4c3132f25d2261e0de51cf2a7273a563_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4c3132f25d2261e0de51cf2a7273a563_JaffaCakes118
Size

688KB
MD5

4c3132f25d2261e0de51cf2a7273a563
SHA1

fb4aeb95058c488c970d911de31829ffe09f0830
SHA256

442fb5b345717d0f9e5289bbcd54ae8495b602ded072647d5b6efffdce502c91
SHA512

df5c048e4c56c02299fdff35264fbd2cf47b99a064c32baca1b3118225e2b7c306709443fb10f66d5cd4ff26cf3f8262be86f49dc561c79322b9427464b86510
SSDEEP

12288:XCxtQ6PLKCeSR0e3bL/qptBJefL8Xim4ZrYJaJ7yE3KSNe6anUNkud81kTQTX8OB:SHQ6zBLGMj8Xim4ZrYJaJ7R3KScUaa8X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c3132f25d2261e0de51cf2a7273a563_JaffaCakes118

Files

4c3132f25d2261e0de51cf2a7273a563_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5300c90e423d11574cae12ff02b0e356

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\BuildServer\work-downloader-1-7-branch\core-repository\branches\downloader-1-7-branch\Downloader\Release\WindowsClient.pdb

Imports

iphlpapi

GetTcpTable
GetAdaptersInfo

wininet

HttpOpenRequestA
InternetConnectA
InternetOpenA
HttpSendRequestA
InternetCrackUrlA
InternetSetStatusCallback
HttpAddRequestHeadersA
InternetReadFile
HttpQueryInfoA
InternetSetOptionA
InternetCloseHandle
InternetReadFileExA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

comctl32

ord17

rpcrt4

UuidCreate

ws2_32

WSAGetLastError
htons
gethostbyname
WSASetLastError
htonl
getsockname
select
ioctlsocket
closesocket
setsockopt
__WSAFDIsSet
WSACleanup
gethostname
WSAStartup
getsockopt
socket
connect
listen
bind
recv
send
ntohs
getpeername
ntohl
inet_ntoa
accept

kernel32

GetFileType
GetStdHandle
GetModuleFileNameA
GetTempFileNameA
GetTempPathA
CreateThread
GetUserDefaultLangID
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
LoadLibraryA
CloseHandle
SetFileAttributesA
GetDiskFreeSpaceExA
GetVersionExA
GetComputerNameA
GetLastError
CreateEventA
InterlockedExchange
GetACP
GetLocaleInfoA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
WriteFile
SetEvent
DeleteFileA
OpenMutexA
CopyFileA
GetCurrentDirectoryA
WaitForSingleObject
CreateFileA
CreateMutexA
GetModuleHandleA
ResetEvent
GetFileSize
GlobalFree
GlobalAlloc
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
SetHandleCount
IsBadWritePtr
VirtualFree
HeapCreate
UnhandledExceptionFilter
HeapSize
GetOEMCP
SetUnhandledExceptionFilter
GetCPInfo
LCMapStringW
LCMapStringA
GetCurrentThreadId
ExitThread
HeapReAlloc
GetFullPathNameA
GetCommandLineA
GetStartupInfoA
GetCurrentProcess
TerminateProcess
ExitProcess
VirtualQuery
VirtualAlloc
VirtualProtect
HeapAlloc
HeapFree
RtlUnwind
InterlockedIncrement
InterlockedDecrement
GetSystemInfo
GetDiskFreeSpaceA
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
CreateProcessA
WaitForSingleObjectEx
LeaveCriticalSection
EnterCriticalSection
FileTimeToSystemTime
Sleep
GetTickCount
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetDriveTypeA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
QueryPerformanceCounter
MoveFileA
GetFileTime
GetCurrentProcessId
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetLocaleInfoW
SetLastError
SetEndOfFile
SetFilePointer
FlushFileBuffers
ReadFile
SetCurrentDirectoryA
CreateDirectoryA
HeapDestroy
GetFileAttributesA

user32

GetWindowTextA
SendMessageA
GetDlgItem
ScreenToClient
GetWindowRect
EnumWindows
FindWindowA
PostMessageA
InvalidateRect
GetClientRect
wsprintfA
KillTimer
SetTimer
MoveWindow
BringWindowToTop
ShowWindow
LoadIconA
SystemParametersInfoA
SetWindowPos
CopyImage
DrawTextA
EnumChildWindows
GetWindowTextLengthA
GetParent
SetPropA
GetWindowLongA
GetCapture
SetCapture
ClientToScreen
PtInRect
ReleaseCapture
LoadCursorA
SetCursor
GetPropA
CallWindowProcA
RemovePropA
GetDesktopWindow
EnableWindow
GetMenu
ModifyMenuA
LoadImageA
IsWindowVisible
CreateDialogParamA
WaitForInputIdle
DialogBoxParamA
SetForegroundWindow
SetWindowLongA
GetDC
FillRect
ReleaseDC
CheckDlgButton
IsDlgButtonChecked
EndDialog
MessageBoxA
SetDlgItemTextA
SetWindowTextA

gdi32

GetObjectA
CreateFontIndirectA
SetBkMode
SetBkColor
SetTextColor
GetStockObject
StretchBlt
CreateCompatibleDC
CreateBitmap
SelectObject
CreateSolidBrush
SetPixel
DeleteObject

comdlg32

GetSaveFileNameA

advapi32

RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegQueryValueExA
GetUserNameA

shell32

SHBrowseForFolderA
SHGetMalloc
SHGetPathFromIDListA
ShellExecuteA
Shell_NotifyIconA
SHGetSpecialFolderLocation

ole32

CoInitialize
OleInitialize
OleSetContainedObject
OleCreate
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantClear
VariantInit
OleLoadPicture

Sections

.text
Size: 488KB - Virtual size: 484KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5300c90e423d11574cae12ff02b0e356

Headers

File Characteristics

PDB Paths

Imports

iphlpapi

wininet

version

comctl32

rpcrt4

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 488KB - Virtual size: 484KB

.rdata Size: 152KB - Virtual size: 151KB

.data Size: 20KB - Virtual size: 33KB

.rsrc Size: 24KB - Virtual size: 21KB

.text
Size: 488KB - Virtual size: 484KB

.rdata
Size: 152KB - Virtual size: 151KB

.data
Size: 20KB - Virtual size: 33KB

.rsrc
Size: 24KB - Virtual size: 21KB