveFileA
GetSystemDefaultLangID
FreeLibrary
GetLastError
GetVersionExA
CreateProcessA
CloseHandle
LCMapStringW
LCMapStringA
GetTickCount
GetCurrentThreadId
GetLocaleInfoA
SetErrorMode
QueryPerformanceCounter
QueryPerformanceFrequency
LoadLibraryA
GetProcAddress
IsDBCSLeadByte
GetACP
GetCPInfo
MultiByteToWideChar
InterlockedExchange
InterlockedCompareExchange
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
HeapAlloc
GetProcessHeap
HeapFree
VirtualProtect
HeapReAlloc
TerminateProcess
HeapSize
GetSystemTimeAsFileTime
RtlUnwind
SetLastError
GetStdHandle
GetOEMCP
GetStringTypeA
GetStringTypeW
RemoveDirectoryA

user32

GetWindow
UnregisterClassA
LoadStringW
MoveWindow
SetMenu
UpdateWindow
ShowWindow
EnumDisplaySettingsA
SetDlgItemTextA
SetDlgItemTextW
EnableWindow
GetDlgItemTextA
GetWindowTextLengthA
GetDlgItemTextW
GetWindowTextLengthW
PostQuitMessage
GetMenuStringA
GetMenuStringW
RegisterClassA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
PostThreadMessageA
GetQueueStatus
PeekMessageA
MsgWaitForMultipleObjects
RegisterWindowMessageA
RemoveMenu
InsertMenuW
InsertMenuA
EmptyClipboard
SetClipboardData
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
RegisterClipboardFormatA
CreateWindowExA
GetWindowLongA
DefWindowProcA
IsWindow
GetMenuItemID
DeleteMenu
ClientToScreen
TrackPopupMenu
SetCapture
ReleaseCapture
GetCapture
WindowFromPoint
GetFocus
DestroyWindow
GetMenu
BeginPaint
EndPaint
LoadCursorA
SetCursor
GetCursorPos
ScreenToClient
GetClientRect
KillTimer
SetTimer
LoadMenuA
GetSubMenu
DestroyMenu
LoadStringA
EnableMenuItem
CheckMenuItem
InvalidateRect
MapVirtualKeyA
GetKeyState
FillRect
WaitForInputIdle
DialogBoxParamW
DialogBoxParamA
MessageBoxA
SystemParametersInfoA
DialogBoxIndirectParamW
DialogBoxIndirectParamA
PostMessageA
EndDialog
SetWindowLongA
GetParent
GetWindowRect
GetDesktopWindow
SetWindowPos
LoadIconA
GetDlgItem
SetWindowTextA
SetFocus
GetMenuItemCount
GetMenuItemInfoA
GetSystemMetrics
InsertMenuItemA
GetDC
ReleaseDC
DdeInitializeA
DdeCreateStringHandleA
DdeConnect
DdeClientTransaction
DdeDisconnect
DdeFreeStringHandle
DdeUninitialize
SendInput
GetKeyboardLayout
GetDoubleClickTime
SendMessageA

gdi32

BitBlt
SelectObject
RealizePalette
SelectPalette
GetStockObject
CreateFontIndirectA
SetBkMode
SetTextAlign
IntersectClipRect
SelectClipRgn
ExtTextOutA
ExtTextOutW
SetTextColor
GetTextMetricsA
GetTextAlign
GetBkMode
GetTextColor
EnumFontFamiliesA
SetTextCharacterExtra
GetClipRgn
GetDeviceCaps
DPtoLP
GetTextExtentPoint32W
GetCurrentObject
SetBkColor
GetBkColor
CreatePen
GetTextExtentPoint32A
CreatePalette
EndPage
BeginPath
EndPath
GetSystemPaletteEntries
GetClipBox
CreateSolidBrush
LPtoDP
StartDocA
EndDoc
StrokePath
ExtCreatePen
FillPath
StretchDIBits
CreateDCA
GetObjectA
RestoreDC
SaveDC
SelectClipPath
PolyBezierTo
LineTo
CreateCompatibleBitmap
GetDIBits
CreateDIBSection
DeleteDC
CreateCompatibleDC
GdiFlush
CreateRectRgn
StartPage
MoveToEx
SetPolyFillMode
DeleteObject

comdlg32

GetOpenFileNameA
PrintDlgA
GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
GetSaveFileNameA

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

shell32

DragQueryFileA
SHAppBarMessage
SHGetPathFromIDListA
DragQueryFileW
SHBrowseForFolderA
DragAcceptFiles
SHGetSpecialFolderLocation

ole32

CoFreeUnusedLibraries
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

wsock32

ntohl
select
gethostname
WSACleanup
recvfrom
inet_addr
ntohs
sendto
WSACancelAsyncRequest
WSAAsyncGetHostByName
WSAAsyncSelect
WSAGetLastError
send
recv
closesocket
htons
ioctlsocket
gethostbyname
htonl
connect
setsockopt
socket
WSAStartup
inet_ntoa

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 212KB - Virtual size: 1004KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.JGLong
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ff439a5f19037fa8b8a303672e338e47

Headers

File Characteristics

PDB Paths

Imports

wininet

crypt32

version

winmm

oleaut32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

wsock32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 160KB - Virtual size: 157KB

.data Size: 212KB - Virtual size: 1004KB

.rsrc Size: 124KB - Virtual size: 122KB

.JGLong Size: 1KB - Virtual size: 4KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 160KB - Virtual size: 157KB

.data
Size: 212KB - Virtual size: 1004KB

.rsrc
Size: 124KB - Virtual size: 122KB

.JGLong
Size: 1KB - Virtual size: 4KB