af3eacb4bc550141151346b84c6e14b9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

af3eacb4bc550141151346b84c6e14b9_JaffaCakes118
Size

192KB
MD5

af3eacb4bc550141151346b84c6e14b9
SHA1

b664ffc27318b73e81b77114714ed199df74a15a
SHA256

2bf7395e387661b74b6968ed5549489c58d2b69ced2223e735cb87bd009af732
SHA512

dc42e2fdebf4f4bae57e5bf10c78e5b33d7a934cc8e2ff110150d10c5c2912738ab20a62332373ad7de10cee67d6ae40196a3b8edf275f97816c51dfd91751c9
SSDEEP

3072:IhJJBTWWm5mbLF8nwxsKOlNFNCeHhHQKuyh8jXtpQtKpOlQUU4VG7lrEl3RD:I3WWm5gJ8nwxsKOXWeH9us87tpkBGk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af3eacb4bc550141151346b84c6e14b9_JaffaCakes118

Files

af3eacb4bc550141151346b84c6e14b9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

549dce1a70d8443355a0992f4b7040b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Build2\s\Dynasty\ODHttp\Release\ODHttp.pdb

Imports

kernel32

VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
TerminateProcess
HeapReAlloc
ExitThread
CreateThread
HeapSize
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
HeapFree
GetCurrentProcessId
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
IsBadWritePtr
SetUnhandledExceptionFilter
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapAlloc
GetSystemTimeAsFileTime
ExitProcess
RtlUnwind
GetStartupInfoW
SetErrorMode
GlobalFlags
InterlockedIncrement
WritePrivateProfileStringW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GlobalFindAtomW
GetModuleHandleA
lstrcatW
GetVersionExA
CreateEventW
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GlobalAddAtomW
InterlockedDecrement
GetLastError
GlobalFree
GlobalUnlock
FormatMessageW
lstrcpynW
LocalFree
GetCurrentThread
GetCurrentThreadId
GlobalLock
lstrcmpW
GlobalAlloc
GlobalDeleteAtom
GetModuleHandleW
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcpyW
LoadLibraryW
GetLocaleInfoW
SetLastError
GetModuleFileNameW
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
GetFileAttributesW
CreateFileW
GetFileSize
GetSystemTime
lstrlenA
GetFullPathNameW
GetFileTime
FileTimeToSystemTime
ReadFile
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
lstrlenW
CreateProcessW
CloseHandle
GetTickCount
WaitForSingleObject

user32

DestroyMenu
GetSysColorBrush
LoadCursorW
ShowWindow
SetWindowTextW
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
wsprintfW
RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconW
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
GetSysColor
AdjustWindowRectEx
GetClassInfoW
RegisterClassW
UnregisterClassW
GetDlgCtrlID
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
CopyRect
PtInRect
GetWindow
SetMenuItemBitmaps
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
MessageBoxW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
SendMessageW
SetCursor
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostQuitMessage
EnableWindow
PeekMessageW
DispatchMessageW
DefWindowProcW
PostMessageW

gdi32

TextOutW
RectVisible
PtVisible
DeleteObject
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
ExtTextOutW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

comctl32

ord17

shlwapi

PathFindFileNameW
PathFindExtensionW

ws2_32

WSACleanup
WSAStartup
WSAGetLastError
shutdown
inet_addr
gethostbyname
inet_ntoa
htonl
getservbyname
htons
gethostbyaddr
getservbyport
ntohs
WSASetLastError
getsockname
accept
socket
select
bind
getpeername
connect
sendto
recvfrom
WSAAsyncSelect
send
recv
listen
closesocket

oleaut32

VariantInit
VariantChangeType
VariantClear

Sections

.text
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

549dce1a70d8443355a0992f4b7040b1

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

shlwapi

ws2_32

oleaut32

Sections

.text Size: 128KB - Virtual size: 124KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 8KB - Virtual size: 21KB

.rsrc Size: 24KB - Virtual size: 21KB

.text
Size: 128KB - Virtual size: 124KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 24KB - Virtual size: 21KB