ad675261d5f2b5dcbd52dda8c6347935_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ad675261d5f2b5dcbd52dda8c6347935_JaffaCakes118
Size

1.8MB
MD5

ad675261d5f2b5dcbd52dda8c6347935
SHA1

4585a7fbd24df53bc8f46ab0001ffa99ee1ec603
SHA256

17ac28377094e1406735aef0c10dc98222b7e4afcf152664e8b3dfd84d13b316
SHA512

ee85a67583b14ea57aba8e281715d16ab74255d33271288baccbe48812fa2abc5174c67e67df616edc15497e565eeebf79cc167ea0460827cf480a5a3ffac41b
SSDEEP

24576:qvg9O+nEIfbanDm9HpROZgMyUXvnIVyJp:gg9Zp6gMBXvnIVy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad675261d5f2b5dcbd52dda8c6347935_JaffaCakes118

Files

ad675261d5f2b5dcbd52dda8c6347935_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7bce33d5cae1d4eda6bf00829d829e68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\Babylon9\Release-Lite_Win32\Setup32.pdb

Imports

oleacc

AccessibleObjectFromWindow
AccessibleObjectFromEvent

iphlpapi

GetAdaptersInfo

kernel32

TlsAlloc
IsBadStringPtrW
TlsSetValue
TlsGetValue
GetFileSize
ReadFile
GetCurrentProcessId
SizeofResource
LoadResource
LockResource
FreeResource
InitializeCriticalSectionAndSpinCount
GetComputerNameW
GetLocalTime
GetWindowsDirectoryW
FormatMessageW
CreateDirectoryW
WriteFile
SetFileTime
GetFileTime
VirtualFree
VirtualAlloc
SetEvent
ReleaseSemaphore
ResetEvent
CopyFileW
SetFileAttributesW
DeleteFileW
FlushFileBuffers
LocalFree
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
GetVersionExW
GetSystemWow64DirectoryW
GetLocaleInfoW
GetStartupInfoW
CreateProcessW
GetExitCodeProcess
IsBadReadPtr
IsBadCodePtr
HeapAlloc
GetProcessHeap
HeapFree
ReleaseMutex
LoadLibraryExW
lstrcmpiW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
SetEndOfFile
FindResourceW
GetDriveTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetModuleHandleA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCurrentDirectoryA
SetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
SetFilePointer
GetDateFormatA
GetTimeFormatA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetOEMCP
GetCPInfo
HeapSize
TlsFree
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
RtlUnwind
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileType
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
RemoveDirectoryW
MoveFileW
GetFullPathNameW
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualProtect
GetSystemTimeAsFileTime
CreateThread
ExitThread
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
CreateMutexW
WaitForMultipleObjects
FindClose
FindNextFileW
FindFirstFileW
GetShortPathNameW
lstrlenA
GetPrivateProfileIntW
GetFileAttributesW
GetTickCount
SetCurrentDirectoryW
GetModuleHandleW
GetDiskFreeSpaceExW
GetProcAddress
GetCommandLineW
IsValidCodePage
FreeLibrary
LoadLibraryW
GetVolumeInformationW
GetCurrentDirectoryW
MapViewOfFile
CreateFileMappingW
CreateFileW
MoveFileExW
SystemTimeToFileTime
GetSystemTime
FileTimeToSystemTime
GetTempPathW
GetSystemDirectoryW
TerminateProcess
OpenProcess
GetUserDefaultUILanguage
GetUserDefaultLCID
WaitForSingleObject
Sleep
GetPrivateProfileStringW
WideCharToMultiByte
GetACP
SetThreadPriority
CloseHandle
MultiByteToWideChar
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
GetLastError
DeleteCriticalSection
SetLastError
RaiseException
InitializeCriticalSection
GetModuleFileNameW
MulDiv
lstrlenW
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection

user32

GetMessageW
TranslateMessage
DispatchMessageW
SetWindowsHookExW
UnregisterClassA
SetWindowLongW
GetWindowLongW
DefWindowProcW
CallWindowProcW
RedrawWindow
GetWindowRect
SetFocus
WindowFromPoint
SetWindowPos
GetClientRect
GetParent
GetWindow
GetDC
ReleaseDC
UnhookWindowsHookEx
CallNextHookEx
SetWinEventHook
UnhookWinEvent
PostThreadMessageW
EnumChildWindows
IsWindowVisible
SetForegroundWindow
SetCursor
FrameRect
DrawFocusRect
MessageBoxExW
GetKeyboardLayoutList
GetKeyboardLayout
LockSetForegroundWindow
GetForegroundWindow
AttachThreadInput
UnionRect
LoadBitmapW
GetKeyState
GetCursorPos
SetCursorPos
SendInput
SendMessageTimeoutW
EnumWindows
PostQuitMessage
GetDlgItemTextW
MessageBoxW
UpdateWindow
PostMessageW
RegisterWindowMessageW
ShowWindow
IsWindow
DestroyWindow
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
EndDialog
GetDlgItem
DestroyAcceleratorTable
GetDesktopWindow
InvalidateRect
InvalidateRgn
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
ClientToScreen
CreateAcceleratorTableW
CharNextW
GetSysColor
GetClassNameW
SendMessageW
GetFocus
IsChild
EndPaint
BeginPaint
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
InflateRect
BringWindowToTop
SetParent
EnableWindow
SendDlgItemMessageW
SetDlgItemTextW
CreateDialogParamW
wsprintfW
SetTimer
KillTimer
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetSysColorBrush
IsIconic
IsZoomed
GetSystemMetrics
SetRect
DrawTextW
CheckDlgButton
IsDlgButtonChecked
FindWindowW
GetWindowThreadProcessId
LoadIconW
IsWindowEnabled
OffsetRect
DialogBoxParamW
SystemParametersInfoW

gdi32

GetCharacterPlacementW
CreateFontIndirectW
SetMapMode
GetMapMode
GetObjectType
GetTextExtentPoint32W
SetBkMode
SetTextColor
SetBkColor
SelectObject
DeleteObject
GetDeviceCaps
GetStockObject
GetObjectW
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
CreateFontW
GetTextFaceW
GetTextCharset
BitBlt
GetTextMetricsW

advapi32

RegCloseKey
RegQueryValueExW
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
CreateProcessAsUserW
GetLengthSid
SetTokenInformation
DuplicateTokenEx
FreeSid
AllocateAndInitializeSid
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
SetEntriesInAclW
SetSecurityInfo
GetSecurityInfo
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetUserNameW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW

shell32

SHFileOperationW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderPathW
ShellExecuteW
SHChangeNotify

ole32

CoTaskMemRealloc
CoCreateGuid
CoGetMalloc
CoTaskMemFree
CoUninitialize
CoInitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoCreateInstance
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleUninitialize

oleaut32

VarUI4FromStr
SafeArrayUnlock
SafeArrayLock
SafeArrayCreate
SafeArrayDestroy
SafeArrayCopy
SafeArrayGetVartype
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
OleCreateFontIndirect
DispCallFunc
LoadTypeLi
LoadRegTypeLi
SysStringLen
VariantInit
SysAllocString
SysAllocStringLen
SysFreeString
VariantClear
VariantCopy
VariantChangeType

shlwapi

PathAddBackslashW
PathRemoveBackslashW
PathFindFileNameW
PathIsDirectoryW
PathFindFileNameA
PathFindExtensionW
StrStrIW

comctl32

ord17

gdiplus

GdiplusShutdown

ws2_32

WSACleanup
WSAStartup

wininet

InternetSetFilePointer
InternetReadFile
HttpQueryInfoW
InternetErrorDlg
HttpSendRequestW
InternetQueryOptionW
HttpOpenRequestW
InternetConnectW
InternetGetLastResponseInfoW
InternetSetCookieExW
InternetGetCookieExW
InternetCrackUrlW
InternetOpenUrlW
InternetSetOptionW
InternetOpenW
InternetCloseHandle

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetProcessImageFileNameW
EnumProcessModules
GetModuleFileNameExW

Sections

.text
Size: 998KB - Virtual size: 998KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 366KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ezdurpj
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.prdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7bce33d5cae1d4eda6bf00829d829e68

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

oleacc

iphlpapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

ws2_32

wininet

version

psapi

Sections

.text Size: 998KB - Virtual size: 998KB

.rdata Size: 230KB - Virtual size: 230KB

.data Size: 366KB - Virtual size: 396KB

.rsrc Size: 184KB - Virtual size: 184KB

ezdurpj Size: - Virtual size: 4KB

.prdata Size: 76KB - Virtual size: 76KB

.text
Size: 998KB - Virtual size: 998KB

.rdata
Size: 230KB - Virtual size: 230KB

.data
Size: 366KB - Virtual size: 396KB

.rsrc
Size: 184KB - Virtual size: 184KB

ezdurpj
Size: - Virtual size: 4KB

.prdata
Size: 76KB - Virtual size: 76KB