5e6cdb606faafc2bc8a14a8f627eef37_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5e6cdb606faafc2bc8a14a8f627eef37_JaffaCakes118
Size

18.7MB
MD5

5e6cdb606faafc2bc8a14a8f627eef37
SHA1

8f16c2066a362671749e164f38e51d0f1ef410c5
SHA256

ad89190fcc0c0122d56b57bf92d08889ee5de11aa32da9889b264ed7b831da10
SHA512

a6df58f742b995d3a752b602fd9cb788c5558b18701607b0941ad2254f5e10d137c28d8905f77913ab59cd61d1af3115a0a57111d09faed0c3fd695acbaa3d19
SSDEEP

49152:lFtY3jUS/v0oKvMLzh8GzL+ZmVQ5HmxYWVdzjBiGGddy/6bmd+60lE5z:e3jUSX02vKZmu53aFlHGdd42m0lE5z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e6cdb606faafc2bc8a14a8f627eef37_JaffaCakes118

Files

5e6cdb606faafc2bc8a14a8f627eef37_JaffaCakes118
.exe windows:4 windows x86 arch:x86

92bfc51944540245eca4794ddd1152ea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\autobuild\mike\antivirus360remover\trunk\release\AntiVirus360Remover.pdb

Imports

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

tcl

Tcl_SplitList
Tcl_CreateCommand
Tcl_DeleteInterp
Tcl_GetStringResult
Tcl_DeleteClone
Tcl_Clone_Interp
Tcl_CreateInterp
Tcl_ProcCmd
Tcl_FreeList
Tcl_SetResult
Tcl_EvalEx

kernel32

WriteFile
lstrcmpA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThreadId
GetCurrentThread
GlobalDeleteAtom
GetModuleFileNameW
SetThreadPriority
SuspendThread
GlobalAddAtomA
GetCurrentProcessId
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
GetThreadLocale
SetFilePointer
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
LocalAlloc
GetPrivateProfileIntA
GetPrivateProfileStringA
InterlockedIncrement
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetCurrentDirectoryA
GlobalFlags
GetCPInfo
GetOEMCP
SetErrorMode
GetTickCount
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
HeapReAlloc
VirtualProtect
VirtualQuery
GetCommandLineA
GetStartupInfoA
ExitThread
CreateThread
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
SetEnvironmentVariableA
SetStdHandle
GetFileType
ExitProcess
RaiseException
HeapSize
GetACP
IsValidCodePage
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetDriveTypeA
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileW
SearchPathA
CreateProcessA
GetLogicalDriveStringsA
lstrcatA
ReadFile
VirtualFree
VirtualAlloc
DisconnectNamedPipe
FlushFileBuffers
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
ConnectNamedPipe
SetCurrentDirectoryA
GetFileSize
TerminateThread
CreateFileA
GetSystemTime
SystemTimeToFileTime
InterlockedDecrement
WinExec
lstrcpynA
FileTimeToLocalFileTime
GetSystemDirectoryA
FindFirstFileA
FindNextFileA
FindClose
GetTempPathA
GetProcessHeap
HeapAlloc
WritePrivateProfileStringA
HeapFree
FreeLibrary
LoadLibraryA
SetLastError
GetVersionExA
GetSystemInfo
FormatMessageA
FileTimeToSystemTime
GetFileTime
TerminateProcess
ExpandEnvironmentStringsA
DeleteFileA
LocalFree
GetFileAttributesA
CreateNamedPipeA
GetCurrentProcess
lstrcpyA
LeaveCriticalSection
SetConsoleScreenBufferSize
EnterCriticalSection
GetStdHandle
GetConsoleScreenBufferInfo
AllocConsole
DeleteCriticalSection
FreeConsole
CreateDirectoryA
GetLocalTime
Sleep
InitializeCriticalSection
GetModuleFileNameA
ResumeThread
GlobalFree
MulDiv
GlobalUnlock
ResetEvent
GlobalLock
SetEvent
WaitForSingleObject
CloseHandle
GetWindowsDirectoryA
CreateEventA
GlobalAlloc
GetProcAddress
FreeResource
GetModuleHandleA
GetEnvironmentVariableA
lstrlenA
CompareStringW
CompareStringA
GetVersion
GetLastError
MultiByteToWideChar
InterlockedExchange
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
UnhandledExceptionFilter

user32

RegisterClipboardFormatA
PostThreadMessageA
IsChild
GetClassLongA
GetClassNameA
RemovePropA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
UpdateWindow
GetMenu
GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
GetScrollInfo
CallWindowProcA
OffsetRect
IntersectRect
GetWindowPlacement
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetLastActivePopup
SetWindowsHookExA
CallNextHookEx
GetMessageA
GetActiveWindow
IsWindowVisible
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
CheckMenuItem
GrayStringA
DrawTextExA
TabbedTextOutA
UnhookWindowsHookEx
GetKeyState
GetFocus
SetFocus
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GetWindow
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
PeekMessageA
DispatchMessageA
TranslateMessage
GetSysColorBrush
SystemParametersInfoA
GetWindowDC
ScreenToClient
ModifyMenuA
EqualRect
IsWindow
DeleteMenu
PtInRect
LoadIconA
IsIconic
DrawIcon
FindWindowA
GetDesktopWindow
ExitWindowsEx
MessageBoxA
TrackMouseEvent
GetSystemMetrics
GetNextDlgGroupItem
InvalidateRgn
CopyIcon
GetCaretPos
LoadBitmapA
BeginPaint
SetPropA
GetDlgCtrlID
IsRectEmpty
CopyAcceleratorTableA
SetCapture
MessageBeep
WinHelpA
RedrawWindow
SetTimer
HideCaret
SendMessageA
CharNextA
SetWindowContextHelpId
MapDialogRect
DestroyMenu
InflateRect
RegisterWindowMessageA
EnableMenuItem
CharUpperA
EnableWindow
GetWindowRect
CopyRect
PostMessageA
GetWindowLongA
KillTimer
SetWindowLongA
SetWindowPos
SetRect
GetCursorPos
LoadMenuA
SetForegroundWindow
GetSubMenu
LoadImageA
SetWindowRgn
GetClientRect
InvalidateRect
GetDC
ReleaseDC
GetParent
DefWindowProcA
GetPropA
UnregisterClassA
RegisterClassExA
DrawTextA
GetWindowTextA
GetWindowTextLengthA
SendMessageCallbackA
CreateWindowExA
EndPaint
DrawFocusRect
DrawEdge
WindowFromPoint
GetCapture
ReleaseCapture
ClientToScreen
SetClassLongA
SetCursor
GetSysColor
DestroyCursor
FillRect
LoadCursorA
RegisterClassA

gdi32

GetCurrentObject
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
ExtSelectClipRgn
CreateRectRgn
CreatePen
CreateRectRgnIndirect
GetTextExtentPoint32A
GetMapMode
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
GetPixel
CreateSolidBrush
DeleteObject
GetObjectA
MoveToEx
LineTo
GetClipBox
SetMapMode
RestoreDC
SaveDC
GetDIBits
CreateFontA
SetTextColor
SetBkColor
SetBkMode
CreateFontIndirectA
ExtTextOutA
GetTextMetricsA
SelectClipRgn
DeleteDC
SelectObject
GetDeviceCaps
Rectangle
GetStockObject
CreatePatternBrush
CreateCompatibleBitmap
BitBlt
StretchBlt
CombineRgn
CreateCompatibleDC
CreateBitmap
ExtCreateRegion

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ord17
_TrackMouseEvent

shlwapi

PathIsUNCA
PathIsDirectoryA
SHDeleteKeyA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
UrlUnescapeA
PathFileExistsA

oledlg

ord8

ole32

CoCreateInstance
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
CLSIDFromString
CoRegisterMessageFilter
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
OleFlushClipboard

oleaut32

VariantClear
SysAllocString
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantChangeType
VariantInit
SysStringLen
SysAllocStringByteLen
SysFreeString
OleCreateFontIndirect
VariantCopy
SysAllocStringLen
SafeArrayDestroy
OleLoadPicture

wininet

HttpOpenRequestA
InternetOpenUrlA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetSetOptionExA
InternetQueryDataAvailable
HttpQueryInfoA
InternetCloseHandle
InternetGetLastResponseInfoA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

zlib

inflateEnd
inflateInit2_
inflate

msimg32

GradientFill

Sections

.text
Size: 824KB - Virtual size: 822KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 268KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17.6MB - Virtual size: 17.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92bfc51944540245eca4794ddd1152ea

Headers

File Characteristics

PDB Paths

Imports

rpcrt4

tcl

kernel32

user32

gdi32

comdlg32

winspool.drv

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

version

zlib

msimg32

Sections

.text Size: 824KB - Virtual size: 822KB

.rdata Size: 268KB - Virtual size: 266KB

.data Size: 60KB - Virtual size: 73KB

.rsrc Size: 17.6MB - Virtual size: 17.6MB

.text
Size: 824KB - Virtual size: 822KB

.rdata
Size: 268KB - Virtual size: 266KB

.data
Size: 60KB - Virtual size: 73KB

.rsrc
Size: 17.6MB - Virtual size: 17.6MB