b49288a25bc89ff6c0ce7a7c1c21d1f1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b49288a25bc89ff6c0ce7a7c1c21d1f1_JaffaCakes118
Size

2.2MB
MD5

b49288a25bc89ff6c0ce7a7c1c21d1f1
SHA1

52976d1f13b0f1e8968cf09dd963a5e549b7d186
SHA256

de1e14a511d5ccbcd43e0b002e8df7ab3f89fc4beef4f4e8ee64878be6d01303
SHA512

5b5cf7459ec1ed37508d4cb2cc35da35febbed62258c857663dfd18a399dd07b4c8ad377c20d4cdda0dd74753ab6ac1b12e8a5c99656a2ff60f8be6fa6b601d1
SSDEEP

49152:qc43gadIEcCSMZ++HlhHuZ0iG0Nk7+Oap/jsu8M6Oiwr7ckWG/Lipa5v6UP28OhH:d2gadIEtSMZ++FhHuZ0iG0Nk7+Oap/jo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b49288a25bc89ff6c0ce7a7c1c21d1f1_JaffaCakes118

Files

b49288a25bc89ff6c0ce7a7c1c21d1f1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1a4c8c11bbfa97f05b380ed88a454c85

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

T:\XYDII\Client\XYD2\Issue\XYD2_I.pdb

Imports

winmm

timeGetTime

kernel32

CreateThread
GetCurrentDirectoryA
CreateDirectoryA
FindClose
FindFirstFileA
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
ReadFile
GetFileSize
SetFileAttributesA
HeapFree
GetProcessHeap
HeapAlloc
GetTickCount
WaitForMultipleObjects
SetEnvironmentVariableA
SetEndOfFile
GetLocaleInfoW
SetStdHandle
IsBadCodePtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocalTime
GetTimeZoneInformation
IsBadReadPtr
GetStringTypeA
GetOEMCP
GetTempPathA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
SetUnhandledExceptionFilter
FlushFileBuffers
UnhandledExceptionFilter
VirtualFree
HeapCreate
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCurrentProcessId
GetCPInfo
LCMapStringW
VirtualQuery
CreateFileA
SetFilePointer
GetSystemInfo
VirtualAlloc
VirtualProtect
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentThread
GetCurrentProcess
DeleteFileA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
WriteFile
TerminateThread
CloseHandle
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
RaiseException
DeleteCriticalSection
GetStringTypeW
InitializeCriticalSection
GetProcAddress
GetCommandLineA
GetStartupInfoA
GetCurrentThreadId
ExitThread
RtlUnwind
ExitProcess
HeapSize
HeapReAlloc
HeapDestroy
SetEvent
GetFileType
LoadLibraryA
InterlockedIncrement
InterlockedDecrement
GetLastError
WaitForSingleObject
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
GetSystemDefaultLangID
CompareStringW
CompareStringA
GlobalSize
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleFileNameA
FindResourceA
SizeofResource
LockResource
LoadResource
FindResourceExA
GetSystemTime
OutputDebugStringA
IsBadStringPtrA
IsBadWritePtr
CreateEventA

user32

CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
MessageBoxW
InvalidateRect
GetClipboardData
BeginPaint
SendMessageA
FindWindowA
wsprintfA
ScreenToClient
ClientToScreen
GetClientRect
SetWindowLongA
GetWindowLongA
GetMenu
AdjustWindowRectEx
PeekMessageA
GetMessageA
PostMessageA
TranslateMessage
DispatchMessageA
GetCursorPos
PtInRect
WaitMessage
LoadIconA
DefWindowProcA
DestroyWindow
SetCapture
ReleaseCapture
GetKeyboardState
EnumDisplaySettingsA
SetWindowPos
ShowWindow
PostQuitMessage
LoadImageA
RegisterClassA
CreateWindowExA
MessageBoxA
UpdateWindow
SetFocus
ChangeDisplaySettingsA
SetCursor
LoadCursorA
LoadCursorFromFileA
IsClipboardFormatAvailable
SetRect
ReleaseDC
GetDC
MoveWindow
GetWindowRect
EndPaint

gdi32

DeleteDC
CreateCompatibleDC
BitBlt
SelectObject
GetTextMetricsA
CreateSolidBrush
SetBkColor
CreateFontA
StretchBlt
GetStockObject
DeleteObject

shlwapi

PathFileExistsA
PathFindFileNameA

dbghelp

StackWalk

dsound

ord1

ddraw

DirectDrawCreate

wininet

InternetSetStatusCallback
FtpOpenFileA
FtpGetFileSize
InternetReadFile
InternetOpenA
InternetConnectA
InternetCloseHandle

directnetclient

?CreateInstance@iDirectNetClient@@SAPAV1@XZ
?Release@iDirectNetClient@@QAEXXZ

shell32

ShellExecuteA

ole32

CreateILockBytesOnHGlobal
CoCreateInstance
CoInitialize
StgCreateDocfileOnILockBytes

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a4c8c11bbfa97f05b380ed88a454c85

Headers

File Characteristics

PDB Paths

Imports

winmm

kernel32

user32

gdi32

shlwapi

dbghelp

dsound

ddraw

wininet

directnetclient

shell32

ole32

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 188KB - Virtual size: 184KB

.data Size: 48KB - Virtual size: 2.7MB

.tls Size: 16KB - Virtual size: 12KB

.rsrc Size: 44KB - Virtual size: 41KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 188KB - Virtual size: 184KB

.data
Size: 48KB - Virtual size: 2.7MB

.tls
Size: 16KB - Virtual size: 12KB

.rsrc
Size: 44KB - Virtual size: 41KB