8d5e18ee1859ebce8c6db62ec936059a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8d5e18ee1859ebce8c6db62ec936059a_JaffaCakes118
Size

315KB
MD5

8d5e18ee1859ebce8c6db62ec936059a
SHA1

17b5745f076f8c51246cc4fb31e2dedf6b32836b
SHA256

e05253e3889ab93cdda3fe3cf0696e98d4ff9ff4fce19abace52d472bc334361
SHA512

9ce86eb56dd6f7da38b6a4cf01374a2c4326807c81eec20e0e6a7806d6f4f48ba6cc477f428687d27dad2eb98282f4cb43d6900a1382a32d2733b1563e0a0b6f
SSDEEP

3072:7MYxGc5iTOB6Z6DU3AAaAAR3hk7AVlC0/VNRfWV3HqRqnkflao23Dpjf3C5CRB2U:7oX4QSnk7AVg0/Vje1SqkfloDpJj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d5e18ee1859ebce8c6db62ec936059a_JaffaCakes118

Files

8d5e18ee1859ebce8c6db62ec936059a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

db0fdb7fb58711ad6d0c2a417ea741c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\26_10_2010\New_FTP_HttpWithLatestfile2_FirstBlood_Released\New_FTP_HttpWithLatestfile2\Release\FirstBloodA1.pdb

Imports

kernel32

lstrlenA
lstrcatA
CreateProcessA
GetFileSize
WriteFile
MoveFileExA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetComputerNameA
FileTimeToSystemTime
FindClose
FindNextFileA
FindFirstFileA
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ResumeThread
SetThreadPriority
GetCurrentThreadId
WaitForSingleObject
SetEvent
SuspendThread
CreateEventA
MultiByteToWideChar
GetModuleHandleA
LocalFree
FormatMessageA
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
SetLastError
DeleteFileA
LoadLibraryA
ReadFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetFullPathNameA
GetProcAddress
FileTimeToLocalFileTime
FreeLibrary
LocalAlloc
InterlockedDecrement
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetVersionExA
lstrcmpW
CompareStringA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetModuleHandleW
InterlockedIncrement
GetCurrentProcessId
lstrcmpA
GetFileAttributesA
GetFileSizeEx
GetFileTime
GlobalFlags
InterlockedExchange
GetLocaleInfoA
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetCurrentDirectoryA
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapAlloc
GetCommandLineA
GetStartupInfoA
RtlUnwind
ExitThread
RaiseException
VirtualAlloc
HeapReAlloc
HeapSize
SetStdHandle
GetFileType
ExitProcess
HeapCreate
VirtualFree
SetHandleCount
GetStdHandle
GetConsoleCP
GetConsoleMode
GetACP
IsValidCodePage
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetDriveTypeA
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
GetModuleFileNameA
GetTempPathA
GetLastError
CreateMutexA
CreateThread
Sleep
CloseHandle
CreateFileA
SizeofResource
LockResource
LoadResource
FindResourceA
CreateFileW

user32

GetWindowTextA
IsWindow
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassLongA
GetCapture
WinHelpA
LoadIconA
RegisterWindowMessageA
SetWindowTextA
ShowWindow
IsWindowEnabled
GetSysColorBrush
ReleaseDC
GetDC
LoadCursorA
GetWindowThreadProcessId
ClientToScreen
DestroyMenu
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetForegroundWindow
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
IsWindowVisible
SendMessageA
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenu
GetSystemMetrics
EnableWindow
SetForegroundWindow
GetClientRect
PostMessageA
MessageBoxA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
CallWindowProcA
GetMenu
GetWindowLongA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
UnhookWindowsHookEx
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
GetParent
ModifyMenuA
EnableMenuItem
CheckMenuItem
LoadStringA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
GetLastActivePopup
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
CharUpperA
KillTimer
SetTimer
PostThreadMessageA
EndDialog
PostQuitMessage
EndPaint
TranslateMessage
DispatchMessageA
RegisterClassExA
CreateWindowExA
BeginPaint
DefWindowProcA
DestroyWindow
DialogBoxParamA
UpdateWindow
GetFocus

advapi32

CryptDeriveKey
CryptHashData
CryptCreateHash
CryptDestroyHash
CryptAcquireContextA
CryptReleaseContext
CryptDecrypt
CryptEncrypt
RegOpenKeyExA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

shlwapi

PathRemoveFileSpecA
PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathFileExistsA

ws2_32

recv
closesocket
send
socket
htons
connect
WSAStartup
WSACleanup

dnsapi

DnsFree
DnsQuery_A

wininet

HttpOpenRequestA
InternetConnectA
HttpSendRequestExA
HttpEndRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpAddRequestHeadersA
InternetQueryDataAvailable

oleacc

CreateStdAccessibleObject
LresultFromObject

gdi32

SetMapMode
RestoreDC
SaveDC
ExtTextOutA
DeleteObject
SetBkColor
SetTextColor
GetClipBox
GetStockObject
DeleteDC
CreateBitmap
GetDeviceCaps
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comdlg32

GetFileTitleA

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db0fdb7fb58711ad6d0c2a417ea741c6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

shlwapi

ws2_32

dnsapi

wininet

oleacc

gdi32

winspool.drv

comdlg32

oleaut32

Sections

.text Size: 223KB - Virtual size: 222KB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 9KB - Virtual size: 29KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 223KB - Virtual size: 222KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 9KB - Virtual size: 29KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 33KB - Virtual size: 33KB