485b62b7c1292ae953dade690f9e06c5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

485b62b7c1292ae953dade690f9e06c5_JaffaCakes118
Size

1.3MB
MD5

485b62b7c1292ae953dade690f9e06c5
SHA1

760c6f85dd1e92aedf92524a729ab3635b1cbf52
SHA256

bfc970d0410e0191a3f23b83410385632273155a071ae218c5e45d2bc64fc16c
SHA512

abe844547a9ff261aa0b67e70c6faec022d22bc3012f163980e48ff45dadacca849f213cc2a2e8644a35eced107c15154c24151e57e14aef6dbefc101e1ffa00
SSDEEP

24576:141OC6Y9a8hFKg6zMoJbqh8tS+Df6GUGFi7lBdGx:gzsrvDf6GrFe3gx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
485b62b7c1292ae953dade690f9e06c5_JaffaCakes118

Files

485b62b7c1292ae953dade690f9e06c5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

75bb670159377ffe19705edf1e8f82cc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

u:\p4clients\rel_beta\Projects\GazelleProto\Client\BootStrapper\VC80_Release_Static\Bootstrapper.pdb

Imports

ws2_32

bind
select
__WSAFDIsSet
WSACleanup
WSAStartup
closesocket
socket
recvfrom
sendto
getsockname
WSASetLastError
shutdown
WSARecv
WSASend
inet_addr
gethostbyname
gethostname
htons
htonl
ioctlsocket
setsockopt
send
connect
recv
WSAGetLastError

kernel32

GetCurrentThread
LocalAlloc
LocalFree
GetVersionExA
GetSystemInfo
SetThreadPriority
SetUnhandledExceptionFilter
QueryPerformanceFrequency
QueryPerformanceCounter
SetLastError
GlobalAlloc
lstrcmpA
GlobalLock
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GlobalDeleteAtom
FreeResource
GlobalFree
GlobalUnlock
MulDiv
GlobalAddAtomA
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
GlobalFlags
WritePrivateProfileStringA
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
SetEndOfFile
GetThreadLocale
FileTimeToSystemTime
WriteFile
FlushFileBuffers
GetCPInfo
GetOEMCP
SetErrorMode
FileTimeToLocalFileTime
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
GetSystemTimeAsFileTime
ExitProcess
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
SetEnvironmentVariableA
ExitThread
CreateThread
GetDriveTypeA
VirtualAlloc
GetStartupInfoA
RtlUnwind
HeapSize
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
IsValidCodePage
SetEnvironmentVariableW
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
SetFilePointer
ReadFile
GetFileSize
CreateMutexA
SetFileAttributesA
GetLongPathNameA
CopyFileA
CreateDirectoryA
DeleteFileA
GetTempFileNameA
TerminateThread
ResumeThread
FormatMessageA
InterlockedIncrement
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetACP
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFileAttributesA
GetFullPathNameA
ResetEvent
GetTickCount
FlushViewOfFile
CreateFileA
GetCurrentThreadId
GetTempPathA
GetCurrentProcess
RaiseException
GetModuleFileNameA
GetVersion
CompareStringA
InterlockedExchange
MultiByteToWideChar
CompareStringW
WideCharToMultiByte
lstrlenA
RemoveDirectoryA
GetCurrentProcessId
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
FreeLibrary
GetProcAddress
LoadLibraryA
GetExitCodeProcess
WaitForSingleObject
SetEvent
OpenEventA
GetExitCodeThread
GetDiskFreeSpaceExA
SetCurrentDirectoryW
GetModuleFileNameW
GetCommandLineA
InterlockedDecrement
FindClose
FindNextFileA
FindFirstFileA
SystemTimeToFileTime
GetSystemTime
CreateProcessA
MoveFileA
Sleep
WaitForMultipleObjects
CreateEventA
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
TlsFree
CreateFileW

user32

LoadCursorA
GetSysColorBrush
DestroyMenu
UnregisterClassA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
GetLastActivePopup
GetSysColor
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
PostQuitMessage
ReleaseDC
GetDC
CopyRect
IsWindow
SetForegroundWindow
ShowWindow
EnableWindow
SendMessageA
GetDesktopWindow
KillTimer
SendMessageW
DrawIcon
GetSystemMetrics
MoveWindow
SetWindowTextA
IsDialogMessageA
IsIconic
SetTimer
LoadImageA
DrawTextW
OffsetRect
InflateRect
GetClientRect
MessageBoxW
MessageBoxA
RegisterWindowMessageA
PostMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
SetCursor

gdi32

Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
CreateBitmap
CreateCompatibleDC
GetStockObject
ExtTextOutA
GetDeviceCaps
TextOutA
RectVisible
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
DeleteObject
CreateSolidBrush
BitBlt
GetObjectA
PtVisible

advapi32

RegQueryValueA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyA
RegDeleteValueA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyA

shell32

Shell_NotifyIconA
Shell_NotifyIconW
ShellExecuteA

oleaut32

VariantInit
VariantChangeType
VariantClear

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

shlwapi

PathFindExtensionA
PathFindFileNameA
SHDeleteKeyA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

Win32MiniDumpInit

Sections

.text
Size: 836KB - Virtual size: 835KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 256KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 48KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

75bb670159377ffe19705edf1e8f82cc

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

gdi32

advapi32

shell32

oleaut32

winspool.drv

shlwapi

version

Exports

Exports

Sections

.text Size: 836KB - Virtual size: 835KB

.rdata Size: 256KB - Virtual size: 254KB

.data Size: 48KB - Virtual size: 76KB

.rsrc Size: 132KB - Virtual size: 132KB

.text
Size: 836KB - Virtual size: 835KB

.rdata
Size: 256KB - Virtual size: 254KB

.data
Size: 48KB - Virtual size: 76KB

.rsrc
Size: 132KB - Virtual size: 132KB