44c9df16e34a862e8666b140d6cafdf2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

44c9df16e34a862e8666b140d6cafdf2_JaffaCakes118
Size

455KB
MD5

44c9df16e34a862e8666b140d6cafdf2
SHA1

8ed69bee606035b728933fc6dc9501139cef0ec5
SHA256

a994971e714606fe87727241cbd474fc1ae5206dd63e4fbf9ae4c97cee9aee6f
SHA512

669b72d0d88c84129c23804c44efdd953bd6dfb6ae1db91d3cebe929c6d3a27e7159f3150a79b711a4b434539a7b9b272ca713434b9539d2b69091a752e0e501
SSDEEP

6144:z6aZRt6D/Yh6zxap3vqv9XEHVOp/RJ5PNz2/cq7VcFOz8rYcoBBnXlRSRUqKfPwx:z6gRaYczxKiUVYWhoYn7yUzfMPl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44c9df16e34a862e8666b140d6cafdf2_JaffaCakes118

Files

44c9df16e34a862e8666b140d6cafdf2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8baaef076a6ab65d2f977558a28189ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Source\ToolsRepoBranches\MIPObscure\release\MicrogamingInstall.pdb

Imports

kernel32

GetModuleFileNameW
MultiByteToWideChar
FindFirstFileA
GetProcAddress
FindClose
RemoveDirectoryW
FindNextFileA
GetModuleHandleA
ReleaseMutex
GetVersionExA
DeleteFileW
SetEvent
GetPrivateProfileStringW
CreateEventA
CreateDirectoryA
CreateMutexA
OutputDebugStringA
FreeLibrary
LoadLibraryA
LocalFree
lstrcpynA
GetDriveTypeA
GetVolumeInformationA
DeviceIoControl
MoveFileExA
Process32First
GetFileAttributesA
TerminateProcess
GetSystemDirectoryA
GetLastError
GetLocalTime
Process32Next
CreateToolhelp32Snapshot
lstrlenA
lstrcpynW
GetFileAttributesW
lstrlenW
lstrcpyA
MapViewOfFile
InterlockedIncrement
GetPrivateProfileIntA
InterlockedExchange
InterlockedExchangeAdd
CreateFileMappingA
GetExitCodeThread
WaitForMultipleObjects
GetCurrentThreadId
CreateThread
SetEndOfFile
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLogicalDriveStringsA
GlobalMemoryStatusEx
GetSystemInfo
GetDiskFreeSpaceExA
CreateFileW
GetEnvironmentVariableA
GetCurrentThread
ReadFile
SetThreadPriority
ReleaseSemaphore
GetThreadTimes
ResumeThread
CompareStringW
CompareStringA
GetProcessHeap
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
HeapSize
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
HeapCreate
VirtualAlloc
VirtualFree
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStdHandle
InterlockedDecrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
GetFullPathNameA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
FileTimeToLocalFileTime
FormatMessageW
CopyFileW
WideCharToMultiByte
GetVolumePathNameW
WriteFile
FormatMessageA
CreateDirectoryW
SetFilePointer
GetFileSize
GetComputerNameA
DeleteFileA
CreateFileA
GetTempPathA
GetCurrentProcessId
CloseHandle
GetModuleFileNameA
GetTempFileNameA
CopyFileA
RemoveDirectoryA
lstrcmpiA
CreateProcessA
Sleep
OpenProcess
WaitForSingleObject
CreateProcessW
CreateSemaphoreA
FileTimeToSystemTime
MoveFileA
HeapReAlloc
HeapFree
ExitThread
GetSystemTimeAsFileTime
HeapAlloc
ExitProcess
GetModuleHandleW
SetFileAttributesA

user32

UpdateWindow
MapWindowPoints
LoadImageA
IsWindowVisible
GetSystemMetrics
RegisterClassW
MessageBoxW
DispatchMessageA
CreateWindowExW
CreatePopupMenu
SetLayeredWindowAttributes
GetCursorPos
SetWindowPos
CreateWindowExA
ReleaseDC
PeekMessageA
EnableWindow
AppendMenuW
GetWindowLongW
InvalidateRect
SetWindowLongA
OffsetRect
ChildWindowFromPoint
TranslateMessage
IsDialogMessageA
SendMessageA
SetFocus
GetClientRect
IsWindowEnabled
LoadIconA
SetForegroundWindow
GetWindowDC
TrackPopupMenu
AdjustWindowRect
LoadCursorA
GetDlgCtrlID
DefWindowProcW
FlashWindowEx
MoveWindow
DefWindowProcA
ShowWindow
PostThreadMessageA
CopyRect
SetActiveWindow
GetWindowRect
GetMessageA
DestroyWindow
RegisterClassA
wsprintfW
PostMessageA
SetWindowTextA
wsprintfA
MessageBoxA
SetWindowLongW
GetActiveWindow

gdi32

DeleteDC
CreateDIBSection
GetDIBits
DeleteObject
SelectObject
CreateCompatibleDC
GetStockObject
BitBlt

advapi32

GetUserNameA
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyW
RegQueryValueW
OpenSCManagerA
CloseServiceHandle
OpenServiceA
RegSetValueExW
RegQueryValueExW
RegSetValueW
RegSetValueA
FreeSid
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA

shell32

SHGetFolderPathW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation
Shell_NotifyIconA
SHGetSpecialFolderPathA
SHChangeNotify
ShellExecuteA

ole32

OleUninitialize
OleInitialize
OleCreate
OleSetContainedObject
CoTaskMemFree
StringFromIID
CLSIDFromProgID
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoCreateGuid
CoCreateInstance

oleaut32

SafeArrayAccessData
SafeArrayCreateVector
VariantTimeToSystemTime
VariantChangeType
VariantInit
VariantClear
SysAllocString
SysFreeString
SysAllocStringLen
SysStringLen
VariantCopy
SafeArrayUnaccessData

wsock32

WSAStartup
gethostbyname
inet_addr
ioctlsocket
htonl
WSAGetLastError
htons
ntohs
getservbyport
getservbyname
WSASetLastError
gethostbyaddr
WSACleanup

wininet

InternetSetOptionA
InternetOpenUrlA
InternetCrackUrlA
InternetOpenA
InternetOpenUrlW
InternetOpenW
InternetQueryOptionA
HttpSendRequestA
HttpOpenRequestA
HttpQueryInfoA
InternetReadFile
InternetGetLastResponseInfoA
InternetConnectA
InternetCreateUrlA
InternetCrackUrlW
InternetCloseHandle

shlwapi

PathAppendA
SHDeleteKeyA
PathCanonicalizeW
PathAppendW
StrStrA
PathCanonicalizeA

psapi

GetModuleFileNameExA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

ws2_32

WSAAddressToStringA

urlmon

CoInternetGetSession

Exports

Exports

?CreateDefaultBrowserInfo@@YGPAVIDefaultBrowserInfo@@XZ
?CreateDirectXVersionInfo@@YGPAVIDirectXVersionInfo@@XZ
?CreateDisplaysDeviceInfo@@YGPAVIDisplayDevicesInfo@@XZ
?CreateFixedDriveInfo@@YGPAVIFixedDriveInfo@@XZ
?CreateFixedDrivesInfo@@YGPAVIFixedDrivesInfo@@XZ
?CreateFlashInfo@@YGPAVIFlashInfo@@XZ
?CreateIEVersionInfo@@YGPAVIIEVersionInfo@@XZ
?CreateMacAddress@@YGPAVIMacAddress@@XZ
?CreateMachineInfo@@YGPAVIMachineInfo@@XZ
?CreateMachineInfoXML@@YGPAVIMachineInfoXML@@XZ
?CreateOSInfo@@YGPAVIOSInfo@@XZ
?CreateProcessorsInfo@@YGPAVIProcessorsInfo@@XZ
?CreateRamInfo@@YGPAVIRamInfo@@XZ
?CreateSoundDevicesInfo@@YGPAVISoundDevicesInfo@@XZ
?CreateUserExperience@@YGPAVIUserExperience@@XZ
?CreateVMInfo@@YGPAVIVMInfo@@XZ

Sections

.text
Size: 350KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8baaef076a6ab65d2f977558a28189ff

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wsock32

wininet

shlwapi

psapi

version

ws2_32

urlmon

Exports

Exports

Sections

.text Size: 350KB - Virtual size: 349KB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 55KB - Virtual size: 78KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 350KB - Virtual size: 349KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 55KB - Virtual size: 78KB

.rsrc
Size: 4KB - Virtual size: 3KB