333b8b1e93a844f1bc384361f0c5cfff_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

333b8b1e93a844f1bc384361f0c5cfff_JaffaCakes118
Size

3.1MB
MD5

333b8b1e93a844f1bc384361f0c5cfff
SHA1

61081f502de88689be36a89ed85d524c97b59db7
SHA256

d33c1ca38db6e224dd3d07405f63291f9ca459cfd478873e544c8dadcf5e6a47
SHA512

d566286bdd889aa504fdf33b36cdfbc150619a7dd245fbf6fb0f5995f431c1b2dac929741d2c27e6985d2403f35efbb19df78a4b3bfb9de656767b6cad392db9
SSDEEP

49152:esohuFiUlh1hdFZ+EN44xE0EfoYkPHS8z49vYdQPIeughe0Gw:prlpZjtx2oYkq8MvY/eughei

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
333b8b1e93a844f1bc384361f0c5cfff_JaffaCakes118

Files

333b8b1e93a844f1bc384361f0c5cfff_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6f880d35ff1487cc8ffc3e0cf05b8708

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\TeamViewer_Beta\TeamViewer\release\TeamViewer.pdb

Imports

comctl32

ImageList_Create
InitCommonControlsEx
PropertySheetW
CreatePropertySheetPageW
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_LoadImageW
ImageList_Remove
DestroyPropertySheetPage

wsock32

ioctlsocket
sendto
gethostbyname
bind
listen
accept
connect
getsockname
getpeername
send
__WSAFDIsSet
recvfrom
select
recv
WSAGetLastError
inet_ntoa
htons
socket
setsockopt
ntohs
htonl
WSAStartup
WSACleanup
shutdown
closesocket
gethostname
inet_addr

iphlpapi

GetIfEntry
GetIpAddrTable
GetAdaptersInfo
GetAdapterIndex
DeleteIPAddress
GetBestInterface

mpr

WNetEnumResourceW
WNetOpenEnumW
WNetCloseEnum

kernel32

GetProcAddress
LocalAlloc
lstrcpyW
DeviceIoControl
SetThreadPriority
GetCurrentThread
CreateThread
ResumeThread
CreateEventW
GetOverlappedResult
lstrcmpW
SetUnhandledExceptionFilter
DeleteFileA
FindFirstFileA
FileTimeToLocalFileTime
CreateFileA
FindNextFileA
QueryPerformanceCounter
GetUserDefaultLCID
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
SetHandleCount
GetTimeZoneInformation
GetOEMCP
HeapCreate
TlsFree
ExitThread
GetStringTypeA
LCMapStringA
WritePrivateProfileStringW
GetStdHandle
GetFileType
ExitProcess
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetDateFormatA
GetTimeFormatA
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
FormatMessageA
GetFileTime
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
ResetEvent
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
OpenProcess
GlobalFree
InterlockedExchange
LoadLibraryA
GetSystemDirectoryA
SetEndOfFile
SetEnvironmentVariableA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
ReleaseSemaphore
CloseHandle
WaitForSingleObject
GetWindowsDirectoryA
GetModuleHandleA
CompareStringA
SetProcessShutdownParameters
LocalUnlock
LocalSize
LocalLock
CompareFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FindClose
SetErrorMode
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFilePointer
GetLocalTime
LockResource
WriteFile
InterlockedDecrement
GetModuleFileNameA
ReadFile
GetFileSize
InterlockedIncrement
ReleaseMutex
InitializeCriticalSection
CreateMutexA
DeleteCriticalSection
FreeLibrary
LoadResource
SizeofResource
LocalFree
GetCommandLineW
FlushFileBuffers
GetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
Sleep
HeapAlloc
GetCurrentProcessId
RaiseException
LeaveCriticalSection
EnterCriticalSection
SetLastError
FlushInstructionCache
SetEvent
DuplicateHandle
CreateSemaphoreA
CreateEventA
GetSystemTimeAsFileTime
GetTickCount
GetCurrentProcess
HeapFree
GetCurrentThreadId
GetProcessHeap
VirtualQuery

user32

CreateMenu
IsMenu
GetCursorInfo
EnumWindows
CloseDesktop
GetThreadDesktop
SetThreadDesktop
OpenInputDesktop
CreateIconIndirect
InvalidateRgn
GetSystemMenu
GetWindowPlacement
DestroyAcceleratorTable
GetMessagePos
SetWindowPlacement
SetRectEmpty
GetNextDlgTabItem
DrawEdge
EndDeferWindowPos
BeginDeferWindowPos
FlashWindow
GetDialogBaseUnits
MapDialogRect
DeferWindowPos
DestroyIcon
CreatePopupMenu
GetDoubleClickTime
CreateWindowExA
GetDlgItemTextA
GetSysColor
GetIconInfo
GetCapture
DrawFocusRect
FrameRect
SetScrollPos
GetScrollInfo
ScrollWindowEx
GetScrollPos
SetScrollInfo
GetWindowDC
OpenDesktopW
GetShellWindow
ChildWindowFromPointEx
ScreenToClient
GetMenuState
PostQuitMessage
RedrawWindow
SetCursorPos
IsWindowEnabled
ActivateKeyboardLayout
GetKeyboardLayout
SetActiveWindow
MessageBeep
GetMenuItemID
GetMenuItemCount
DeleteMenu
MessageBoxA
UnhookWindowsHookEx
RegisterWindowMessageW
CharLowerW
CharUpperW
UnregisterClassA
MoveWindow
SetWindowPos
IsWindow
TranslateMessage
GetWindow
GetWindowRect
MapWindowPoints
InvalidateRect
ShowWindow
DestroyWindow
KillTimer
SetTimer
GetParent
CallNextHookEx
GetAsyncKeyState
GetFocus
SendInput
ToUnicode
GetKeyboardState
GetKeyState
ToAscii
ChangeClipboardChain
SetClipboardViewer
WindowFromPoint
GetClientRect
TrackPopupMenuEx
CheckMenuItem
EnableMenuItem
GetDC
GetSubMenu
RemoveMenu
CheckMenuRadioItem
SetWindowRgn
SetFocus
DestroyMenu
GetDlgCtrlID
GetUserObjectInformationW
GetDesktopWindow
BringWindowToTop
GetDlgItem
UpdateWindow
OffsetRect
ShowScrollBar
SetParent
FillRect
CopyRect
GetSystemMetrics
AdjustWindowRect
SetForegroundWindow
BeginPaint
EndPaint
SetRect
IntersectRect
IsRectEmpty
InflateRect
UnionRect
ReleaseDC
EndDialog
BlockInput
GetActiveWindow
GetCursorPos
GetForegroundWindow
GetWindowThreadProcessId
GetGUIThreadInfo
EqualRect
SetCapture
IsWindowVisible
SetCursor
DestroyCursor
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ClientToScreen
ReleaseCapture
PtInRect
TrackMouseEvent

gdi32

CreatePatternBrush
SetDIBitsToDevice
CreateDIBSection
RoundRect
MaskBlt
SetBrushOrgEx
CreatePalette
SelectPalette
RealizePalette
GetObjectType
GetDIBits
GetSystemPaletteEntries
SetStretchBltMode
CreateCompatibleBitmap
SetViewportOrgEx
DPtoLP
SetPixel
SetTextColor
GetDeviceCaps
SetDIBColorTable
LineTo
MoveToEx
Polygon
Ellipse
StrokeAndFillPath
EndPath
BeginPath
SetBkMode
SetBkColor
CreateBitmap
GetPixel
CreatePen
Rectangle
CreateSolidBrush
CombineRgn
CreateRectRgn
DeleteObject
DeleteDC
CreateCompatibleDC
SelectObject
BitBlt
StretchBlt
GetStockObject
PatBlt
CreateRoundRectRgn

advapi32

RegEnumKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetTokenInformation
DuplicateTokenEx
OpenProcessToken
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
SetNamedSecurityInfoW
SetEntriesInAclW
CreateProcessAsUserW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegSetValueExA
RegEnumValueW
RegCloseKey
RegEnumValueA
GetSidIdentifierAuthority
DuplicateToken
RegOpenKeyW
ImpersonateLoggedOnUser
RevertToSelf

shell32

ord680
ord155
SHGetSpecialFolderLocation
CommandLineToArgvW
DragAcceptFiles

ole32

CoInitialize
CoInitializeSecurity
CoTaskMemRealloc
ReleaseStgMedium
CoTaskMemAlloc
CoUninitialize
RegisterDragDrop
OleInitialize
RevokeDragDrop
StringFromGUID2
CoCreateInstance
CoCreateGuid
CoTaskMemFree

oleaut32

VariantClear
VarUI4FromStr
SafeArrayGetDim
VariantChangeType
SafeArrayGetElement
SysAllocString
SysFreeString
VariantInit
VariantCopy

shlwapi

PathRemoveFileSpecW
PathCompactPathW

wininet

HttpEndRequestA
InternetQueryOptionW
InternetSetOptionW
InternetOpenW
HttpSendRequestA
InternetGoOnlineA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExA
InternetWriteFile
InternetCloseHandle
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetErrorDlg
HttpQueryInfoW
HttpQueryInfoA
InternetReadFile

crypt32

CertGetNameStringW
CertGetNameStringA
CertFreeCertificateContext
CryptVerifyMessageSignature

imagehlp

ImageGetCertificateData
ImageEnumerateCertificates
ImageGetCertificateHeader

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 617KB - Virtual size: 616KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 106KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 668KB - Virtual size: 668KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f880d35ff1487cc8ffc3e0cf05b8708

Headers

File Characteristics

PDB Paths

Imports

comctl32

wsock32

iphlpapi

mpr

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

crypt32

imagehlp

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 617KB - Virtual size: 616KB

.data Size: 106KB - Virtual size: 411KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 668KB - Virtual size: 668KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 617KB - Virtual size: 616KB

.data
Size: 106KB - Virtual size: 411KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 668KB - Virtual size: 668KB