a08b3f52439aef3d80a316941b84b6fb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a08b3f52439aef3d80a316941b84b6fb_JaffaCakes118
Size

3.2MB
MD5

a08b3f52439aef3d80a316941b84b6fb
SHA1

b158ce1ab563d4c77210f8e4f5b9ff4b031cf77d
SHA256

5be8c1808ead4a339a39bf579a51ecaa3f65b464b6b2fb3068d8634b5c9ffadd
SHA512

3787ad6514e058a32f0e08ec596983a37b8a57d4b347c46d5e9b63e5564e9f276f1f1042f8e4d59a15cd658d039df0cd3807d1498caca993734ef090cfd57f44
SSDEEP

98304:Uu0deApx2egJ4HXb1LzBBxC49sbAcgqZhs+4P8bU1qv:UuaeASJC7xCiugqZhs+4UbAqv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a08b3f52439aef3d80a316941b84b6fb_JaffaCakes118

Files

a08b3f52439aef3d80a316941b84b6fb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b37638abb002ab1dbd4da921cd91d4b3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\src-branches\92.i18n\googleclient\talk\build\ext_opt\obj\app\win32\tr\googletalk-tr_exe.pdb

Imports

kernel32

GetFileInformationByHandle
PeekNamedPipe
GetTickCount
SetUnhandledExceptionFilter
LoadLibraryW
GetModuleFileNameA
CreateMutexW
OpenMutexW
WaitForSingleObject
Sleep
TerminateProcess
GetCurrentProcessId
ReleaseMutex
SetEnvironmentVariableA
CompareStringA
SetEndOfFile
IsBadCodePtr
IsBadReadPtr
CreateFileA
SetStdHandle
GetOEMCP
IsValidCodePage
IsValidLocale
WideCharToMultiByte
GetUserDefaultLCID
GetTimeZoneInformation
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
WriteFile
SetLastError
IsBadWritePtr
VirtualFree
HeapCreate
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
ExitThread
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
ExitProcess
HeapSize
HeapReAlloc
HeapDestroy
CreateEventA
GetLocalTime
GetDateFormatA
GetTimeFormatA
QueryPerformanceFrequency
GetVersion
GetVersionExA
QueryPerformanceCounter
LoadLibraryA
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
OutputDebugStringA
GetModuleHandleA
FormatMessageA
SetThreadPriority
GetLocaleInfoW
lstrlenA
GlobalAlloc
GetSystemTime
SystemTimeToFileTime
lstrcmpW
GlobalSize
GetStartupInfoW
CreateProcessW
GetModuleHandleW
LoadLibraryExW
MultiByteToWideChar
FreeLibrary
GlobalLock
GlobalUnlock
GlobalFree
lstrcatW
lstrcpynW
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
HeapFree
OpenProcess
GetCurrentThread
CloseHandle
GetCurrentThreadId
lstrcmpiW
GetProcessHeap
HeapAlloc
GetCurrentProcess
FlushInstructionCache
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrcpyW
lstrlenW
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
EnumSystemLocalesA
InterlockedExchange
CompareStringW
GetTempFileNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEvent
ResetEvent
FileTimeToLocalFileTime
LocalAlloc
ExpandEnvironmentStringsW
CreateEventW
DeleteFileW
MoveFileW
CopyFileW
FindNextFileW
GetFileAttributesW
CreateDirectoryW
FormatMessageW
GetSystemTimeAsFileTime
CreateThread
GetProcAddress
ReadFile
SetFilePointer
GetFileSize
FlushFileBuffers
CreateFileW
GetTempPathW
IsDebuggerPresent
MulDiv
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
FindClose
FindFirstFileW
LocalFree

user32

SetWindowLongW
ShowWindow
UnhookWindowsHookEx
SetWindowsHookExW
CharNextW
UnregisterClassW
DispatchMessageW
CallNextHookEx
PostMessageW
CopyRect
DestroyIcon
GetAncestor
IsWindowVisible
GetDesktopWindow
SetFocus
GetMessagePos
CreateWindowExW
GetWindowLongW
PostQuitMessage
IsIconic
SetWindowPos
GetWindowRect
GetClientRect
MapWindowPoints
InvalidateRect
SetTimer
KillTimer
SetActiveWindow
GetMonitorInfoW
MonitorFromWindow
IsChild
SystemParametersInfoW
SetWindowRgn
InflateRect
GetSystemMetrics
IsRectEmpty
IntersectRect
GetWindow
EqualRect
OffsetRect
GetClassInfoExW
wsprintfW
LoadCursorW
TrackPopupMenu
DestroyMenu
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetMenuItemInfoW
GetLastInputInfo
GetForegroundWindow
GetCursorPos
GetSubMenu
EnumWindows
CallWindowProcW
SetCursor
GetKeyState
GetActiveWindow
GetWindowThreadProcessId
WindowFromPoint
RegisterClassExW
EndDialog
GetParent
SetWindowTextW
LoadIconW
GetDlgItem
MonitorFromRect
MonitorFromPoint
DialogBoxParamW
CreateDialogParamW
DrawAnimatedRects
FindWindowExW
MessageBoxW
CopyIcon
RegisterHotKey
LoadMenuW
GetCaretBlinkTime
EndPaint
BeginPaint
ReleaseCapture
SetCapture
RegisterWindowMessageW
ReleaseDC
GetDC
FillRect
LoadBitmapW
FrameRect
PtInRect
SetRectEmpty
UnionRect
DrawFocusRect
EnableWindow
GetWindowTextW
GetWindowTextLengthW
ClientToScreen
ScreenToClient
IsWindowEnabled
GetDlgItemInt
SetDlgItemInt
SetDlgItemTextW
MessageBeep
GetFocus
RegisterClassW
GetSysColor
SetParent
PostThreadMessageW
AppendMenuW
CreatePopupMenu
GetMenuStringW
GetWindowDC
UpdateWindow
GetLastActivePopup
FlashWindowEx
ClipCursor
DeleteMenu
GetSystemMenu
GetDCEx
DrawFrameControl
RedrawWindow
HideCaret
ShowCaret
GetMenuItemInfoW
GetSysColorBrush
EnableMenuItem
CheckMenuItem
IsDialogMessageW
GetUpdateRect
ScrollWindowEx
GetScrollInfo
SetScrollInfo
GetCapture
GetDoubleClickTime
RegisterClipboardFormatW
AnimateWindow
BringWindowToTop
GetMenuItemRect
InvalidateRgn
DestroyAcceleratorTable
CreateAcceleratorTableW
SetRect
TrackMouseEvent
MessageBoxA
DefWindowProcW
SetForegroundWindow
FindWindowW
IsWindow
GetClassNameW
LoadImageW
DestroyWindow
SendMessageW
PeekMessageW
GetMessageW
TranslateMessage

advapi32

RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
CryptImportKey
CryptDestroyKey
CryptVerifySignatureW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
LookupAccountSidW
GetTokenInformation
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyW
RegCreateKeyW

secur32

AcquireCredentialsHandleW
EncryptMessage
DecryptMessage
ApplyControlToken
FreeContextBuffer
InitializeSecurityContextA
AcquireCredentialsHandleA
CompleteAuthToken
DeleteSecurityContext
FreeCredentialsHandle
QueryContextAttributesW
InitSecurityInterfaceW

ws2_32

getsockname
getpeername
WSAAsyncSelect
WSASocketW
WSAStartup
accept
inet_addr
gethostbyname
WSACleanup
WSACloseEvent
WSASetEvent
WSAResetEvent
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAEventSelect
WSACreateEvent
ioctlsocket
socket
closesocket
ntohl
WSAGetLastError
WSAAsyncGetHostByName
htons
htonl
ntohs
connect
setsockopt
bind
send
sendto
recv
recvfrom
listen
WSACancelAsyncRequest

riched20

ord6
ord4

ole32

CoCreateFreeThreadedMarshaler
CoInitialize
CoUninitialize
OleInitialize
CoInitializeSecurity
OleUninitialize
CoCreateInstance
StringFromGUID2
CoTaskMemRealloc
CoCreateGuid
CoTaskMemAlloc
CoRegisterClassObject
CoRevokeClassObject
CreateStreamOnHGlobal
OleLockRunning
CoGetClassObject
RevokeDragDrop
RegisterDragDrop
ReleaseStgMedium
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoInitializeEx

shell32

SHGetFolderPathW
SHAppBarMessage
ShellExecuteW
Shell_NotifyIconW
DragQueryFileW
ShellExecuteExW
SHGetSpecialFolderPathW

oleaut32

SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SystemTimeToVariantTime
LoadRegTypeLi
OleCreateFontIndirect
SysStringLen
VariantChangeType
VariantInit
OleLoadPicturePath
SafeArrayRedim
SafeArrayDestroy
SafeArrayCreate
VariantCopyInd
SafeArrayLock
SafeArrayUnlock
SafeArrayGetLBound
SafeArrayGetUBound
VariantClear
VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VarUI4FromStr

shlwapi

SHDeleteKeyW
PathRemoveFileSpecW
PathFindExtensionW

comctl32

ImageList_Create
ImageList_AddMasked
InitCommonControlsEx

msimg32

AlphaBlend

gdi32

CreatePolygonRgn
GetTextMetricsW
SelectObject
CreateFontIndirectW
GetDeviceCaps
DeleteObject
BitBlt
CreateSolidBrush
CreateCompatibleDC
CreateBitmap
GetObjectW
GetStockObject
DeleteDC
Polygon
IntersectClipRect
SelectClipRgn
SetViewportExtEx
SetWindowExtEx
SetMapMode
SetTextColor
SetBkMode
CreatePen
CreateCompatibleBitmap
CreateDIBSection
SetBkColor
RectInRegion
RealizePalette
SelectPalette
SetViewportOrgEx

urlmon

URLDownloadToFileW

setupapi

SetupIterateCabinetW
SetupTermDefaultQueueCallback
SetupDefaultQueueCallbackW
SetupInitDefaultQueueCallback

msacm32

acmStreamOpen
acmStreamPrepareHeader
acmDriverEnum
acmDriverDetailsA
acmStreamConvert
acmStreamUnprepareHeader
acmStreamClose
acmDriverClose
acmDriverOpen

crypt32

CryptUnprotectData
CryptDecodeObject
CryptProtectData

sensapi

IsNetworkAlive

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

InternetGetCookieW
InternetCrackUrlW
InternetOpenW
InternetConnectW
DeleteUrlCacheEntryW
InternetQueryOptionW
InternetSetCookieW
HttpSendRequestW
HttpOpenRequestW
InternetCloseHandle

winmm

waveOutGetDevCapsA
waveOutGetPosition
mixerGetDevCapsA
waveInOpen
mixerGetNumDevs
waveInGetDevCapsA
timeSetEvent
timeKillEvent
mixerOpen
waveInStop
waveInReset
waveInUnprepareHeader
waveInClose
mixerGetControlDetailsA
mixerClose
mixerGetLineInfoA
mixerGetLineControlsA
waveInGetPosition
waveInPrepareHeader
waveInAddBuffer
waveOutUnprepareHeader
waveOutWrite
waveOutPrepareHeader
waveOutClose
waveOutReset
waveOutOpen
waveOutGetNumDevs
waveInGetDevCapsW
waveInGetNumDevs
waveOutGetDevCapsW
mixerSetControlDetails
mixerGetLineControlsW
mixerGetLineInfoW
mixerGetID
waveOutMessage
mixerGetControlDetailsW
waveInMessage
timeGetTime
waveInStart

oleacc

LresultFromObject
CreateStdAccessibleObject

comdlg32

GetOpenFileNameW
ChooseFontW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b37638abb002ab1dbd4da921cd91d4b3

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

secur32

ws2_32

riched20

ole32

shell32

oleaut32

shlwapi

comctl32

msimg32

gdi32

urlmon

setupapi

msacm32

crypt32

sensapi

version

wininet

winmm

oleacc

comdlg32

iphlpapi

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 228KB - Virtual size: 227KB

.data Size: 28KB - Virtual size: 83KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 228KB - Virtual size: 227KB

.data
Size: 28KB - Virtual size: 83KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.rmnet
Size: 60KB - Virtual size: 60KB