3c23036f83013ced69398c50c1d8cc46_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3c23036f83013ced69398c50c1d8cc46_JaffaCakes118
Size

1.6MB
MD5

3c23036f83013ced69398c50c1d8cc46
SHA1

fe26f2ee5cd7f73cf0438ab1b1293e878333f3f4
SHA256

9110ccc33a972ec7239573419da1441062550c4a35593d0c40ba258479859410
SHA512

de5fc3e4c9d7a9af229125c2e845fc3175bff44b4101d0640090b0c3733d8d29cfe3ce15ce1bfb26635b82da3cde411c2da32473285fd21107796f7a765764d1
SSDEEP

12288:RAB/5ZHS8po4OyBAAzwC+gdvzBTdJm1kYB+A6:8/51S8po/qz1rJJm1kYB+A6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c23036f83013ced69398c50c1d8cc46_JaffaCakes118

Files

3c23036f83013ced69398c50c1d8cc46_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c760aec88eb22be5dbee51ec08ec0e6f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\Balloon_v3\Project\Balloon\Balloon\release\AntivirusXP2008.pdb

Imports

comctl32

ImageList_ReplaceIcon
ImageList_Create

shell32

Shell_NotifyIconW
SHFileOperationW
ShellExecuteW

winmm

PlaySoundW

kernel32

ReadFile
CloseHandle
GetModuleHandleW
GetComputerNameExW
GetSystemInfo
FreeLibrary
GetProcAddress
LoadLibraryW
Sleep
GetSystemDirectoryW
FindFirstFileW
GetFileAttributesW
FindNextFileW
FindClose
GetVersionExW
GetCommandLineW
WideCharToMultiByte
lstrcpynW
GetVolumeInformationW
MultiByteToWideChar
SetFilePointer
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
CreateDirectoryW
WriteFile
SetFileTime
UnmapViewOfFile
GetTickCount
InterlockedIncrement
GetLastError
CreateFileA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEndOfFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
LoadLibraryA
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetOEMCP
GetACP
GetStartupInfoA
GetFileType
SetHandleCount
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetModuleFileNameA
GetStdHandle
HeapSize
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetFileSize
CreateFileW
GlobalReAlloc
GlobalUnlock
GlobalLock
lstrlenW
GetPrivateProfileStringW
GlobalAlloc
GetModuleFileNameW
GetLocalTime
CreateMutexW
OpenMutexW
InterlockedDecrement
GlobalFree
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
RaiseException
GetStartupInfoW
GetProcessHeap
GetVersionExA
HeapAlloc
HeapFree
CreateThread
ResumeThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
LocalFree
lstrlenA
InterlockedExchange

user32

LoadIconW
MessageBoxW
PostMessageW
CreateDialogParamW
MoveWindow
LoadImageW
SetTimer
DialogBoxParamW
SetForegroundWindow
CreateWindowExW
SetWindowPos
GetClientRect
SendMessageW
EndPaint
PostQuitMessage
DefWindowProcW
SetWindowLongW
GetWindowLongW
LoadCursorW
GetClassInfoExW
RegisterClassExW
GetMessageW
TranslateMessage
DispatchMessageW
InvalidateRect
DrawTextW
ShowWindow
UpdateWindow
BeginPaint
TrackMouseEvent
UnregisterClassW
GetSystemMetrics
SetWindowRgn
GetWindowTextW
GetParent
SetWindowTextW
SetRect
GetPropW
CallWindowProcW
RemovePropW
wsprintfW
DestroyIcon
ShowCursor
CheckDlgButton
IsDlgButtonChecked
EndDialog
GetDlgItem
SetPropW
SetCursor

gdi32

CreateBrushIndirect
CreateFontIndirectW
GetCurrentObject
DeleteDC
CombineRgn
ExtCreateRegion
BitBlt
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontW
SetTextColor
SelectObject
SetBkMode
GetObjectW
DeleteObject

comdlg32

GetOpenFileNameW

advapi32

RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW

ole32

CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
CoCreateGuid

oleaut32

GetErrorInfo
SysFreeString
SysAllocString
OleLoadPicture
SysStringLen
SysStringByteLen
SysAllocStringByteLen
VariantClear

iphlpapi

GetAdaptersInfo

wininet

InternetCloseHandle
HttpOpenRequestA
HttpAddRequestHeadersA
InternetOpenW
InternetConnectW
HttpSendRequestW
HttpQueryInfoW
InternetSetOptionW
InternetReadFile

Sections

.text
Size: 280KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c760aec88eb22be5dbee51ec08ec0e6f

Headers

File Characteristics

PDB Paths

Imports

comctl32

shell32

winmm

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

iphlpapi

wininet

Sections

.text Size: 280KB - Virtual size: 276KB

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 280KB - Virtual size: 276KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB