68aa0aa49ee3ca1fe1b40baa31a30fca_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

68aa0aa49ee3ca1fe1b40baa31a30fca_JaffaCakes118
Size

1.2MB
MD5

68aa0aa49ee3ca1fe1b40baa31a30fca
SHA1

ff9b8ade64de39d6fb538cf68938391940bde7e7
SHA256

42beacedd6f73e0faef6407676b2fb4adf8450521ff6405e2ca8da66d3a836f1
SHA512

ee31474a8e0576cd16a28df82223a000c07f0329d32a4c1799002104cedd1d8a239c871756795508e91bdd9bd30ca5c6f7245c846e0021a8a696e678e5a15819
SSDEEP

24576:/pulbwjFGr7RBcGVCcacu/bv7Kew5xP98jI:Ulbuw7RWTcaceT7fs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68aa0aa49ee3ca1fe1b40baa31a30fca_JaffaCakes118

Files

68aa0aa49ee3ca1fe1b40baa31a30fca_JaffaCakes118
.exe windows:4 windows x86 arch:x86

725c636e66cf79d334bd1daa4062de62

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Work\lonely\trunk\bin\tr_release\Easymetin2.pdb

Imports

ws2_32

sendto
gethostbyname
gethostbyaddr
htons
__WSAFDIsSet
connect
select
WSACleanup
recv
closesocket
ioctlsocket
WSAGetLastError
WSAStartup
inet_addr
socket
bind
htonl
inet_ntoa
accept
listen
shutdown
send
ntohs

kernel32

FileTimeToSystemTime
FileTimeToLocalFileTime
LocalAlloc
GlobalFlags
GlobalReAlloc
GlobalHandle
LocalReAlloc
InterlockedIncrement
GetThreadLocale
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
FindClose
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
CreateFileW
GetFileAttributesW
GetFileTime
SetErrorMode
HeapFree
HeapAlloc
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetFileAttributesA
ExitProcess
RtlUnwind
WriteConsoleW
GetFileType
GetStdHandle
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
MoveFileA
DeleteFileA
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
HeapSize
SetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
SetEnvironmentVariableA
GetModuleHandleA
GetVersionExW
WaitForSingleObject
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GlobalAlloc
LocalFree
MulDiv
lstrlenW
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetModuleHandleW
GetVersionExA
CreateFileMappingA
FindResourceExW
GetCurrentProcessId
GetProcessVersion
lstrcpyA
lstrcatA
lstrlenA
GetCurrentThreadId
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
VirtualQueryEx
CreateFileA
GetCurrentThread
GetThreadContext
VirtualQuery
GetModuleFileNameA
OutputDebugStringA
InterlockedDecrement
CreateThread
GetStartupInfoW
ReadFile
WideCharToMultiByte
GetACP
FormatMessageW
LoadLibraryW
GetProcAddress
FreeLibrary
GetCurrentProcess
GetPrivateProfileStringA
Process32FirstW
GetTempPathW
GetTickCount
ResumeThread
TerminateProcess
CreateProcessW
OutputDebugStringW
GetPrivateProfileIntW
MultiByteToWideChar
WritePrivateProfileStringW
CreateToolhelp32Snapshot
Process32NextW
GetPrivateProfileStringW
GlobalAddAtomW
GlobalFindAtomW
GetModuleFileNameW
LoadLibraryA
SizeofResource
LoadResource
FindResourceW
LockResource
UnmapViewOfFile
MapViewOfFile
CloseHandle
SetLastError
GetLastError
CreateFileMappingW
InterlockedCompareExchange
GetProcessHeap

user32

UnregisterClassW
CharNextW
CopyAcceleratorTableW
IsRectEmpty
SetRect
InvalidateRect
InvalidateRgn
SetCapture
ReleaseCapture
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatW
PostThreadMessageW
GetMessageW
TranslateMessage
ValidateRect
PostQuitMessage
SetCursor
ReleaseDC
GetDC
DestroyMenu
MoveWindow
IsDialogMessageW
GetActiveWindow
CreateDialogIndirectParamW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetFocus
GetForegroundWindow
SetActiveWindow
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
TrackPopupMenu
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
KillTimer
SetWindowTextW
GetWindowThreadProcessId
EnumWindows
MessageBoxA
PostMessageW
GetKeyState
EnumChildWindows
SetWindowPos
RegisterHotKey
GetClassNameW
RemovePropW
GetMenuItemCount
GetWindowRect
DrawAnimatedRects
GetWindowLongW
SetWindowLongW
LoadImageW
SetPropW
CharUpperW
LoadCursorW
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
FindWindowW
GetLayeredWindowAttributes
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetWindowContextHelpId
GetLastActivePopup
MapDialogRect
SetLayeredWindowAttributes
LoadIconW
GetSystemMetrics
GetClientRect
GetWindow
ShowWindow
GetWindowTextW
GetDesktopWindow
MessageBoxW
IsIconic
SetForegroundWindow
GetPropW
IsWindow
UnregisterHotKey
SendMessageW
IsWindowVisible
AppendMenuW
SetTimer
CreatePopupMenu
EnableWindow
GetCursorPos
UnregisterClassA
GetSysColor

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
PtVisible
OffsetViewportOrgEx
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
GetWindowExtEx
GetViewportExtEx
SetViewportOrgEx
SelectObject
Escape
SaveDC
CreateRectRgnIndirect
GetDeviceCaps
ExtTextOutW
GetObjectW
SetBkColor
TextOutW
SetTextColor
GetClipBox
CreateBitmap
DeleteObject
SetMapMode
RestoreDC
RectVisible

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegQueryValueExA
RegOpenKeyW
ReportEventA
RegisterEventSourceA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
DeregisterEventSource
RegOpenKeyExA

shell32

ShellExecuteW
SHFileOperationA
Shell_NotifyIconW

comctl32

InitCommonControlsEx

shlwapi

StrStrW
PathFindFileNameW
PathFindExtensionW
PathStripToRootW
StrCpyW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemAlloc
CLSIDFromProgID
CoDisconnectObject
CreateILockBytesOnHGlobal
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
StgOpenStorageEx
StgCreateDocfile
CoTaskMemFree
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
OleInitialize

oleaut32

SysFreeString
SafeArrayCreate
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
DispCallFunc
SysStringLen
SystemTimeToVariantTime
VariantCopy
VariantTimeToSystemTime
VariantChangeType
VariantInit
VariantClear
SysAllocStringLen
SafeArrayDestroy
OleCreateFontIndirect
LoadTypeLi
SysAllocString

urlmon

URLDownloadToFileW

wininet

HttpOpenRequestW
InternetConnectW
HttpSendRequestW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
InternetQueryDataAvailable

dbghelp

SymFunctionTableAccess
StackWalk
SymInitialize
SymGetModuleInfo
SymGetSymFromAddr
SymGetLineFromAddr
SymLoadModule

Sections

.text
Size: 972KB - Virtual size: 971KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

725c636e66cf79d334bd1daa4062de62

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

wininet

dbghelp

Sections

.text Size: 972KB - Virtual size: 971KB

.rdata Size: 184KB - Virtual size: 182KB

.data Size: 52KB - Virtual size: 122KB

.rsrc Size: 40KB - Virtual size: 39KB

.text
Size: 972KB - Virtual size: 971KB

.rdata
Size: 184KB - Virtual size: 182KB

.data
Size: 52KB - Virtual size: 122KB

.rsrc
Size: 40KB - Virtual size: 39KB