8bcff8a3efa102bd887fbcf53a9aec04_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8bcff8a3efa102bd887fbcf53a9aec04_JaffaCakes118
Size

1.2MB
MD5

8bcff8a3efa102bd887fbcf53a9aec04
SHA1

37b317b6086e1db787d145b43b1621fbb54faa55
SHA256

0b36376a7ed8d9fa4286c763e973dd7927c3c8c6fbd1489c1d160c191be069a2
SHA512

440040e5d75630c2da91b488655f65fb8b87646898dd195025b0e918cf3f920d958a8a17128970cc93ab9824a10f20f797368ecc5a9ad22650bf610d87fa83e0
SSDEEP

24576:TotNlXiU6gEVa9bjntkT0b9ChE5X+r9XjP0F0:KyZgE09bnc25XA9XA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8bcff8a3efa102bd887fbcf53a9aec04_JaffaCakes118

Files

8bcff8a3efa102bd887fbcf53a9aec04_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bda2a5c4a1929cb2e2a9a938ade3475c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\labs\Downloader\trunk\Out\Release\Downloader.pdb

Imports

shlwapi

PathFindExtensionW
PathStripToRootW
PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW
PathIsUNCW

ws2_32

WSAStartup
closesocket
socket
recv
send
getsockname
ntohs
bind
htons
getsockopt
getpeername
setsockopt
connect
WSASetLastError
freeaddrinfo
getaddrinfo
sendto
recvfrom
accept
listen
__WSAFDIsSet
select
ioctlsocket
gethostname
WSACleanup
WSAGetLastError

wldap32

ord33
ord200
ord79
ord35
ord32
ord30
ord301
ord50
ord60
ord143
ord211
ord22
ord27
ord41
ord46
ord26

kernel32

GlobalLock
GlobalAlloc
GlobalFree
FreeResource
RaiseException
GetModuleHandleA
GetCurrentProcessId
LoadLibraryW
GetModuleHandleW
GetVersionExA
lstrcmpW
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
InterlockedDecrement
FileTimeToSystemTime
InterlockedExchange
CompareStringA
LoadLibraryExW
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
WritePrivateProfileStringW
GlobalUnlock
DuplicateHandle
GetCurrentProcess
FindClose
FindFirstFileW
GetVolumeInformationW
lstrlenA
LocalAlloc
GlobalReAlloc
GlobalHandle
LocalReAlloc
TlsFree
GlobalFlags
SetErrorMode
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
RtlUnwind
HeapReAlloc
GetDriveTypeA
FindFirstFileA
ExitThread
GetFileInformationByHandle
ExitProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetCurrentDirectoryA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetProcessHeap
FormatMessageW
LocalFree
MulDiv
lstrlenW
GetThreadLocale
DeleteFileA
GetSystemTime
GetTempPathA
DeleteFileW
TlsAlloc
GetCurrentThreadId
GetTempPathW
FlushFileBuffers
GetFileAttributesW
GetFileAttributesA
GetVersionExW
TlsSetValue
GetSystemTimeAsFileTime
LockFile
UnlockFile
InterlockedIncrement
TlsGetValue
CreateFileA
GetFullPathNameA
GetFullPathNameW
LoadLibraryA
GetProcAddress
FreeLibrary
GetFileType
WaitForMultipleObjects
PeekNamedPipe
GetTickCount
FormatMessageA
SleepEx
SetLastError
ExpandEnvironmentStringsA
CreateProcessW
GetStdHandle
SetEndOfFile
LockFileEx
Sleep
CreateThread
SetEvent
DeleteCriticalSection
CreateEventW
InitializeCriticalSection
GetPrivateProfileStringW
SetFilePointer
GetLastError
WriteFile
CloseHandle
ReadFile
GetFileSize
CreateFileW
CreateDirectoryW
MoveFileExA
SetCurrentDirectoryW
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
FindResourceW
LoadResource
LockResource
SizeofResource

user32

ModifyMenuW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
PostQuitMessage
MapDialogRect
SetWindowContextHelpId
ValidateRect
GetCursorPos
TranslateMessage
GetMessageW
SetCursor
CharUpperW
CopyAcceleratorTableW
IsRectEmpty
SetRect
InvalidateRect
InvalidateRgn
SetCapture
ReleaseCapture
GetSysColorBrush
LoadCursorW
DestroyMenu
UnregisterClassW
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatW
PostThreadMessageW
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DefWindowProcW
CallWindowProcW
GetMenu
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxW
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
RegisterWindowMessageW
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetNextDlgTabItem
EndDialog
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowTextW
GetFocus
SetWindowPos
SetFocus
IsWindowEnabled
ShowWindow
EnableWindow
SendMessageW
KillTimer
PostMessageW
MoveWindow
SetWindowLongW
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
GetDlgItem
GetWindowLongW
OffsetRect
PtInRect
CopyRect
GetDlgCtrlID
GetWindow
CharNextW
IsWindow
DrawIcon
GetSystemMetrics
IsIconic
LoadIconW
wsprintfW
GetClientRect
SetTimer
LoadBitmapW
GetParent
IntersectRect

gdi32

DeleteObject
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutW
ExtTextOutW
ExtSelectClipRgn
CreatePen
CreateRectRgnIndirect
GetRgnBox
GetMapMode
DeleteDC
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
GetTextColor
GetBkColor
GetDeviceCaps
GetObjectW
GetStockObject
Rectangle
CreateFontW
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
CreateBitmap
CreateSolidBrush
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
CryptAcquireContextW
RegCloseKey
CryptHashData
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptCreateHash
CryptEncrypt
CryptDuplicateKey
CryptDeriveKey

shell32

ShellExecuteW

comctl32

InitCommonControlsEx

oledlg

OleUIBusyW

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes

oleaut32

VariantClear
SysFreeString
SysAllocStringLen
OleCreateFontIndirect
SysStringLen
VariantInit
VariantCopy
VariantChangeType
SysAllocString
DispCallFunc
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime

Exports

Exports

_sqlite3_key_interop@12
_sqlite3_rekey_interop@12

Sections

.text
Size: 765KB - Virtual size: 764KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bda2a5c4a1929cb2e2a9a938ade3475c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

ws2_32

wldap32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

oleaut32

Exports

Exports

Sections

.text Size: 765KB - Virtual size: 764KB

.rdata Size: 135KB - Virtual size: 134KB

.data Size: 17KB - Virtual size: 34KB

.rsrc Size: 223KB - Virtual size: 222KB

.reloc Size: 60KB - Virtual size: 60KB

.text
Size: 765KB - Virtual size: 764KB

.rdata
Size: 135KB - Virtual size: 134KB

.data
Size: 17KB - Virtual size: 34KB

.rsrc
Size: 223KB - Virtual size: 222KB

.reloc
Size: 60KB - Virtual size: 60KB