8665203df3be848aa426c574d5c72008_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8665203df3be848aa426c574d5c72008_JaffaCakes118
Size

744KB
MD5

8665203df3be848aa426c574d5c72008
SHA1

b7f223b34909e689ce6f1856efffc1e42e292a61
SHA256

d2b631d2f31e68667338112ee05ea8373ca6e9a70b73218da20c3f84a6b99a07
SHA512

d695ec8fb53f8a58b09560c0752b279668978e561750cea30586f74b58ee28d356a34e4b48f29bcf1a8b4734681cff64690fb200ac27d3afa76f3a3a0990f1d1
SSDEEP

12288:YmyctIgD+m8YHX8MD7XK9OPJQ+Rpcg3shEo9idhkcPlx/9KYnxOrteQq5zzzzz1O:XyGIg6m8+z76AhPpcg/o9idhzPlxAYnc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8665203df3be848aa426c574d5c72008_JaffaCakes118

Files

8665203df3be848aa426c574d5c72008_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5499c8af6d98504776f69d093bd7fca2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\DistributedAutoLink\Temp\CompileOutputDir\Setup.pdb

Imports

kernel32

GetShortPathNameA
Sleep
CopyFileA
MoveFileExA
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
GetTempPathA
SetCurrentDirectoryA
GetCurrentDirectoryA
lstrcmpA
GetCurrentProcess
WinExec
CreateProcessA
GetExitCodeProcess
WaitForSingleObject
GetCommandLineA
TerminateProcess
OpenProcess
GetDriveTypeA
GetLogicalDriveStringsA
GetSystemDirectoryA
LocalFree
LocalAlloc
TerminateThread
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
SuspendThread
ResumeThread
SetThreadPriority
GetDiskFreeSpaceA
MulDiv
ReleaseMutex
CreateMutexA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
IsDBCSLeadByte
GetSystemInfo
OpenMutexA
DeviceIoControl
CompareStringW
CompareStringA
FindNextFileA
GetLocaleInfoW
SetConsoleCtrlHandler
SetStdHandle
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
IsBadCodePtr
IsBadReadPtr
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
UnhandledExceptionFilter
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThread
TlsAlloc
SetUnhandledExceptionFilter
HeapSize
IsBadWritePtr
FatalAppExitA
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
HeapReAlloc
CreateThread
ExitThread
ExitProcess
VirtualQuery
VirtualAlloc
VirtualProtect
GetSystemTimeAsFileTime
RtlUnwind
RemoveDirectoryA
lstrcmpiW
lstrlenW
GetVersion
WideCharToMultiByte
MultiByteToWideChar
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetTickCount
OutputDebugStringA
GetCurrentProcessId
GetFileSize
lstrcpyA
lstrcatA
GetLocalTime
FindFirstFileA
FindClose
FileTimeToSystemTime
DeleteFileA
SystemTimeToFileTime
SetFileTime
SetFilePointer
SetEndOfFile
FlushFileBuffers
lstrcmpiA
SetFileAttributesA
MoveFileA
InterlockedIncrement
SetLastError
lstrcpynA
CreateDirectoryA
GetModuleFileNameA
FreeLibrary
LoadLibraryA
GetVersionExA
InterlockedDecrement
GetCurrentThreadId
GetPrivateProfileIntA
GetWindowsDirectoryA
GetFileAttributesA
WritePrivateProfileSectionA
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
CreateFileA
CloseHandle
lstrlenA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetProcessHeap
HeapAlloc
GetLastError
GetModuleHandleA
GetProcAddress
SetEnvironmentVariableA
HeapFree

user32

PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
GetSysColorBrush
GetSysColor
DrawFocusRect
GetDlgCtrlID
SetCapture
GetCapture
ReleaseCapture
GetClassNameA
CreateCursor
SetRectEmpty
wsprintfW
PostQuitMessage
RedrawWindow
IsChild
EnableMenuItem
GetSystemMenu
UnregisterClassA
ExitWindowsEx
IsDialogMessageA
IsWindow
GetActiveWindow
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA
LoadStringA
CharNextA
SendMessageA
OffsetRect
DestroyCursor
DrawTextA
GetWindowTextLengthA
GetFocus
EndDialog
CallWindowProcA
GetDlgItemTextA
LoadCursorA
RegisterClassExA
GetWindowTextA
IsDlgButtonChecked
CheckDlgButton
ReleaseDC
RegisterWindowMessageA
GetSystemMetrics
CallNextHookEx
DialogBoxParamA
GetDC
ScreenToClient
LoadBitmapA
SetFocus
SetForegroundWindow
IsWindowEnabled
ShowWindow
EndPaint
DrawTextExA
FillRect
GetClientRect
BeginPaint
UpdateWindow
InvalidateRect
PtInRect
GetWindowRect
GetCursorPos
DestroyWindow
PostMessageA
DefWindowProcA
SetCursor
GetPropA
EnableWindow
KillTimer
SetTimer
IsWindowVisible
SetWindowTextA
DestroyIcon
CreateDialogParamA
GetWindow
SystemParametersInfoA
MapWindowPoints
SetWindowPos
GetDlgItem
GetParent
SetDlgItemTextA
GetWindowLongA
LoadImageA
CharUpperW
CharLowerW
CharLowerA
wvsprintfA
FindWindowA
CharUpperA
CreateWindowExA
SetPropA
SetWindowLongA

gdi32

GetTextExtentPoint32A
SetBkMode
SetBkColor
DeleteObject
GetStockObject
CreateFontA
GetObjectA
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
CreateFontIndirectA
GetDeviceCaps
SelectObject
SetTextColor
CreateSolidBrush
CreatePatternBrush
DeleteDC
GetObjectType

comdlg32

GetSaveFileNameA

advapi32

GetLengthSid
AddAce
GetAce
EqualSid
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
RegSetKeySecurity
FreeSid
GetAclInformation
GetSecurityDescriptorDacl
RegDeleteKeyW
InitializeSecurityDescriptor
RegGetKeySecurity
RegQueryInfoKeyA
AllocateAndInitializeSid
RegOpenKeyA
SetFileSecurityA
GetFileSecurityA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
OpenProcessToken
RegQueryValueA
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueA
RegEnumKeyExA
GetTokenInformation
RegSetValueExW
RegCreateKeyExW
InitializeAcl

shell32

ShellExecuteExA
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
Shell_NotifyIconA
ShellExecuteA

ole32

CoInitializeSecurity
CoInitializeEx
CoTaskMemRealloc
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemAlloc

oleaut32

VarUI4FromStr
SysFreeString
SysAllocString
VariantInit
VariantClear
SysAllocStringLen
SysStringLen
VarBstrCat
VariantChangeType
SafeArrayDestroy
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
GetErrorInfo
SetErrorInfo
CreateErrorInfo

shlwapi

PathRemoveFileSpecA
PathSkipRootA
PathFileExistsA

comctl32

InitCommonControlsEx
_TrackMouseEvent
ImageList_AddMasked
ImageList_Create

rpcrt4

UuidCreate

wininet

HttpAddRequestHeadersA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetSetOptionA
InternetOpenA
InternetConnectA
InternetAttemptConnect
InternetCrackUrlA
InternetCloseHandle

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 436KB - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 228KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5499c8af6d98504776f69d093bd7fca2

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

rpcrt4

wininet

version

Sections

.text Size: 436KB - Virtual size: 435KB

.rdata Size: 68KB - Virtual size: 64KB

.data Size: 8KB - Virtual size: 26KB

.rsrc Size: 228KB - Virtual size: 226KB

.text
Size: 436KB - Virtual size: 435KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 8KB - Virtual size: 26KB

.rsrc
Size: 228KB - Virtual size: 226KB