8730122dd25c422d6ef99def0f5215d3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8730122dd25c422d6ef99def0f5215d3_JaffaCakes118
Size

2.7MB
MD5

8730122dd25c422d6ef99def0f5215d3
SHA1

ce9fba33ecb7c13718bbc1403761374f21c086a3
SHA256

2c8899c50ebb0f08ec1aa6ade80b926955bc212f67aa37757b1135783f2b5924
SHA512

0389bf362b5db1069f29af1065b420130dc4c7a5581dba8646f77adc0e3394c3587236be5d5a6e09c4cd78fc699adde16692ff6b942de5db20f018f0a07225e3
SSDEEP

49152:rWh/zlgTf98c547VS3ltuUf/L+TjdbHdw7hzvCEBeNiUUUML9BO84MiAi/YCsm+m:riq18cW7VS3WKcRHdw7hzvCEBeNiUUU7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8730122dd25c422d6ef99def0f5215d3_JaffaCakes118

Files

8730122dd25c422d6ef99def0f5215d3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

aae9e991c742687ded0db70f0b8c9ac7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\SVNStorage\Projects\CIS_2011\Release\x32\Symbols\cfpupdat.pdb

Imports

kernel32

SetEnvironmentVariableA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetDriveTypeA
GetCurrentDirectoryA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetDateFormatA
GetTimeFormatA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
SetThreadContext
GetThreadContext
FlushInstructionCache
LocalSize
lstrcpynW
GetExitCodeThread
ResetEvent
EnumResourceTypesW
EnumResourceNamesW
LoadLibraryExA
GetCPInfo
GetTimeZoneInformation
QueryPerformanceCounter
VirtualFree
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
RtlUnwind
UnhandledExceptionFilter
VirtualQuery
VirtualAlloc
HeapReAlloc
HeapSize
CreateThread
ExitThread
GetStartupInfoW
FindResourceExW
GetFileTime
GetFileSizeEx
GetCurrentDirectoryW
GlobalFlags
GlobalGetAtomNameW
GetModuleHandleA
VirtualProtect
FileTimeToSystemTime
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
SetErrorMode
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
GlobalFindAtomW
CompareStringW
GetVersionExA
GlobalAddAtomW
SetThreadPriority
GlobalDeleteAtom
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
lstrcmpW
LoadLibraryA
SetLastError
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
FreeResource
InterlockedCompareExchange
SetThreadLocale
lstrcmpiW
LoadLibraryExW
InterlockedDecrement
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
TerminateThread
GetExitCodeProcess
GetTempFileNameW
GetTempPathW
FindNextFileW
GetSystemInfo
SizeofResource
GetLogicalDriveStringsW
QueryDosDeviceW
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
GetModuleHandleW
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
GetFileAttributesW
InterlockedIncrement
CopyFileW
MoveFileExW
OpenEventW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
MoveFileW
WriteFile
lstrlenW
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
DeleteFileW
lstrcpyW
GetCurrentProcessId
GetCurrentThreadId
IsDebuggerPresent
lstrcatW
RaiseException
GetModuleFileNameW
SetUnhandledExceptionFilter
CreateProcessW
LocalAlloc
GetCurrentThread
GetTickCount
GetFileSize
HeapDestroy
HeapCreate
GetProcAddress
LoadLibraryW
CreateFileW
HeapFree
HeapAlloc
GetProcessHeap
ReadFile
SetFilePointer
GetVersionExW
CreateEventW
SetEvent
CreateDirectoryW
GetCurrentProcess
ResumeThread
SuspendThread
WaitForSingleObject
Sleep
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
LocalFree
FormatMessageW
ExitProcess
GetLastError
CreateMutexW
CloseHandle
FindResourceW
LoadResource
LockResource

user32

TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
CreateWindowExW
GetClassInfoExW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
PtInRect
GetMenu
SetWindowLongW
IntersectRect
SystemParametersInfoA
GetWindowPlacement
TrackPopupMenuEx
ScrollWindow
MapWindowPoints
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
GetForegroundWindow
GetWindowThreadProcessId
GetLastActivePopup
ShowOwnedPopups
SetCursor
SetWindowsHookExW
GetWindowTextW
GetWindowTextLengthW
SetFocus
RemovePropW
GetPropW
SetPropW
GetClassNameW
GetClassLongW
GetCapture
IsChild
WinHelpW
SendDlgItemMessageA
SendDlgItemMessageW
LoadIconW
RegisterWindowMessageW
PostMessageW
EnableWindow
SendMessageW
RedrawWindow
SetTimer
GetSystemMenu
AppendMenuW
PostQuitMessage
IsWindowVisible
MessageBoxW
KillTimer
IsWindow
ShowWindow
ExitWindowsEx
GetAsyncKeyState
IsIconic
DestroyIcon
FindWindowW
SendMessageTimeoutW
GetSystemMetrics
CharNextW
GetParent
GetWindow
GetDesktopWindow
ReleaseDC
GetDC
FillRect
GetWindowRect
GetClientRect
GetClassInfoW
LoadStringW
MapDialogRect
UpdateWindow
IsDialogMessageW
SetWindowTextW
MoveWindow
InflateRect
GetMenuItemInfoW
DestroyMenu
SystemParametersInfoW
CharUpperW
UnregisterClassW
IsRectEmpty
DrawIcon
SetWindowRgn
ClientToScreen
SetCapture
LoadCursorW
ReleaseCapture
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
GetWindowDC
BeginPaint
EndPaint
GetSysColorBrush
SetRect
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
IsClipboardFormatAvailable
WindowFromPoint
WaitMessage
DeleteMenu
SetRectEmpty
TranslateAcceleratorW
BringWindowToTop
CreatePopupMenu
InsertMenuItemW
LoadAcceleratorsW
InvalidateRect
LoadImageW
CallNextHookEx
GetMessageW
TranslateMessage
OffsetRect
GetSubMenu
GetMenuItemCount
DispatchMessageW
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
InsertMenuW
GetMenuItemID
GetMenuStringW
GetMenuState
TranslateMDISysAccel
ReuseDDElParam
UnpackDDElParam
RegisterClipboardFormatW
SetParent
UnionRect
PostThreadMessageW
GetDCEx
GetKeyboardLayoutList
LockWindowUpdate
GetKeyboardState
ToUnicodeEx
SetCursorPos
HideCaret
ShowCaret
IsMenu
GetCursor
GetTabbedTextExtentA
GetWindowRgn
GetMenuDefaultItem
GetDoubleClickTime
SetClassLongW
DrawFocusRect
InvertRect
EnumWindows
IsWindowUnicode
GetWindowLongA
SetWindowLongA
DrawIconEx
CreateIconIndirect
CopyIcon
GetIconInfo
DrawStateW
LoadMenuIndirectW
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
DrawMenuBar
DrawFrameControl
DrawEdge
RegisterClassA
DefMDIChildProcW
DefMDIChildProcA
ModifyMenuW
EnableMenuItem
CheckMenuItem
MapVirtualKeyW
CopyRect
LoadMenuW
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
SetWindowPos
SetMenuDefaultItem
EnableScrollBar
CallWindowProcA
DefWindowProcA
DefFrameProcA
DefFrameProcW
DefDlgProcA
DefDlgProcW

gdi32

SetRectRgn
CombineRgn
GetMapMode
CreateFontW
StretchDIBits
CreateCompatibleBitmap
EnumFontFamiliesExW
GetTextColor
GetBkColor
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
PolyBezierTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
GetCharWidthW
GetPixel
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
CreateFontIndirectW
GetObjectW
DeleteObject
CreateRectRgnIndirect
PatBlt
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
CreateCompatibleDC
BitBlt
ExtTextOutW
GetTextExtentPoint32W
CreateEllipticRgn
DPtoLP
LPtoDP
Ellipse
SaveDC
RestoreDC
SetBkMode
SetStretchBltMode
SetMapMode
ExcludeClipRect
IntersectClipRect
GetTextMetricsW
GetRgnBox
CreateSolidBrush
CreatePen
GetObjectType
PtVisible
GetStockObject
StretchBlt
CreateDIBSection
SetPixel
GetDIBits
Polygon
GetCurrentObject
OffsetRgn
GetTextCharsetInfo
SetBrushOrgEx
CreatePalette
CreateDIBitmap
ExtCreateRegion
Polyline
GetViewportOrgEx
GetTextAlign
GetTextExtentPoint32A
StrokePath
FillPath
StrokeAndFillPath
EndPath
CloseFigure
BeginPath
GetBitmapBits
PtInRegion
CreatePolygonRgn
RoundRect
GetWindowOrgEx
LineTo
MoveToEx
SelectClipRgn
GetClipRgn
CreateRectRgn
SelectPalette

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegCreateKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetValueExW
QueryServiceStatus
OpenSCManagerW
OpenServiceW
ChangeServiceConfigW
CloseServiceHandle
QueryServiceConfigW
StartServiceW
OpenThreadToken
DuplicateToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegFlushKey
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
SetNamedSecurityInfoW
AddAccessAllowedAceEx
InitializeSid
RegQueryValueExW
FreeSid
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
RegOpenKeyExW

shell32

Shell_NotifyIconW
SHGetFolderPathW
ord165
ShellExecuteW
ord727
SHGetFileInfoW
ShellExecuteExW
DragFinish
DragQueryFileW

comctl32

ImageList_ReplaceIcon
ImageList_Add
ImageList_Remove
ImageList_DrawIndirect
ImageList_GetImageInfo
ImageList_GetBkColor
_TrackMouseEvent
FlatSB_GetScrollProp
ImageList_GetImageCount
ImageList_Destroy
ImageList_DrawEx
ImageList_GetIconSize
InitCommonControlsEx

shlwapi

PathAppendW
PathRemoveExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathQuoteSpacesW
PathStripPathW
PathAddBackslashW
SHDeleteKeyW
PathStripToRootW
PathIsUNCW
PathFindExtensionW

oledlg

OleUIBusyW
OleUIAddVerbMenuW

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleRun
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoRevokeClassObject
CoDisconnectObject
OleIsCurrentClipboard
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc
CLSIDFromProgID
CoUninitialize
CoInitialize
CLSIDFromString
StringFromGUID2
CoCreateGuid
CoTaskMemFree
CoCreateInstance
OleFlushClipboard
CoRegisterMessageFilter
CoGetClassObject

oleaut32

OleLoadPicturePath
VarUdateFromDate
VariantChangeTypeEx
OleCreateFontIndirect
LoadTypeLi
VarBstrFromDate
SafeArrayDestroy
VariantCopy
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringByteLen
VarDateFromStr
VarUI4FromStr
SysStringByteLen
VariantClear
VariantInit
VariantChangeType
SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString
SystemTimeToVariantTime
VariantTimeToSystemTime

dbghelp

ImageDirectoryEntryToData
MiniDumpWriteDump

fltlib

FilterConnectCommunicationPort
FilterSendMessage

imagehlp

ImageEnumerateCertificates
ImageGetCertificateData
ImageGetCertificateHeader

crypt32

CertVerifyCertificateChainPolicy
CertGetCertificateChain
CryptUnprotectData
CertFreeCertificateContext
CertGetNameStringW
CryptProtectData
CryptVerifyMessageSignature
CertFreeCertificateChain

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WinVerifyTrust

msi

ord224

winmm

PlaySoundW

ws2_32

ntohs
htons

mpr

WNetGetUniversalNameW

gdiplus

GdiplusStartup
GdipCreateFromHDC
GdipDeleteGraphics
GdiplusShutdown
GdipFree
GdipAlloc
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipDrawImageRectI
GdipGetImageWidth
GdipGetImageHeight
GdipDisposeImage
GdipCloneImage

wininet

HttpSendRequestW
HttpOpenRequestW
InternetWriteFile
InternetReadFile
HttpSendRequestExW
InternetOpenW
InternetQueryOptionW
InternetCloseHandle
InternetSetOptionW
InternetGetLastResponseInfoW
HttpEndRequestW
HttpQueryInfoW
InternetConnectW

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 514KB - Virtual size: 514KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 38KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 547KB - Virtual size: 546KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

aae9e991c742687ded0db70f0b8c9ac7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

dbghelp

fltlib

imagehlp

crypt32

wintrust

msi

winmm

ws2_32

mpr

gdiplus

wininet

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 514KB - Virtual size: 514KB

.data Size: 38KB - Virtual size: 76KB

.rsrc Size: 547KB - Virtual size: 546KB

.trdata Size: 68KB - Virtual size: 68KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 514KB - Virtual size: 514KB

.data
Size: 38KB - Virtual size: 76KB

.rsrc
Size: 547KB - Virtual size: 546KB

.trdata
Size: 68KB - Virtual size: 68KB