41db02ba975a187f4c73d15c814ab248_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

41db02ba975a187f4c73d15c814ab248_JaffaCakes118
Size

1.0MB
MD5

41db02ba975a187f4c73d15c814ab248
SHA1

0323e1cd77a6cc9e1ed087b7c8159d212b7a705f
SHA256

d18839cb28f8aafb3ac612a6985dfebe272559034a9722dace918dc584e99488
SHA512

71ece5e39b837da3cf85792d8322307fd4eaf8e3985b8fd68a7b89d1de824c10096ecdc74739b8a5a853827b48c64fd996ff4283ee5d77712dbf7f890079afe2
SSDEEP

12288:PaplKO0BtytXeuALDsuo2k11GtVHUs+AGQFBiyqWIESrv6:P8KO0BCLwm2k4HUBTuBiJlE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41db02ba975a187f4c73d15c814ab248_JaffaCakes118

Files

41db02ba975a187f4c73d15c814ab248_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6ed8bad93ea3fdbeb6aa02b33ffe3b3e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\build\sources\npdownv\release\npdownv.pdb

Imports

shlwapi

UrlUnescapeA
PathIsDirectoryA
PathFindExtensionA
PathRemoveExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFileExistsA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wininet

FtpCommandA
GopherGetAttributeA
HttpSendRequestExA
HttpEndRequestA
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
GopherFindFirstFileA
InternetFindNextFileA
HttpQueryInfoA
InternetErrorDlg
FtpGetFileA
FtpPutFileA
FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpRemoveDirectoryA
GopherCreateLocatorA
FtpRenameFileA
FtpDeleteFileA
InternetQueryDataAvailable
InternetGetCookieA
InternetSetCookieA
InternetSetOptionExA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
FtpOpenFileA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetSetOptionA
InternetCloseHandle
InternetReadFile
FtpFindFirstFileA
GopherOpenFileA
FtpCreateDirectoryA
InternetOpenUrlA
HttpAddRequestHeadersA

ws2_32

WSACleanup
WSAStartup

user32

InvalidateRgn
IsRectEmpty
GetNextDlgGroupItem
MessageBeep
GetDialogBaseUnits
TranslateAcceleratorA
SetMenu
SetRectEmpty
CreatePopupMenu
InsertMenuItemA
CopyAcceleratorTableA
UnregisterClassA
DestroyIcon
GetSysColorBrush
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
LoadAcceleratorsA
MapVirtualKeyA
GetKeyNameTextA
DestroyMenu
GetMenuItemInfoA
InflateRect
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ScrollWindowEx
ShowWindow
MoveWindow
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
SetWindowContextHelpId
MapDialogRect
LoadMenuA
ReuseDDElParam
UnpackDDElParam
RegisterClipboardFormatA
SetParent
GetClassInfoA
DrawIcon
AppendMenuA
SendMessageA
GetSystemMenu
IsIconic
GetWindowRect
GetClientRect
GetDC
GetWindowDC
ReleaseDC
SetTimer
KillTimer
SetForegroundWindow
EnableWindow
LoadIconA
GetSystemMetrics
PostMessageA
UnionRect
PostThreadMessageA
GetDCEx
LockWindowUpdate
PostQuitMessage
wsprintfA
FindWindowA
BringWindowToTop
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
CharLowerA
CharLowerW
CharUpperA
CharUpperW
EnableMenuItem
SetWindowPos
LoadImageA
CopyRect
InvalidateRect
GetParent
FillRect
GetSysColor
SetRect
DeleteMenu
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetMenu
CreateWindowExA
CharUpperBuffA
CharPrevA
CharNextA
OemToCharA
UpdateWindow
DispatchMessageA
TranslateMessage
PeekMessageA
GetClassNameA
SetCursor
LoadCursorA
MessageBoxA
GetActiveWindow
DialogBoxParamA
EndDialog
SetWindowTextA
SetDlgItemTextA
EnumWindows
WaitForInputIdle
IsWindow
CheckMenuItem
GetMenuState
ModifyMenuA
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
GetKeyState
IsWindowVisible
GetMessageA
CallNextHookEx
SetWindowsHookExA
ShowOwnedPopups
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuA
GetMenuItemID
GetMenuStringA
UnhookWindowsHookEx
GetWindow
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowLongA
CallWindowProcA
DefWindowProcA
GetDlgCtrlID
SetWindowPlacement
PtInRect
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
ScreenToClient
AdjustWindowRectEx
RegisterClassA
GetClassInfoExA

kernel32

TlsAlloc
lstrcpyA
GlobalHandle
TlsSetValue
TlsFree
IsBadReadPtr
TlsGetValue
GetDriveTypeA
lstrcpynA
GlobalReAlloc
GlobalSize
lstrcatA
lstrcmpA
IsDBCSLeadByte
FileTimeToDosDateTime
FileTimeToLocalFileTime
IsBadStringPtrA
GetTickCount
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetVolumeInformationA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GlobalDeleteAtom
SetThreadPriority
FlushFileBuffers
GlobalAddAtomA
SetLastError
GetCurrentProcessId
LocalFree
FormatMessageA
GetModuleFileNameW
InterlockedDecrement
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
MoveFileA
GetThreadLocale
LockFile
UnlockFile
DuplicateHandle
GetFullPathNameA
GetShortPathNameA
FileTimeToSystemTime
SystemTimeToFileTime
GetFileTime
LocalAlloc
GetPrivateProfileIntA
GlobalFlags
LocalReAlloc
InterlockedIncrement
GetAtomNameA
GetCPInfo
GetOEMCP
SetErrorMode
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
RaiseException
ExitProcess
HeapAlloc
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitThread
CreateThread
GetSystemTimeAsFileTime
GetCommandLineA
GetProcessHeap
GetStartupInfoA
SetCurrentDirectoryA
SetStdHandle
GetFileType
HeapSize
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
SetHandleCount
GetStdHandle
GetConsoleCP
GetConsoleMode
SetConsoleCtrlHandler
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
SetEnvironmentVariableA
WriteFile
SetFilePointer
GetFileAttributesA
SetFileAttributesA
CreateDirectoryA
OpenProcess
Process32Next
FindFirstFileA
RemoveDirectoryA
FindNextFileA
FindClose
GetCurrentProcess
GetWindowsDirectoryA
GetLocalTime
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
CopyFileA
GetVersionExA
WritePrivateProfileStringA
MoveFileExA
SetEndOfFile
FreeResource
GlobalLock
GlobalUnlock
GlobalFree
CreateEventA
ResumeThread
GlobalAlloc
SetEvent
ResetEvent
CreateFileA
GetFileSize
ReadFile
GetStringTypeExW
GetStringTypeExA
GetEnvironmentVariableW
GetEnvironmentVariableA
lstrlenA
lstrcmpiW
lstrcmpiA
CompareStringW
CompareStringA
lstrlenW
GetVersion
MultiByteToWideChar
InterlockedExchange
GetModuleFileNameA
InitializeCriticalSection
GetSystemDirectoryA
GetCurrentDirectoryA
GetPrivateProfileStringA
MulDiv
CreateProcessA
GetSystemDefaultLangID
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
TerminateThread
DeleteCriticalSection
Sleep
CreateMutexA
GetLastError
DeleteFileA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
CloseHandle
CreateFileW
SuspendThread

gdi32

CreateRectRgnIndirect
StretchDIBits
GetCharWidthA
GetTextMetricsA
GetRgnBox
GetTextColor
CombineRgn
SetRectRgn
PatBlt
CreatePatternBrush
GetTextExtentPoint32A
CreateHatchBrush
ExtCreatePen
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
CreateDIBPatternBrushPt
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
StartDocA
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
GetDCOrgEx
CopyMetaFileA
GetBkColor
SetBkMode
GetStockObject
CreateSolidBrush
CreateFontIndirectA
DPtoLP
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
SetBkColor
BitBlt
CreateDIBitmap
GetObjectA
CreateCompatibleDC
SelectObject
DeleteObject
DeleteDC
GetDeviceCaps
CreateDCA
CreateFontA
SelectPalette

comdlg32

GetSaveFileNameA
GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

CryptCreateHash
QueryServiceStatus
CloseServiceHandle
RegCreateKeyExA
RegSetValueA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
CryptGetHashParam
CryptDecrypt
CryptGenKey
CryptGetUserKey
CryptDeriveKey
CryptEncrypt
CryptExportKey
CryptVerifySignatureA
CryptImportKey
CryptSignHashA
OpenServiceA
CryptHashData
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextA
RegDeleteValueA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
ControlService

shell32

DragQueryFileA
DragFinish
ExtractIconA
SHGetFileInfoA
SHGetSpecialFolderPathA

comctl32

_TrackMouseEvent

oledlg

ord8

ole32

CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CreateStreamOnHGlobal
OleDuplicateData
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleRun
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterClassObject
CoRevokeClassObject
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromProgID
CoDisconnectObject
CLSIDFromString
CoCreateInstance
StringFromGUID2
CoGetClassObject

oleaut32

SafeArrayAllocDescriptor
SysStringLen
SysFreeString
SysAllocStringByteLen
SysStringByteLen
VariantClear
LoadTypeLi
SysAllocString
OleCreateFontIndirect
VarBstrFromDate
VarCyFromStr
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarDateFromStr
SysReAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
VariantChangeType
SafeArrayAllocData
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
VariantInit
OleLoadPicture

Sections

.text
Size: 716KB - Virtual size: 714KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6ed8bad93ea3fdbeb6aa02b33ffe3b3e

Headers

File Characteristics

PDB Paths

Imports

shlwapi

version

wininet

ws2_32

user32

kernel32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

oleaut32

Sections

.text Size: 716KB - Virtual size: 714KB

.rdata Size: 144KB - Virtual size: 140KB

.data Size: 28KB - Virtual size: 40KB

.rsrc Size: 160KB - Virtual size: 160KB

.text
Size: 716KB - Virtual size: 714KB

.rdata
Size: 144KB - Virtual size: 140KB

.data
Size: 28KB - Virtual size: 40KB

.rsrc
Size: 160KB - Virtual size: 160KB