78e08bb720905cced3531b2a006a0e13_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

78e08bb720905cced3531b2a006a0e13_JaffaCakes118
Size

2.1MB
MD5

78e08bb720905cced3531b2a006a0e13
SHA1

1e02c96bb570e965102a2ba39cd0a70fe24d1653
SHA256

7a876c62f5075d17885318b3d7c2ca19ee46ed43d29a1b37bc2a53e7e41342cd
SHA512

e125edf201187e60222333ff2dc7c22f1001ba5cbd68ee1663a797483a1491fc6ee9b026c9edc749ee6869b55f70b71d8bf8b26ca13d58b3d65bdba191ecea49
SSDEEP

49152:jkiDvwFzdjmK873M9+6VYDzTSOHjtqxMK9oo3x2+O:jkiDvMh9+pTSODz9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78e08bb720905cced3531b2a006a0e13_JaffaCakes118

Files

78e08bb720905cced3531b2a006a0e13_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b3689d47052d3a3885a5225ec71c2a56

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\synthetic\My Documents\Visual Studio 2005\Projects\CoreGuard\release\CoreGuard.pdb

Imports

kernel32

WritePrivateProfileStringW
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
InterlockedIncrement
GetThreadLocale
GlobalFlags
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
FileTimeToSystemTime
SetErrorMode
FileTimeToLocalFileTime
GetFileTime
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeZoneInformation
RtlUnwind
RaiseException
ExitThread
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
GetTimeFormatA
GetDateFormatA
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetEnvironmentVariableA
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
FormatMessageW
LocalFree
InterlockedDecrement
SuspendThread
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
GetVersionExA
WaitForSingleObject
SetEvent
ResumeThread
CreateEventW
CreateThread
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
MoveFileA
FreeLibrary
HeapFree
GetProcessHeap
HeapAlloc
GetVersion
GetVersionExW
lstrcatW
SearchPathA
GetWindowsDirectoryA
Module32NextW
Module32FirstW
CreateFileW
RemoveDirectoryW
FindNextFileW
FindFirstFileW
MoveFileExW
GetFileAttributesW
lstrcmpW
GetModuleFileNameA
GetCurrentThread
SetThreadPriority
GetCurrentProcess
GetModuleFileNameW
CreateProcessA
GetSystemDirectoryA
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WinExec
GetFileAttributesA
ReadFile
GetFileSize
WriteFile
CreateFileA
InterlockedCompareExchange
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
MulDiv
SizeofResource
lstrcpynW
GetModuleHandleA
FreeResource
LockResource
LoadResource
FindResourceW
CreateMutexW
GetCommandLineW
Sleep
Process32NextW
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiW
lstrcpyW
Process32FirstW
CreateToolhelp32Snapshot
InterlockedExchange
RemoveDirectoryA
DeleteFileA
ExpandEnvironmentStringsA
DeleteFileW
ExpandEnvironmentStringsW
lstrcmpiA
FindClose
lstrcmpA
GetVolumeInformationA
GetDriveTypeA
MultiByteToWideChar
lstrlenA
FindNextFileA
FindFirstFileA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetLogicalDrives
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetLastError
SetLastError
WideCharToMultiByte
lstrlenW
lstrcpyA
lstrcatA
GetTempPathA
HeapReAlloc
ExitProcess

user32

GetMessageW
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
GetMenu
GetMenuItemCount
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
IntersectRect
SystemParametersInfoA
GetWindowPlacement
SetWindowPos
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
DestroyMenu
SetDlgItemTextW
SendDlgItemMessageW
CheckRadioButton
CheckDlgButton
GetWindowTextLengthW
GetScrollPos
GetWindow
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
CreateDialogIndirectParamW
DestroyWindow
GetWindowLongW
GetNextDlgTabItem
EndDialog
GetWindowTextA
GetWindowThreadProcessId
DrawFocusRect
SetRectEmpty
GetClassNameW
GetMenuItemID
TrackPopupMenu
SetMenuDefaultItem
DeleteMenu
GetSubMenu
LoadMenuW
SetWindowRgn
RegisterClassExW
GetSysColorBrush
SetRect
LoadBitmapW
SetFocus
OffsetRect
CopyRect
SystemParametersInfoW
PostMessageW
ScreenToClient
GetCursorPos
KillTimer
SetTimer
GetFocus
SetWindowLongW
UpdateWindow
GetSysColor
DispatchMessageW
TranslateMessage
PeekMessageW
RegisterClipboardFormatW
CharUpperW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
MessageBoxW
GetDlgItem
CreateWindowExW
IsRectEmpty
CopyAcceleratorTableW
ReleaseCapture
SetCapture
UnregisterClassW
CharNextW
WindowFromPoint
SetWindowContextHelpId
MapDialogRect
IsDlgButtonChecked
PostQuitMessage
SetCursor
IsWindow
LoadCursorW
ReleaseDC
GetDC
GetParent
PostThreadMessageW
PtInRect
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
DrawIcon
GetSystemMetrics
LoadIconA
SetActiveWindow
GetActiveWindow
IsWindowEnabled
GetDesktopWindow
IsWindowVisible
EqualRect
ShowWindow
IsIconic
SetForegroundWindow
EnumWindows
SendMessageTimeoutW
wsprintfA
wsprintfW
GetWindowRect
AppendMenuW
CreatePopupMenu
LoadIconW
SendMessageW
RegisterWindowMessageW
InvalidateRect
EnableWindow
GetClientRect
GetWindowTextW
UnregisterClassA

gdi32

ExtSelectClipRgn
CreateRectRgnIndirect
GetBkColor
GetTextColor
GetRgnBox
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
GetObjectW
SetTextColor
SetBkMode
RestoreDC
SaveDC
CreateSolidBrush
GetTextExtentPoint32W
CombineRgn
GetPixel
CreateRectRgn
DeleteObject
SetBkColor
GetMapMode
SetMapMode
CreateBitmap
DPtoLP
StretchBlt
SetStretchBltMode
GetCurrentObject
DeleteDC
GetDeviceCaps
GetStockObject
CreateFontIndirectW
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateCompatibleBitmap
CreateFontW
BitBlt
SelectObject
CreateCompatibleDC

msimg32

AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyA
RegQueryValueW
RegEnumKeyW
RegCreateKeyExW
RegOpenKeyA
RegEnumKeyA
RegEnumValueA
RegDeleteValueA
RegCloseKey
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyW
RegDeleteKeyW
RegCreateKeyW
RegEnumValueW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExA

shell32

SHGetSpecialFolderPathA
ShellExecuteA
SHAddToRecentDocs
SHEmptyRecycleBinW
CommandLineToArgvW
Shell_NotifyIconW
SHGetSpecialFolderPathW

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

StrStrIW
StrStrW
SHDeleteKeyW
StrCmpIW
SHDeleteValueW
StrStrA
StrStrIA
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CLSIDFromProgID
CoRegisterMessageFilter
CoInitialize
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

VariantCopy
SafeArrayDestroy
OleCreateFontIndirect
SysStringLen
SysFreeString
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString

winmm

PlaySoundW

gdiplus

GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipGetImageWidth
GdipDrawImageI
GdipDeleteGraphics
GdipCreateFromHDC
GdipAlloc
GdipGetImageHeight
GdipDrawImageRectRect
GdipCreateHBITMAPFromBitmap
GdipCreateImageAttributes
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipDisposeImage
GdipCloneImage
GdipFree

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetModuleFileNameExW

wininet

InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetCheckConnectionA
InternetConnectW
InternetOpenW
FindNextUrlCacheEntryA
DeleteUrlCacheEntryA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryW
FindCloseUrlCache
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW
InternetCloseHandle

wintrust

WinVerifyTrust

Sections

.text
Size: 612KB - Virtual size: 609KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3689d47052d3a3885a5225ec71c2a56

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

winmm

gdiplus

version

psapi

wininet

wintrust

Sections

.text Size: 612KB - Virtual size: 609KB

.rdata Size: 168KB - Virtual size: 167KB

.data Size: 16KB - Virtual size: 33KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.text
Size: 612KB - Virtual size: 609KB

.rdata
Size: 168KB - Virtual size: 167KB

.data
Size: 16KB - Virtual size: 33KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB