376cf66b1480c95c6d4461c409701579_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

376cf66b1480c95c6d4461c409701579_JaffaCakes118
Size

1.1MB
MD5

376cf66b1480c95c6d4461c409701579
SHA1

698f26024996c357c22b60ff1384ded753267832
SHA256

e60edbb261e83837ebff043908bf14261d7036371bff3d76bf0b4ae38b55cbc5
SHA512

589c132fbad234abb0b1243ccc6d204965661cd72de8a2c8cd4af11c13c7d59b34311c2b45ca6a0c03b32bc02fd43d3de26a6559527deae36cc1e02eeedf450a
SSDEEP

24576:Z7p3O3f8DD48B4btGtSGBDWhA8EZBuRwzz:Z7Y1oDWAZBuqzz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
376cf66b1480c95c6d4461c409701579_JaffaCakes118

Files

376cf66b1480c95c6d4461c409701579_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b0b49ddf5de1450f2f4d2426ff132519

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\sniffer\projects-keylogger-mangled\Lib\busted\Busted.pdb

Imports

netapi32

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory
DsGetDcNameW
NetApiBufferFree

mpr

WNetOpenEnumA
WNetEnumResourceA

kernel32

WriteConsoleA
GetDriveTypeA
WriteConsoleW
SetEnvironmentVariableA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
SetHandleCount
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetACP
GetStdHandle
HeapCreate
InterlockedExchange
HeapDestroy
VirtualFree
HeapSize
GetFileType
SetStdHandle
ExitProcess
GetStartupInfoA
GetCommandLineA
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RaiseException
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetTickCount
SetErrorMode
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalFileTimeToFileTime
GlobalFlags
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetDiskFreeSpaceA
GetTempFileNameA
GetFileTime
SetFileTime
SystemTimeToFileTime
GetShortPathNameA
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileA
MoveFileA
ReleaseMutex
CreateMutexA
GetModuleFileNameW
GetThreadLocale
InterlockedIncrement
FreeResource
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetCurrentProcessId
GlobalAddAtomA
WaitForSingleObject
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalDeleteAtom
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
GetCurrentDirectoryA
GetWindowsDirectoryA
FileTimeToLocalFileTime
FileTimeToSystemTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MoveFileExA
HeapAlloc
GetProcessHeap
HeapFree
OpenProcess
InterlockedDecrement
GetSystemTime
GetFileAttributesA
SetFileAttributesA
RemoveDirectoryA
Sleep
GetVersionExA
CreateFileA
FindFirstFileA
FindNextFileA
FindClose
LoadLibraryExA
FreeLibrary
GetCurrentProcess
CloseHandle
SetLastError
GetProcAddress
GetModuleHandleA
LoadLibraryA
LocalAlloc
CreateDirectoryA
FormatMessageA
LocalFree
GetStringTypeExA
lstrlenA
lstrcmpiA
CompareStringW
CompareStringA
GetVersion
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP

user32

DestroyIcon
DeleteMenu
SetCursorPos
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
BringWindowToTop
SetMenu
TranslateAcceleratorA
DestroyCursor
ReleaseCapture
SetCapture
SetWindowRgn
DrawIcon
IsRectEmpty
FindWindowA
SetWindowContextHelpId
MapDialogRect
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
WindowFromPoint
SetRectEmpty
DestroyMenu
GetWindowDC
GrayStringA
TabbedTextOutA
CharNextA
ShowWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
InvalidateRgn
SetForegroundWindow
ShowScrollBar
CharUpperA
EnableWindow
PtInRect
CopyRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
DefWindowProcA
SetWindowPos
IntersectRect
GetWindowPlacement
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
GetMenuState
GetMenuStringA
AppendMenuA
InsertMenuA
GetSubMenu
GetDlgItem
FindWindowExA
ScreenToClient
GetDC
ReleaseDC
CallWindowProcA
BeginPaint
EndPaint
AdjustWindowRectEx
MoveWindow
GetWindow
GetDlgCtrlID
DrawCaption
SystemParametersInfoA
DrawIconEx
LoadIconA
IsZoomed
IsIconic
GetMenuItemRect
GetMenu
UnregisterClassA
GetNextDlgGroupItem
MessageBeep
SetParent
CreateMenu
PostThreadMessageA
GetTabbedTextExtentA
RemoveMenu
GetWindowLongA
SetWindowLongA
GetDCEx
RegisterClipboardFormatA
GetScrollPos
FillRect
GetWindowRect
ClientToScreen
RedrawWindow
InflateRect
DrawFocusRect
GetMenuItemCount
GetMenuItemID
ModifyMenuA
CopyAcceleratorTableA
GetSysColor
GetMenuItemInfoA
SendMessageA
OffsetRect
SetTimer
KillTimer
GetDesktopWindow
FrameRect
DrawEdge
DrawFrameControl
GetClientRect
InvalidateRect
GetParent
IsWindow
SetCursor
LoadCursorA
GetSystemMetrics
GetSysColorBrush
SetRect
LoadBitmapA
DrawTextExA
DrawTextA
UpdateWindow
MessageBoxA
LockWindowUpdate

gdi32

GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetNearestColor
GetWindowOrgEx
GetRgnBox
GetViewportOrgEx
EndDoc
AbortDoc
SetAbortProc
EndPage
StartPage
Ellipse
LPtoDP
CreateEllipticRgn
DPtoLP
GetMapMode
SetRectRgn
GetCharWidthA
GetTextExtentPoint32A
CreatePatternBrush
ExtSelectClipRgn
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
StartDocA
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetTextAlign
IntersectClipRect
ExcludeClipRect
GetTextFaceA
GetTextMetricsA
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetTextColor
SetBkColor
GetClipBox
CreateDCA
StretchBlt
GetBkColor
Rectangle
CreateFontW
CreatePen
CreateSolidBrush
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
PatBlt
BitBlt
CreateFontIndirectA
GetObjectA
GetDeviceCaps
RealizePalette
SelectObject
SelectPalette
DeleteDC
DeleteObject
CreateDIBSection
LineTo
MoveToEx
SetTextColor
CombineRgn
CreateRectRgnIndirect
RectInRegion
GetStockObject
GetTextExtentPointA
SetMapMode

comdlg32

GetFileTitleA

winspool.drv

GetJobA
OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

GetNamedSecurityInfoA
SetSecurityDescriptorDacl
RegCreateKeyA
RegDeleteValueA
GetFileSecurityA
SetFileSecurityA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegSetValueA
RegSetValueExA
QueryServiceConfigA
EnumServicesStatusA
StartServiceA
OpenSCManagerA
OpenServiceA
ChangeServiceConfigA
RegQueryValueExA
RegDeleteKeyA
GetSecurityDescriptorControl
ConvertSecurityDescriptorToStringSecurityDescriptorW
IsValidSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorSacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetNamedSecurityInfoA
GetKernelObjectSecurity
FreeSid
MakeAbsoluteSD
IsValidSecurityDescriptor
ConvertStringSidToSidW
LookupAccountNameA
MapGenericMask
LookupAccountSidA
ConvertSidToStringSidW
RegEnumKeyExA
RegConnectRegistryA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
EqualSid
CopySid
IsValidAcl
GetAce
DeleteAce
GetAclInformation
GetLengthSid
InitializeAcl
AddAccessAllowedAce
AddAce
AllocateAndInitializeSid
SetEntriesInAclA
InitializeSecurityDescriptor

shell32

ExtractIconA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA
SHGetFileInfoA
SHBrowseForFolderA
DragFinish
SHGetMalloc
DragQueryFileA

comctl32

_TrackMouseEvent
ord17

shlwapi

PathFindExtensionA
PathFindFileNameA
PathIsUNCA
PathStripToRootA
PathFindExtensionW

oledlg

ord8

ole32

OleUninitialize
CoTaskMemFree
CoInitializeSecurity
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleCreateMenuDescriptor
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize

oleaut32

SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime
VarDateFromStr
VarBstrFromDate
SysAllocString
VariantInit
VariantCopy
VariantChangeType
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysAllocStringLen
OleCreateFontIndirect
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayDestroy
LoadTypeLi

gdiplus

GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdipAlloc
GdipFree
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipGetImageEncodersSize

wininet

HttpOpenRequestA
InternetConnectA
HttpSendRequestExA
HttpEndRequestA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpAddRequestHeadersA
InternetQueryDataAvailable

Sections

.text
Size: 776KB - Virtual size: 772KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0b49ddf5de1450f2f4d2426ff132519

Headers

File Characteristics

PDB Paths

Imports

netapi32

mpr

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

wininet

Sections

.text Size: 776KB - Virtual size: 772KB

.rdata Size: 232KB - Virtual size: 231KB

.data Size: 16KB - Virtual size: 31KB

.rsrc Size: 120KB - Virtual size: 117KB

.text
Size: 776KB - Virtual size: 772KB

.rdata
Size: 232KB - Virtual size: 231KB

.data
Size: 16KB - Virtual size: 31KB

.rsrc
Size: 120KB - Virtual size: 117KB