4801903a261d66263fa7b60dae1a3023_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4801903a261d66263fa7b60dae1a3023_JaffaCakes118
Size

258KB
MD5

4801903a261d66263fa7b60dae1a3023
SHA1

6e382691218419e3a310216bce4071ddb0d60cec
SHA256

04b16923bb208bebc65b7bc82438500e20424e8b659751c41aac1ebf299cc813
SHA512

097b846e9af43999989cecade65b0cbff503a29615507672316760aa349bfd0c1f7d036cc1a1a2a0e54371276f1b403d5058c91f403612013379136627a70607
SSDEEP

6144:RUmmMURf3WQguOMtofTfRvgxRi2mnpd0aYvJmI7oC:fm9533guOMefTfRKRi2mnuhf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4801903a261d66263fa7b60dae1a3023_JaffaCakes118

Files

4801903a261d66263fa7b60dae1a3023_JaffaCakes118
.exe windows:5 windows x86 arch:x86

39b01aded6073c5a6c80b67ea5ed9ceb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\120201_150338_build_ZeeDip_ZeeDip_1.0.6.0\source\source_sa\bin\Release\ClientSACB.pdb

Imports

comctl32

ord17

kernel32

lstrcmpW
MulDiv
LoadLibraryW
GetVersionExW
lstrcpynA
lstrcpynW
GetTickCount
DeleteFileW
ReadFile
GetFileSize
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
LCMapStringW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
Sleep
HeapCreate
GetStdHandle
WriteFile
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
HeapSetInformation
GetCommandLineW
DecodePointer
EncodePointer
VirtualQuery
GetSystemInfo
VirtualProtect
RtlUnwind
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetLastError
MultiByteToWideChar
lstrlenA
SetLastError
CloseHandle
GetCurrentProcess
LocalFree
LocalAlloc
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FlushInstructionCache
lstrlenW
GetCurrentThreadId
GetProcAddress
GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
LoadLibraryExW
FreeLibrary
lstrcmpiW

user32

RemoveMenu
GetMenuItemCount
AppendMenuW
DestroyMenu
CreatePopupMenu
FindWindowW
SendMessageTimeoutA
CreateAcceleratorTableW
GetMenuItemInfoW
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
ReleaseCapture
LoadStringA
GetDlgItem
IsChild
SetFocus
MonitorFromPoint
CreateWindowExW
DestroyWindow
SendMessageW
SetWindowPos
GetClientRect
RedrawWindow
GetParent
GetDlgCtrlID
TrackMouseEvent
DefWindowProcW
SetWindowLongW
GetWindowLongW
CallWindowProcW
TrackPopupMenuEx
MessageBeep
PeekMessageW
SendMessageTimeoutW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
FindWindowExW
LoadIconW
AnimateWindow
GetClassNameW
IsWindow
CopyRect
GetSysColor
GetFocus
wvsprintfW
CharNextW
RegisterClassExW
LoadImageW
LoadCursorW
GetClassInfoExW
LoadAcceleratorsW
LoadMenuW
LoadStringW
DispatchMessageW
UnregisterClassA
TranslateMessage
GetMessageW
FillRect
DrawTextW
DrawEdge
SetWindowTextW
MoveWindow
BringWindowToTop
GetWindowRect
SetCapture
InvalidateRgn
ReleaseDC
GetDC
ClientToScreen
PostQuitMessage
SetForegroundWindow
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetCursor
InflateRect
SetRectEmpty
PtInRect
IsRectEmpty
GetWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
KillTimer
SetTimer
IsWindowVisible
ShowWindow
InvalidateRect
ScreenToClient

gdi32

CreateSolidBrush
GetDeviceCaps
CreateCompatibleBitmap
GetStockObject
SetBkColor
ExtTextOutW
SetTextColor
SetBkMode
BitBlt
CreateDIBSection
GetObjectW
SetDIBColorTable
SelectObject
DeleteDC
CreateCompatibleDC
DeleteObject

advapi32

RegOpenKeyExW
CreateProcessAsUserW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
FreeSid
GetTokenInformation
GetSidSubAuthority
OpenProcessToken
DuplicateTokenEx
AllocateAndInitializeSid
GetLengthSid
SetTokenInformation

shell32

ShellExecuteW

ole32

OleUninitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysStringLen
VarUI4FromStr
SysAllocString
SysAllocStringLen
SysFreeString
DispCallFunc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

gdiplus

GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdiplusShutdown
GdipDrawImageI
GdipCloneImage
GdipGetImagePixelFormat
GdipCreateBitmapFromStream

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39b01aded6073c5a6c80b67ea5ed9ceb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

version

gdiplus

Sections

.text Size: 162KB - Virtual size: 162KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 9KB - Virtual size: 19KB

.rsrc Size: 37KB - Virtual size: 36KB

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 162KB - Virtual size: 162KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 9KB - Virtual size: 19KB

.rsrc
Size: 37KB - Virtual size: 36KB

.reloc
Size: 14KB - Virtual size: 13KB