672b1078e6c34011d37577ff21c54605_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

672b1078e6c34011d37577ff21c54605_JaffaCakes118
Size

468KB
MD5

672b1078e6c34011d37577ff21c54605
SHA1

5c214d861eb5fde63e3253763d595acd7c5c91df
SHA256

2fadd4e5ae9c0ab9b1b5910fdfb3dae3e9a277698889a36483bf9e8bd3ffba94
SHA512

9787dfa259457a708c39a167f3f96c3d4df87b56ce356c36e8793d710d1ee834459de2f51f4b3aadb180107c3e273636332dcaf4598036552707e356ee16ed2d
SSDEEP

12288:qWts1SrDTIEtZHqV3O4oLrjolE8Gf+n+xsUtTQ+Y9Luz+R:qbEnLZuoLWYpQpS+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
672b1078e6c34011d37577ff21c54605_JaffaCakes118

Files

672b1078e6c34011d37577ff21c54605_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d3b19e76be93a7b5af28d6dfafa7ad99

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Dvlp\Vs7.2003\Client\Hb4.0\4.8.0.0\HbSrv\ReleaseMinDependency\HbSrv.pdb

Imports

kernel32

WinExec
FlushInstructionCache
GetCurrentProcess
HeapAlloc
lstrcmpA
ReleaseMutex
CreateMutexA
GetCurrentProcessId
CompareFileTime
GetFileTime
OpenFile
ResetEvent
FileTimeToSystemTime
GetFileSize
CreateFileA
MoveFileA
DeleteFileA
GetProcAddress
LoadLibraryA
GetSystemTime
FindClose
FindNextFileA
FindFirstFileA
UnmapViewOfFile
ReleaseSemaphore
GetCurrentThread
CreateSemaphoreA
SetUnhandledExceptionFilter
VirtualQuery
IsBadWritePtr
OutputDebugStringA
WriteFile
SetFilePointer
SetFileTime
GetExitCodeThread
ResumeThread
SetThreadPriority
TerminateThread
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
ReadFile
GetTickCount
CreateDirectoryA
RemoveDirectoryA
GetTempFileNameA
GetSystemDefaultLangID
GetLocalTime
SetEndOfFile
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
QueryPerformanceCounter
GetStringTypeW
GetStringTypeA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
HeapSize
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
TerminateProcess
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
GetFileAttributesA
GetSystemTimeAsFileTime
GetStartupInfoA
HeapReAlloc
RtlUnwind
GetSystemInfo
VirtualAlloc
VirtualProtect
LocalFree
LeaveCriticalSection
EnterCriticalSection
GetCommandLineA
GetCurrentThreadId
Sleep
CreateThread
CreateEventA
WaitForMultipleObjects
WaitForSingleObject
CloseHandle
GetModuleHandleA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
IsDBCSLeadByte
lstrcatA
GetModuleFileNameA
lstrcpyA
lstrcpynA
InterlockedIncrement
FormatMessageA
LocalAlloc
SetEvent
lstrcmpiA
lstrlenA
GetProcessHeap
HeapFree
InterlockedDecrement
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CreateProcessA

user32

CreatePopupMenu
CharNextA
UnregisterClassA
wsprintfA
DefWindowProcA
SetWindowLongA
GetWindowLongA
CallWindowProcA
PostThreadMessageA
DispatchMessageA
GetMessageA
LoadImageA
LoadStringA
ReleaseCapture
CopyRect
SetCapture
InvalidateRgn
SetFocus
GetFocus
GetCapture
PeekMessageA
TranslateMessage
EnumWindows
SetRect
GetSystemMetrics
IsWindow
EnumChildWindows
GetClassNameA
SendMessageA
GetDesktopWindow
GetWindowRect
TrackPopupMenuEx
InsertMenuItemA
IsMenu
RemoveMenu
DestroyMenu
FillRect
KillTimer
SetTimer
GetCursorPos
WindowFromPoint
ClientToScreen
GetDC
ReleaseDC
SetWindowPos
GetWindowRgn
SetWindowRgn
GetSysColor
ShowWindow
EndPaint
BeginPaint
GetClientRect
CreateWindowExA
RegisterClassExA
DestroyWindow
LoadCursorA
GetClassInfoExA
PostMessageA

gdi32

GetTextExtentPoint32A
CreatePolygonRgn
CreateRoundRectRgn
CombineRgn
CreateSolidBrush
CreateRectRgn
FillRgn
FrameRgn
SetTextColor
SetBkColor
DeleteDC
SelectObject
TextOutA
DeleteObject
ExtCreateRegion
CreateDIBSection
TextOutW
GetTextExtentPoint32W
GetStockObject
GetDeviceCaps
StretchBlt
CreateBitmap
SetStretchBltMode
BitBlt
CreateCompatibleDC
LineTo
MoveToEx
CreatePen
SetBkMode
CreateCompatibleBitmap
CreateFontIndirectA
GetObjectA

advapi32

RegEnumKeyA
RegEnumValueA
RegQueryValueExA
RegNotifyChangeKeyValue
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoRegisterClassObject
StringFromGUID2
CoUninitialize
CoInitialize
CoCreateGuid
OleDraw
StringFromCLSID
CoRevokeClassObject
CoCreateInstance
OleRun

oleaut32

VariantInit
VariantCopy
VariantChangeType
VariantClear
SafeArrayGetUBound
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
DispCallFunc
SafeArrayCopy
SafeArrayDestroy
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringByteLen
GetErrorInfo
SysAllocStringByteLen
SysStringLen
LoadRegTypeLi
VarUI4FromStr
SysFreeString

shlwapi

StrRChrA
StrToIntA
PathFindExtensionA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 344KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3b19e76be93a7b5af28d6dfafa7ad99

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

version

Sections

.text Size: 344KB - Virtual size: 340KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 12KB - Virtual size: 21KB

.rsrc Size: 12KB - Virtual size: 9KB

.text
Size: 344KB - Virtual size: 340KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 12KB - Virtual size: 21KB

.rsrc
Size: 12KB - Virtual size: 9KB