790dcf1cc68d8762e3a636d038da47dc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

790dcf1cc68d8762e3a636d038da47dc_JaffaCakes118
Size

720KB
MD5

790dcf1cc68d8762e3a636d038da47dc
SHA1

403f25ec54a424f06a40f5fb420c9a6c4a7f0100
SHA256

c2cc2c68392e13ecd0fd9cfb13a952e96f4e89f0913e24bac6d5084617f042bd
SHA512

1f071c4016ff8f4fcb2381e993d446c177417bfd595fe7255ddeeb6e71d3bd107e8cb233d9dec5d6f8c5a64fe9a1167860550fab8bbd7bd4036d27a8028fe88a
SSDEEP

12288:PfnI8w6yvdg0lyMeOkwJ1Dbhykk+pxPiNFG:nI8w6b0liLwJ1hykr3iK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
790dcf1cc68d8762e3a636d038da47dc_JaffaCakes118

Files

790dcf1cc68d8762e3a636d038da47dc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

43b8de709806e550dea489e05a59e54e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\101215_153018_build_StPauliGirl\Client_Build_StPauliGirl_10.0.630.0\compile\source_sa\bin\ClickPotatoLite_Release\ClickPotatoLiteSA.pdb

Imports

comctl32

ord17

kernel32

GlobalLock
GlobalAlloc
lstrlenW
MulDiv
GlobalDeleteAtom
GlobalGetAtomNameA
CreateProcessA
SetFileAttributesA
DeleteFileA
GetTempPathA
GetTempFileNameA
InterlockedExchange
GetVersion
CompareStringA
CompareStringW
OpenMutexA
ReleaseMutex
UnmapViewOfFile
OutputDebugStringA
GetCurrentProcessId
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
GetVersionExA
GetComputerNameExA
GetSystemDirectoryA
GetOEMCP
GetACP
GetThreadLocale
GetUserDefaultLangID
GetSystemDefaultLangID
DosDateTimeToFileTime
LocalAlloc
RemoveDirectoryA
GetFileAttributesA
GetPrivateProfileStringA
OpenFile
SetFilePointer
GetComputerNameA
GetDriveTypeA
GetVolumeInformationA
SetErrorMode
GetProcessHeap
HeapFree
HeapAlloc
WaitForMultipleObjects
OpenEventA
GlobalAddAtomA
CopyFileA
FreeResource
IsBadReadPtr
FileTimeToSystemTime
ResumeThread
SetThreadPriority
GetCurrentThread
FormatMessageA
GlobalFree
GlobalHandle
CompareFileTime
SystemTimeToFileTime
WritePrivateProfileStringA
GetTimeZoneInformation
GlobalUnlock
RaiseException
GetSystemTime
SetEnvironmentVariableA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetDateFormatA
GetTimeFormatA
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
GetStringTypeW
GetStringTypeA
ExitProcess
HeapCreate
LCMapStringW
LCMapStringA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualProtect
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
GetLocaleInfoA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
WideCharToMultiByte
FlushInstructionCache
GetCurrentProcess
GetModuleHandleA
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
SetEvent
SetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
GetShortPathNameA
MultiByteToWideChar
ResetEvent
Sleep
WriteFile
CreateFileA
GetFileSize
ReadFile
CreateDirectoryA
LocalFree
CreateThread
TerminateThread
CreateEventA
lstrlenA
lstrcpyA
lstrcpynA
lstrcmpA
LoadLibraryExA
CreateMutexA
GetLastError
CloseHandle
OpenProcess
GetTickCount
WaitForSingleObject
GetSystemTimeAsFileTime
GetModuleFileNameA

user32

EnumThreadWindows
CheckMenuItem
EnableMenuItem
DeleteMenu
InsertMenuA
IsWindowEnabled
CreateDialogIndirectParamA
SetActiveWindow
CharLowerBuffA
EnumWindows
SendMessageTimeoutA
UnregisterClassA
DrawAnimatedRects
GetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
EnableWindow
LoadMenuA
GetSubMenu
DestroyMenu
ModifyMenuA
SetMenuItemInfoA
TrackPopupMenu
FindWindowExA
SystemParametersInfoA
SetRect
EndDialog
DrawIcon
IsIconic
DialogBoxParamA
IsWindowVisible
DefWindowProcA
GetPropA
PostMessageA
IsWindow
GetClassInfoExA
LoadCursorA
DestroyWindow
PostThreadMessageA
RegisterClassExA
CreateWindowExA
GetThreadDesktop
DestroyIcon
LoadImageA
SetWindowPos
LoadBitmapA
PtInRect
CopyRect
LoadIconA
GetCursorPos
SetWindowRgn
PeekMessageA
MsgWaitForMultipleObjects
AdjustWindowRectEx
GetMenu
SetDlgItemTextA
PostQuitMessage
CreateAcceleratorTableA
GetDesktopWindow
GetFocus
SetFocus
DestroyAcceleratorTable
RemovePropA
SetWindowLongA
SetPropA
GetAncestor
SetForegroundWindow
GetSystemMetrics
GetWindowRect
FindWindowA
BeginPaint
EndPaint
CallWindowProcA
FillRect
ReleaseCapture
GetClassNameA
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
MoveWindow
CharNextA
GetSysColor
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
SendMessageA
SetWindowContextHelpId
GetWindow
SendDlgItemMessageA
MapDialogRect
KillTimer
SetTimer
GetWindowLongA
MessageBoxA
RegisterClassA
GetMessageA
TranslateMessage
DispatchMessageA
ShowWindow

gdi32

SelectClipRgn
StretchBlt
GetPixel
DeleteDC
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetTextExtentPoint32A
GetDeviceCaps
CreateSolidBrush
GetObjectA
GetStockObject
CreateRectRgn
GetRgnBox
PtInRegion
CombineRgn
ExtCreateRegion
BitBlt
GetRegionData

advapi32

RegCreateKeyExA
CryptAcquireContextA
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptDeriveKey
CryptDestroyKey
CryptDecrypt
CryptHashData
RegDeleteKeyA
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegEnumKeyExA
RegQueryInfoKeyA
ConvertStringSecurityDescriptorToSecurityDescriptorA
ConvertSidToStringSidA
LookupAccountNameA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegSetValueExA

shell32

Shell_NotifyIconA
SHAppBarMessage
ShellExecuteExA
ShellExecuteA

ole32

IIDFromString
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemAlloc

oleaut32

SysStringLen
SysAllocStringLen
SysAllocString
SysStringByteLen
VariantInit
SystemTimeToVariantTime
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VariantCopy
VariantChangeType
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayUnlock
SafeArrayLock
SafeArrayCreate
SysAllocStringByteLen
VariantTimeToSystemTime
SysFreeString

shlwapi

StrToIntA
PathFileExistsA

rpcrt4

UuidCreate

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 574KB - Virtual size: 573KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 29KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

43b8de709806e550dea489e05a59e54e

Headers

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

rpcrt4

version

Sections

.text Size: 574KB - Virtual size: 573KB

.data Size: 29KB - Virtual size: 41KB

.rsrc Size: 116KB - Virtual size: 116KB

.text
Size: 574KB - Virtual size: 573KB

.data
Size: 29KB - Virtual size: 41KB

.rsrc
Size: 116KB - Virtual size: 116KB