a5813b0cd42f66f63ba9aefe95a424e9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a5813b0cd42f66f63ba9aefe95a424e9_JaffaCakes118
Size

1.4MB
MD5

a5813b0cd42f66f63ba9aefe95a424e9
SHA1

e6024617c5d7e418438f945e40d588ebe4d5db7b
SHA256

4ce9e0add93b29e9dc35a1dc13ef3c163a3baf4acef082a2b3b4d440ec9230bb
SHA512

fd09139a9f2276ba9555c9427e56630654397fd6b7355e44119ee65cf24aac05c3154640f5e483e50e2ec98a94c1862a6e989e3850376eb0b9fabc1764491950
SSDEEP

12288:KiadXLb0IC8JubFd26i0sHjaS7PM4LjQJP5qlDvtXZXCdsxCPQoCtJZX6RZL21Y6:ZwbH9+5qlD3XCaxCPpqZX6LCYpXO26N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a5813b0cd42f66f63ba9aefe95a424e9_JaffaCakes118

Files

a5813b0cd42f66f63ba9aefe95a424e9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

61dd1219fb4e521501eea6d3a6d37e07

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\My Projects\EliteProtector\trunk\bin\demo-release\EliteProtector.pdb

Imports

user32

GetCursorPos
SetCursor
LoadCursorA
CopyRect
PtInRect
SetWindowRgn
GetWindowRect
UpdateWindow
InvalidateRect
SetTimer
KillTimer
ScreenToClient
SendMessageA
EnableWindow
GetParent
LoadIconA
GetSystemMetrics
PostQuitMessage
IntersectRect
DrawTextA
FillRect
LoadBitmapA
SetWindowPos
SetLayeredWindowAttributes
PostThreadMessageA
LoadImageA
RegisterWindowMessageA
SetWindowTextA
GetDlgItem
GetClientRect
ReleaseCapture
GetMenuItemInfoA
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
SetCapture
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
UnpackDDElParam
ReuseDDElParam
LoadMenuA
GetWindowThreadProcessId
LoadAcceleratorsA
InsertMenuItemA
BringWindowToTop
SetMenu
TranslateAcceleratorA
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
IsWindowEnabled
ShowWindow
MoveWindow
IsDialogMessageA
SetRectEmpty
TabbedTextOutA
DrawTextExA
GrayStringA
GetKeyState
InflateRect
OffsetRect
GetSysColor
CreateCaret
SetCaretPos
HideCaret
ShowCaret
PostMessageA
SystemParametersInfoA
ExitWindowsEx
SetForegroundWindow
IsWindowVisible
DefWindowProcA
DestroyMenu
TrackPopupMenu
AppendMenuA
CreatePopupMenu
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassExA
VkKeyScanA
RegisterHotKey
MessageBoxA
CharUpperA
IsRectEmpty
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
RegisterClipboardFormatA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
CopyAcceleratorTableA
CharNextA
IsWindow
GetDC
ReleaseDC
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
GetWindow
GetWindowPlacement
IsIconic
SetWindowLongA
GetWindowLongA
CallWindowProcA
GetDlgCtrlID
DeferWindowPos
EqualRect
AdjustWindowRectEx
RegisterClassA
GetClassInfoA
GetClassInfoExA
GetMenu
MapWindowPoints
PeekMessageA
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
DestroyWindow
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
SetActiveWindow
GetLastActivePopup
GetForegroundWindow
GetWindowTextA
GetWindowTextLengthA
SetFocus
GetFocus
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
UnregisterClassA

wininet

FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
InternetQueryDataAvailable
InternetGetLastResponseInfoA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
HttpEndRequestA
HttpSendRequestExA
InternetConnectA
HttpOpenRequestA
InternetCanonicalizeUrlA
InternetReadFile
InternetCloseHandle
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
FindCloseUrlCache

kernel32

SetWaitableTimer
CreateWaitableTimerA
GetCurrentThread
SetEndOfFile
GetFileSize
SetFilePointer
GetCurrentProcess
ResumeThread
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCommandLineA
GetVersion
GetFileAttributesA
GlobalAddAtomA
GetCurrentThreadId
OpenEventA
InterlockedExchange
MultiByteToWideChar
CompareStringA
CompareStringW
SetFileAttributesA
CreateDirectoryA
RemoveDirectoryA
GetSystemDirectoryA
GetWindowsDirectoryA
QueryPerformanceFrequency
QueryPerformanceCounter
DeviceIoControl
GetVersionExA
InterlockedIncrement
InterlockedDecrement
ExpandEnvironmentStringsA
WaitForMultipleObjects
GetFileInformationByHandle
TerminateProcess
OpenProcess
Module32First
WritePrivateProfileStringA
MoveFileExA
CreateMutexA
ReleaseMutex
Module32Next
FindCloseChangeNotification
FindNextChangeNotification
FindFirstChangeNotificationA
LocalFree
LocalAlloc
SearchPathA
MapViewOfFile
UnmapViewOfFile
IsBadReadPtr
CreateFileMappingA
GetSystemWindowsDirectoryA
GetSystemInfo
SetFilePointerEx
OutputDebugStringA
SetLastError
FormatMessageA
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
GetFileTime
GetModuleFileNameW
GetThreadLocale
FlushFileBuffers
LockFile
UnlockFile
DuplicateHandle
GetFullPathNameA
SuspendThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrcmpA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GlobalFlags
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetCPInfo
GetOEMCP
SetErrorMode
GetCurrentDirectoryA
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetTimeFormatA
GetDateFormatA
HeapFree
HeapAlloc
HeapReAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
GetProcessHeap
GetStartupInfoA
ExitThread
ExitProcess
HeapSize
SetStdHandle
GetFileType
GetACP
IsValidCodePage
GetTimeZoneInformation
GetStdHandle
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
SetHandleCount
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
CancelWaitableTimer
LocalFileTimeToFileTime
SetThreadPriority
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
MulDiv
FreeResource
GlobalLock
GlobalFree
GlobalUnlock
GlobalAlloc
CreateThread
TerminateThread
ReadFile
MoveFileA
GetCurrentProcessId
CreateEventA
CreateProcessA
GetSystemTime
Sleep
WaitForSingleObject
ResetEvent
SetEvent
GetLogicalDrives
GetDriveTypeA
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
GlobalDeleteAtom
lstrlenA
SetCurrentDirectoryA
DeleteFileA
GetTempPathA
GetModuleFileNameA
GetFileAttributesExA
WriteFile
LoadLibraryA
FreeLibrary
GetProcAddress
CreateFileA
GetLastError
CloseHandle
FindResourceExA
GetModuleHandleA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
FindNextFileA
FindFirstFileA
FindClose
CreateFileW
GetVolumeInformationA

gdi32

CreatePatternBrush
GetRgnBox
GetTextColor
GetTextExtentPoint32A
CreateFontIndirectA
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetPixel
ExcludeClipRect
RestoreDC
SaveDC
CreateRectRgnIndirect
MoveToEx
LineTo
CreatePen
GetObjectA
CreateBitmap
SetMapMode
SetBkColor
SetDIBits
CreateDCA
GetDeviceCaps
StretchBlt
CreateSolidBrush
DeleteObject
CreateICA
DeleteDC
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
BitBlt
LPtoDP
DPtoLP
GetWindowExtEx
GetViewportExtEx
GetMapMode
GetBkColor
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontA
GetClipBox
CreateRoundRectRgn
SelectObject
SetTextColor
SetBkMode
GetStockObject

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueA
RegOpenKeyA
RegNotifyChangeKeyValue
RegEnumKeyA
RegDeleteKeyA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
GetUserNameA

shell32

ShellExecuteA
SHGetPathFromIDListA
SHGetMalloc
Shell_NotifyIconA
DragFinish
DragQueryFileA
SHChangeNotify
SHGetSpecialFolderLocation

comctl32

ImageList_Add
_TrackMouseEvent
ImageList_Draw

shlwapi

PathUnquoteSpacesA
SHCopyKeyA
PathMatchSpecA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathFindFileNameA
SHDeleteKeyA

oledlg

ord8

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
OleFlushClipboard
CLSIDFromString
CLSIDFromProgID
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoTaskMemAlloc
OleIsCurrentClipboard
CoRegisterMessageFilter
CoGetClassObject

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
OleCreateFontIndirect
VariantCopy
SysAllocStringByteLen
SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysFreeString
OleLoadPicture
SysAllocString

urlmon

URLDownloadToCacheFileA

ws2_32

send
connect
socket
inet_addr
htons
WSCEnumProtocols
listen
accept
WSAGetLastError
WSAStartup
recv
shutdown
WSCGetProviderPath
WSCDeinstallProvider
bind
closesocket

netapi32

Netbios

rasapi32

RasHangUpA
RasConnectionNotificationA
RasEnumEntriesA
RasGetEntryPropertiesA
RasEnumConnectionsA

Sections

.text
Size: 1004KB - Virtual size: 1000KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 236KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61dd1219fb4e521501eea6d3a6d37e07

Headers

File Characteristics

PDB Paths

Imports

user32

wininet

kernel32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

ws2_32

netapi32

rasapi32

Sections

.text Size: 1004KB - Virtual size: 1000KB

.rdata Size: 236KB - Virtual size: 232KB

.data Size: 48KB - Virtual size: 69KB

.rsrc Size: 140KB - Virtual size: 136KB

.text
Size: 1004KB - Virtual size: 1000KB

.rdata
Size: 236KB - Virtual size: 232KB

.data
Size: 48KB - Virtual size: 69KB

.rsrc
Size: 140KB - Virtual size: 136KB