a5e574cc4609be2b81a8d7bdbfcb0a12_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a5e574cc4609be2b81a8d7bdbfcb0a12_JaffaCakes118
Size

231KB
MD5

a5e574cc4609be2b81a8d7bdbfcb0a12
SHA1

51e5d327d3cc9f4b51be89b0dd2d24b87acb5d7f
SHA256

3a8e7e2fe41d26f92b9e3722609a686cc37cf9d78b8073ac596a3d8112622864
SHA512

ba669a4bb5a7d02c92eb0a8fc33231c46b79a2537abc5061ce779cf9cd67e5c14a228a0f4fd06be17f4847f714a22e181c21d5855018d9c1317d1792dbc2f8f5
SSDEEP

3072:ymhG4SCxRxQ/L4S7jF37QsVHQU9labscMaZZkVmZEb3vNTShTBfeer8wRm/64WuN:ymhgCxaH7jFruZ+5RTShTBmerRs9Wu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a5e574cc4609be2b81a8d7bdbfcb0a12_JaffaCakes118

Files

a5e574cc4609be2b81a8d7bdbfcb0a12_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e9ffe0c1c829f2781247167e2afe5443

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

X:\trash\code\work\rfb\trunk\bin\Release\hvnc.pdb

Imports

ws2_32

ioctlsocket
send
closesocket
shutdown
connect
accept
select
bind
listen
WSAGetLastError
__WSAFDIsSet
getpeername
inet_ntoa
recvfrom
recv
WSAStartup
gethostname
gethostbyname
socket
htons
inet_addr
setsockopt
htonl

winmm

timeGetTime

psapi

GetProcessImageFileNameW
EnumProcesses
GetModuleFileNameExW

ntdll

sscanf
RtlUnwind
memset
_wcsnicmp
ZwResumeThread
ZwMapViewOfSection
ZwUnmapViewOfSection
ZwQueryInformationProcess
ZwQueueApcThread
NtQuerySystemInformation
NtQueryVirtualMemory
strncpy
wcscmp
strchr
memmove
_allmul
_chkstk

shlwapi

StrStrIW
PathCombineW
PathSkipRootW
PathMatchSpecW
PathRemoveFileSpecW

dbghelp

MiniDumpWriteDump

kernel32

UnmapViewOfFile
lstrcpyA
MapViewOfFile
CreateFileMappingW
lstrlenA
GetFileSize
CreateFileA
TerminateThread
WaitForSingleObject
CreateEventW
SetEvent
GetTickCount
lstrcpyW
GetFileAttributesW
lstrcmpiW
lstrlenW
FindClose
FindFirstFileW
lstrcatW
GetSystemDirectoryW
SetFileTime
GetFileTime
CreateFileW
ExitProcess
CreateProcessW
ReleaseMutex
DeleteFileW
CopyFileW
WriteFile
MoveFileExW
_lclose
GetLocalTime
FindCloseChangeNotification
FindNextChangeNotification
FindFirstChangeNotificationW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
SetUnhandledExceptionFilter
CreateMutexW
GetComputerNameA
SetThreadExecutionState
FreeLibrary
LockResource
LoadResource
VirtualAlloc
SizeofResource
FindResourceW
LoadLibraryExW
lstrcmpiA
GetVolumeInformationA
VirtualFree
SetFilePointer
DeleteFileA
MoveFileExA
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateProcessA
GetTempFileNameA
GetTempPathA
WinExec
MoveFileA
lstrcatA
HeapAlloc
HeapReAlloc
HeapFree
HeapValidate
LeaveCriticalSection
EnterCriticalSection
ResumeThread
SetThreadPriority
CreateThread
GetLastError
Sleep
SetFileAttributesA
OpenMutexW
OpenProcess
DeleteCriticalSection
ResetEvent
InitializeCriticalSection
GetProcAddress
GetModuleHandleW
GetTimeZoneInformation
GetVersionExW
SetPriorityClass
SetErrorMode
_lopen
HeapCreate
OpenEventW
GetModuleFileNameA
SetFileAttributesW
GetCommandLineW
ReadProcessMemory
GetLocaleInfoW
VerLanguageNameW
GlobalMemoryStatus
GlobalMemoryStatusEx
GetSystemInfo
MultiByteToWideChar
CloseHandle
TerminateProcess
WideCharToMultiByte
GetEnvironmentVariableW
GetWindowsDirectoryW
ExitThread
GetSystemTime
FindNextFileW
ReadFile
CreateDirectoryA
RemoveDirectoryA
GetFileAttributesA
FileTimeToSystemTime
GetFileInformationByHandle
GetTempFileNameW
GetTempPathW
GetDriveTypeA
GetLogicalDriveStringsA
GetProcessHeap
GetHandleInformation
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LoadLibraryA
FileTimeToDosDateTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateDirectoryW
FileTimeToLocalFileTime

user32

CheckMenuItem
CheckMenuRadioItem
SendMessageW
GetKeyboardLayout
GetWindowThreadProcessId
TrackPopupMenu
DestroyMenu
DestroyIcon
DispatchMessageW
TranslateMessage
GetMessageW
CreateWindowExW
RegisterClassW
AttachThreadInput
SetClassLongW
GetClassLongW
SetWindowPos
SetWindowLongW
GetWindowLongW
DestroyWindow
PostMessageW
ShowWindow
IsIconic
LoadIconW
GetWindowTextLengthW
MoveWindow
GetClientRect
GetWindowRect
IsWindow
SetWindowTextW
GetDlgItem
DialogBoxIndirectParamW
ReleaseDC
GetTopWindow
GetSystemMetrics
FindWindowExW
GetDoubleClickTime
GetWindow
SetCaretBlinkTime
SystemParametersInfoW
GetShellWindow
GetDesktopWindow
CreateDesktopW
ToUnicodeEx
VkKeyScanExW
MapVirtualKeyW
GetLastActivePopup
IsWindowVisible
MapWindowPoints
GetParent
IsRectEmpty
GetMenuItemInfoW
GetSystemMenu
SendMessageTimeoutW
SetForegroundWindow
GetClassNameA
GetAncestor
GetWindowInfo
GetWindowRgn
PrintWindow
RedrawWindow
GetScrollBarInfo
FrameRect
RegisterWindowMessageW
SetFocus
BringWindowToTop
EnumChildWindows
PtInRect
RealChildWindowFromPoint
GetFocus
UnhookWinEvent
SetWinEventHook
GetUserObjectInformationW
EndDialog
GetKeyboardLayoutList
GetDC
CreatePopupMenu
AppendMenuW
FillRect
DrawTextW
CreateIconIndirect
SetTimer
OpenWindowStationW
GetProcessWindowStation
SetProcessWindowStation
OpenDesktopW
CloseDesktop
CharToOemA
SetThreadDesktop
wsprintfA
wsprintfW
GetLastInputInfo

gdi32

GetObjectW
GetDIBits
GdiFlush
GetDeviceCaps
CreateFontIndirectW
CreateFontW
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetTextColor
SetBkColor
CreateSolidBrush
CreateBitmap
DeleteDC
CreateDIBSection
DeleteObject
BitBlt
OffsetRgn
SelectClipRgn
CreatePatternBrush
CreateRectRgn

advapi32

RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegNotifyChangeKeyValue
EncryptFileW
RegDeleteValueW
EncryptFileA
RegQueryValueExW
RegOpenKeyW
RegQueryValueW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueW

shell32

SHGetSpecialFolderPathA
SHGetFolderPathW
CommandLineToArgvW
Shell_NotifyIconW
ExtractIconExW

ole32

CoInitialize
CoCreateGuid
CoUninitialize

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.config
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9ffe0c1c829f2781247167e2afe5443

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

winmm

psapi

ntdll

shlwapi

dbghelp

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 152KB - Virtual size: 151KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 4KB - Virtual size: 16KB

.config Size: 1024B - Virtual size: 524B

.rsrc Size: 36KB - Virtual size: 35KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 152KB - Virtual size: 151KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 4KB - Virtual size: 16KB

.config
Size: 1024B - Virtual size: 524B

.rsrc
Size: 36KB - Virtual size: 35KB

.reloc
Size: 6KB - Virtual size: 5KB