47be408472d47d7be5eb752e8513e76b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

47be408472d47d7be5eb752e8513e76b_JaffaCakes118
Size

850KB
MD5

47be408472d47d7be5eb752e8513e76b
SHA1

65692db0e7f80e4b2f8b09685583b5d4050cfe57
SHA256

4d7d445f825db745c750e397dfbd3ff556697f1491a8c8102b0941f901857e07
SHA512

9aea2fefe83da1f57af7da1507c90e3e83d25c68e82b9e99030dadb517c0e0908702e97827bda3c2b3c53e2821252d813146c0ba11ac9dc561a8c47c46feb25d
SSDEEP

12288:AikfB9yPuWcV1Hvk033tcIQ/EaAzFYbZnnMlZgmL:Aiu9Ds039cIQcaAz5nL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47be408472d47d7be5eb752e8513e76b_JaffaCakes118

Files

47be408472d47d7be5eb752e8513e76b_JaffaCakes118
.exe windows:4 windows x64 arch:x64

39bb520a0809ef90a771fa5296558dfa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

s:\dev\products\aefltrs2\x64\release-sigmatel\AESTFl64.pdb

Imports

winmm

waveOutClose
waveInOpen
waveInStart
waveInStop
waveInClose
waveOutReset
waveOutUnprepareHeader
waveInReset
waveInPrepareHeader
waveInUnprepareHeader
waveInAddBuffer
waveOutWrite
waveOutPrepareHeader
waveOutOpen

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shlwapi

PathFindExtensionA
PathFindFileNameA

kernel32

TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
GetThreadLocale
GetCurrentDirectoryA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
GetFullPathNameA
SetErrorMode
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
DeleteCriticalSection
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
ExitProcess
ExitThread
CreateThread
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
RtlVirtualUnwind
GetACP
IsValidCodePage
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
LCMapStringA
LCMapStringW
HeapSetInformation
HeapCreate
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetTimeZoneInformation
GetDriveTypeA
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetPrivateProfileStringA
WritePrivateProfileStringA
SuspendThread
SetEvent
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GetModuleFileNameW
GetCurrentProcessId
GlobalAlloc
FormatMessageA
LocalFree
MulDiv
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindClose
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
SetLastError
lstrcmpW
MultiByteToWideChar
CompareStringW
CompareStringA
GetVersion
ResetEvent
CreateEventA
SetThreadPriority
ResumeThread
WaitForSingleObject
TerminateThread
Sleep
DeviceIoControl
CloseHandle
CreateFileA
lstrcpyA
GetUserDefaultUILanguage
GetSystemDefaultLangID
EnumUILanguagesA
GetCurrentProcess
IsWow64Process
GetNativeSystemInfo
GetVersionExA
FindResourceExA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetLastError
lstrlenA
CreateProcessA
HeapFree

user32

GrayStringA
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
GetWindowThreadProcessId
PostQuitMessage
ValidateRect
TranslateMessage
GetMessageA
SetCursor
DestroyMenu
WindowFromPoint
GetSysColorBrush
LoadCursorA
UnregisterClassA
DrawTextExA
TabbedTextOutA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
IsWindowEnabled
ShowWindow
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
TrackPopupMenu
GetKeyState
IsWindowVisible
UpdateWindow
GetMenu
GetMenuItemID
GetMenuItemCount
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
GetParent
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetWindow
MoveWindow
SetWindowPlacement
GetWindowPlacement
OffsetRect
IsWindow
DrawIcon
GetSubMenu
GetSystemMetrics
IsIconic
LoadIconA
SetWindowRgn
SetMenuDefaultItem
SystemParametersInfoA
IntersectRect
CopyRect
SetTimer
KillTimer
InflateRect
GetSysColor
SetRect
LoadMenuA
LoadMenuIndirectA
FindWindowA
ReleaseCapture
PtInRect
GetCursorPos
SetCapture
GetClientRect
FillRect
ScreenToClient
DrawTextA
ClientToScreen
DrawFocusRect
GetFocus
SendMessageA
InvalidateRect
LoadBitmapA
GetWindowRect
RegisterWindowMessageA
SetWindowLongA
PostMessageA
GetWindowLongA
BringWindowToTop
SetForegroundWindow
EnableWindow
SetFocus
SetWindowPos

gdi32

SelectObject
CreatePolygonRgn
GetClipBox
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreateFontIndirectA
DeleteDC
GetStockObject
CreatePen
CreateSolidBrush
GetTextExtentPoint32A
CreateCompatibleDC
GetMapMode
CreateCompatibleBitmap
CreateBitmap
BitBlt
CreateBitmapIndirect
SetPixel
GetObjectA
GetPixel
DeleteObject
MoveToEx
LineTo
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetDeviceCaps
SetBkColor
SetTextColor

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyA
RegOpenKeyA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA

shell32

Shell_NotifyIconA

oleaut32

VariantClear
VariantInit
VariantChangeType

Sections

.text
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�K
Size: 382KB - Virtual size: 381KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39bb520a0809ef90a771fa5296558dfa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

version

shlwapi

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

oleaut32

Sections

.text Size: 327KB - Virtual size: 326KB

.rdata Size: 98KB - Virtual size: 97KB

.data Size: 13KB - Virtual size: 36KB

.pdata Size: 23KB - Virtual size: 23KB

�K Size: 382KB - Virtual size: 381KB

.text
Size: 327KB - Virtual size: 326KB

.rdata
Size: 98KB - Virtual size: 97KB

.data
Size: 13KB - Virtual size: 36KB

.pdata
Size: 23KB - Virtual size: 23KB

�K
Size: 382KB - Virtual size: 381KB