b17c7a94fbe8421a105f28ce2c9ef8dc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b17c7a94fbe8421a105f28ce2c9ef8dc_JaffaCakes118
Size

861KB
MD5

b17c7a94fbe8421a105f28ce2c9ef8dc
SHA1

a51c5a3a2b36142d361a09ca5854e0abdada4af0
SHA256

afcd7382c12960d7e0942d90000930fbadd525193b0f43a007e55503f9c7970a
SHA512

928872e1d9bea46038a66f2ebda7cb9aae6537dac45ed9a222d0dd2016f3b08ef5a4ed52c39d66ae1a422f681f837dbe6af1ceb2a4bbae781fa2c2096c21acce
SSDEEP

12288:MOkKWL1NaOn58ih9bV7L2aZl6dSwUP2+2qsodCwOmCUj8VBXJI7cvs:MObevnqPXdS322sCCwOmCW8vXJIms

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b17c7a94fbe8421a105f28ce2c9ef8dc_JaffaCakes118

Files

b17c7a94fbe8421a105f28ce2c9ef8dc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

20caac9d2625b1151725cf1134fdd659

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\XF Code\DLPlugins_proj\trunk\Tencentdl\Output\Release\Tencentdl.pdb

Imports

kernel32

HeapFree
GetProcessHeap
TlsGetValue
TlsSetValue
SetWaitableTimer
PostQueuedCompletionStatus
HeapAlloc
WaitForSingleObject
GetCurrentThreadId
QueueUserAPC
TerminateThread
WaitForMultipleObjects
GetQueuedCompletionStatus
CreateIoCompletionPort
SetLastError
InterlockedCompareExchange
FlushInstructionCache
GetCurrentProcess
GetSystemTimeAsFileTime
GetTickCount
SleepEx
CreateWaitableTimerA
DeleteFileA
CreateToolhelp32Snapshot
CopyFileA
Sleep
CreateThread
GetCommandLineA
SetDllDirectoryA
GetVersionExA
DeviceIoControl
CreateFileA
RemoveDirectoryA
SetFileAttributesA
MoveFileA
GetFileSize
FlushFileBuffers
WriteFile
ReadFile
SetFilePointer
LoadLibraryA
ResetEvent
OpenProcess
WritePrivateProfileStringA
GetPrivateProfileIntA
InitializeCriticalSectionAndSpinCount
SystemTimeToFileTime
ResumeThread
OpenEventA
FormatMessageA
LocalFree
GetThreadLocale
IsProcessorFeaturePresent
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
CloseHandle
GetLocaleInfoW
GetLocaleInfoA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
HeapSize
VirtualFree
HeapCreate
HeapDestroy
GetDateFormatA
GetTimeFormatA
GetStartupInfoA
GetDriveTypeA
FileTimeToLocalFileTime
ExitThread
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapReAlloc
IsDebuggerPresent
FindFirstFileA
FindNextFileA
FindClose
GetFileAttributesA
TlsAlloc
InterlockedExchangeAdd
SetEvent
CreateEventA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
GetModuleFileNameA
IsDBCSLeadByte
TlsFree
InterlockedExchange
lstrcmpiA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
GetSystemDirectoryA
GetModuleHandleA
GetProcAddress
InterlockedIncrement
lstrlenA
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
ReadProcessMemory
GetThreadSelectorEntry
GetCurrentThread
VirtualQueryEx
VirtualQuery
SetUnhandledExceptionFilter
OutputDebugStringA
GetCurrentProcessId
SetEndOfFile
FileTimeToSystemTime
CreateFileW
AreFileApisANSI
SetFileTime
CreateDirectoryA
FindFirstFileW
GetUserDefaultLCID
InterlockedDecrement
GetStdHandle
SetFileAttributesW
DeleteFileW
GetCurrentDirectoryA
CreateDirectoryW
GetFullPathNameA

user32

GetDlgItem
MonitorFromPoint
TrackPopupMenu
DestroyIcon
LoadStringA
GetWindowRect
FindWindowA
RedrawWindow
SetWindowLongA
GetWindowLongA
DrawTextA
LoadBitmapA
EndDialog
DestroyWindow
IsWindow
SendMessageA
SetWindowPos
CharNextA
CreateDialogParamA
PostThreadMessageA
CharUpperA
TranslateMessage
GetClientRect
GetMessageA
CreateWindowExA
PtInRect
SetRect
GetParent
CallWindowProcA
DefWindowProcA
SetWindowTextA
GetWindow
ShowWindow
EnableWindow
GetSystemMetrics
IsIconic
MoveWindow
BringWindowToTop
ClientToScreen
InvalidateRect
IsWindowVisible
ShowOwnedPopups
LoadIconA
SetForegroundWindow
GetLastActivePopup
DrawIconEx
LoadMenuA
DestroyMenu
PostMessageA
UnregisterClassA
DispatchMessageA
GetActiveWindow
DialogBoxParamA
GetIconInfo
SystemParametersInfoA
MapWindowPoints
GetSysColor
WindowFromPoint
GetCapture
ReleaseCapture
GetWindowTextA
LoadImageA
GetCursorPos
GetSubMenu
GetMonitorInfoA

gdi32

SetBkColor
ExtTextOutA
GetObjectA
CreateFontA
DeleteObject
CreateCompatibleBitmap
StretchBlt
BitBlt
SetTextColor
SetBkMode
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateCompatibleDC
CreateSolidBrush

advapi32

RegQueryValueExA
IsTextUnicode
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA

shell32

SHGetSpecialFolderPathA
Shell_NotifyIconA
SHGetFileInfoA
ShellExecuteA

ole32

CoInitializeEx
StringFromGUID2
CoRegisterClassObject
CoRevokeClassObject
CoCreateGuid
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoLoadLibrary
CoFreeLibrary
CoCreateInstance
CoTaskMemAlloc
CLSIDFromProgID

oleaut32

SysStringLen
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
VariantInit
VariantClear
SysAllocStringByteLen
SysFreeString
SysAllocString
UnRegisterTypeLi
RegisterTypeLi

shlwapi

wnsprintfA

comctl32

_TrackMouseEvent

ws2_32

sendto
htons
gethostbyname
inet_addr
select
__WSAFDIsSet
ntohs
inet_ntoa
accept
getpeername
WSAGetLastError
listen
connect
recv
send
htonl
ntohl
WSAStartup
WSACleanup
closesocket
ioctlsocket
setsockopt
recvfrom
socket
bind

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

netapi32

NetWkstaTransportEnum
Netbios
NetApiBufferFree

psapi

GetModuleFileNameExA

imagehlp

SymLoadModule
SymFunctionTableAccess
SymInitialize
SymSetOptions
StackWalk
SymGetModuleInfo

Sections

.text
Size: 608KB - Virtual size: 607KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

20caac9d2625b1151725cf1134fdd659

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

ws2_32

version

netapi32

psapi

imagehlp

Sections

.text Size: 608KB - Virtual size: 607KB

.rdata Size: 88KB - Virtual size: 85KB

.data Size: 16KB - Virtual size: 23KB

.tls Size: 4KB - Virtual size: 2B

.rsrc Size: 136KB - Virtual size: 136KB

.text
Size: 608KB - Virtual size: 607KB

.rdata
Size: 88KB - Virtual size: 85KB

.data
Size: 16KB - Virtual size: 23KB

.tls
Size: 4KB - Virtual size: 2B

.rsrc
Size: 136KB - Virtual size: 136KB