b7746047ed5e6a9b0fef68d03bd96e97_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b7746047ed5e6a9b0fef68d03bd96e97_JaffaCakes118
Size

558KB
MD5

b7746047ed5e6a9b0fef68d03bd96e97
SHA1

a6bca986e884a6af5299530315b24b9c83348122
SHA256

0368b50b863f76a27e1ac0e2217d9f6bffe89a878b1029b86140ff0933da4730
SHA512

3a6a0dfae89c8a33597913f28f09456a30e4b0efe9379111a3a92447dbc55f209c0eefb999a5d6c5ae42acdab926789c8073867a3977a906f2f334c6b146aaab
SSDEEP

12288:5JnJiWjHoDCnWPMhisgKNBddey+OEi+TK6ze:XEQHoDCZRoy+OExTKme

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7746047ed5e6a9b0fef68d03bd96e97_JaffaCakes118

Files

b7746047ed5e6a9b0fef68d03bd96e97_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a28d738824ec560d7eb4528a3f2b1d34

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Code\urlsoft\trunk\product\win32_gj\urlcore2.pdb

Imports

wininet

InternetSetOptionA
InternetSetOptionExW
InternetSetOptionExA
HttpQueryInfoA
HttpSendRequestW
HttpOpenRequestA
InternetSetOptionW
HttpOpenRequestW
InternetConnectW
InternetCrackUrlW
InternetConnectA
InternetCloseHandle
InternetReadFile
InternetOpenA
HttpAddRequestHeadersA

psapi

GetModuleInformation
GetModuleBaseNameW
EnumProcesses
EnumProcessModules
GetModuleFileNameExW

kernel32

WideCharToMultiByte
CompareStringW
lstrlenW
GetPrivateProfileIntW
WritePrivateProfileStringW
lstrlenA
GetCurrentThreadId
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpiW
SetLastError
GetLocalTime
GetModuleFileNameW
GlobalAddAtomW
CreateProcessW
GetCurrentProcessId
MoveFileW
DeleteFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetPrivateProfileStringW
SuspendThread
GetCommandLineW
Sleep
InitializeCriticalSection
OpenProcess
InterlockedIncrement
InterlockedDecrement
FreeLibrary
LoadLibraryExW
GetModuleHandleW
MulDiv
lstrcpyA
SetUnhandledExceptionFilter
GetFileSize
VirtualQuery
GetProcAddress
GetVersionExW
GetCurrentThread
GetTickCount
lstrcatW
CreateDirectoryW
ExitThread
ExitProcess
LoadLibraryW
TerminateProcess
Thread32Next
Thread32First
CreateProcessA
lstrcmpiA
WinExec
ResetEvent
FileTimeToSystemTime
FileTimeToLocalFileTime
TerminateThread
FindClose
FindFirstFileW
WaitForMultipleObjects
lstrcpynA
VirtualProtect
LoadLibraryA
GetModuleHandleA
GetStringTypeA
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
UnmapViewOfFile
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
HeapCreate
GetCPInfo
LCMapStringW
LCMapStringA
IsDebuggerPresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualFreeEx
VirtualQueryEx
VirtualAllocEx
CreateDirectoryA
CreateFileA
CopyFileW
CopyFileA
CopyFileExW
CopyFileExA
CreateMutexW
GetStartupInfoW
ReadProcessMemory
WriteProcessMemory
OpenEventW
SetThreadPriority
CreateThread
LoadLibraryExA
IsBadReadPtr
GetSystemTime
SetErrorMode
CreateJobObjectW
SetInformationJobObject
AssignProcessToJobObject
CreateFileMappingW
MapViewOfFile
GetSystemInfo
GlobalMemoryStatusEx
SetEnvironmentVariableA
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
RaiseException
QueryPerformanceFrequency
CreateFileW
ReadFile
GetCurrentProcess
FlushInstructionCache
MultiByteToWideChar
FlushFileBuffers
WriteFile
SetEvent
CreateEventW
CloseHandle
WaitForSingleObject
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetStartupInfoA

user32

CreateDesktopW
LoadImageW
RegisterWindowMessageW
SetForegroundWindow
GetActiveWindow
SetWindowsHookExW
ClientToScreen
CallNextHookEx
WindowFromPoint
DialogBoxParamW
CreateDialogParamW
DispatchMessageW
TranslateMessage
GetMessageW
GetThreadDesktop
CloseDesktop
PostThreadMessageW
FindWindowExW
CreateWindowExA
MessageBoxExA
MessageBoxExW
MessageBoxIndirectA
MessageBoxIndirectW
DialogBoxParamA
UnregisterClassA
PeekMessageW
GetDlgItemInt
MoveWindow
DestroyAcceleratorTable
CreateAcceleratorTableW
SetDlgItemInt
wsprintfW
GetSysColor
GetFocus
GetCapture
ReleaseCapture
EnumDesktopWindows
GetLastInputInfo
GetSystemMetrics
SetWindowLongW
CreateWindowExW
GetWindowLongW
PostMessageW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
SendMessageW
GetWindowRect
GetClientRect
ScreenToClient
ShowWindow
IsWindowVisible
RedrawWindow
SetTimer
KillTimer
EnableWindow
SetFocus
SetDlgItemTextW
DefWindowProcW
EndPaint
BeginPaint
GetCursorPos
SetCursor
DrawFocusRect
FillRect
PtInRect
CallWindowProcW
GetDlgCtrlID
SetCapture
IsWindowEnabled
InvalidateRect
UpdateWindow
UnhookWindowsHookEx
GetClassNameW
RegisterClassExW
SetRectEmpty
ExitWindowsEx
EndDialog
OffsetRect
ReleaseDC
GetDC
GetSubMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
CharNextW
TrackPopupMenu
PostQuitMessage
DrawTextW
LoadCursorW
GetClassInfoExW
MonitorFromPoint
GetMonitorInfoW
DestroyMenu
SetMenuItemInfoW
LoadMenuW
DestroyWindow
GetWindow
SystemParametersInfoW
MapWindowPoints
SetWindowPos
UnregisterHotKey
RegisterHotKey
IsWindow
IsDialogMessageW
MessageBoxW
GetDlgItem
GetParent

gdi32

SetTextColor
SetBkMode
RestoreDC
DeleteDC
CreateFontIndirectW
SelectObject
DeleteObject
GetObjectW
RoundRect
GetTextExtentPoint32W
ExtTextOutW
SetBkColor
CreateCompatibleDC
SetViewportOrgEx
CreateCompatibleBitmap
CreatePen
CreateSolidBrush
BitBlt
GetCurrentObject
MoveToEx
LineTo
GetDeviceCaps
GetStockObject
SaveDC

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
InitiateSystemShutdownW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
OpenProcessToken
RegQueryValueExW

shell32

SHCreateDirectoryExW
SHFileOperationW
ShellExecuteExW
ShellExecuteExA
ShellExecuteA
Shell_NotifyIconW
ShellExecuteW
SHGetFolderPathA
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CreateStreamOnHGlobal
CoGetClassObject
OleLockRunning
CoCreateGuid
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CLSIDFromString
OleInitialize
CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
CreateBindCtx
OleUninitialize

oleaut32

SysFreeString
SysAllocString
SysStringLen
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SafeArrayGetVartype
VariantInit
VariantClear
VariantCopy
SysAllocStringLen
SafeArrayCopy
SafeArrayCreate
VariantChangeType
SysAllocStringByteLen
SysStringByteLen

shlwapi

StrStrIA
StrCmpNIW
PathFindExtensionW
StrChrIA
PathFindFileNameW
StrToIntA
StrCmpNIA
StrChrIW
PathRemoveFileSpecW
PathAppendW
StrStrIW
SHGetValueW
SHSetValueW
SHDeleteValueW
StrCatW
PathFileExistsW
StrCmpIW
StrCpyW
StrCpyNW
PathFileExistsA

comctl32

InitCommonControlsEx
_TrackMouseEvent
ImageList_Create

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wintrust

WinVerifyTrust

winmm

SendDriverMessage
waveOutWrite
PlaySoundA
PlaySoundW
mciSendCommandW
sndPlaySoundA
sndPlaySoundW
mciSendStringA
mciSendStringW
mciSendCommandA

urlmon

CreateURLMoniker
CoInternetCreateSecurityManager

Sections

.text
Size: 425KB - Virtual size: 424KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a28d738824ec560d7eb4528a3f2b1d34

Headers

File Characteristics

PDB Paths

Imports

wininet

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

wintrust

winmm

urlmon

Sections

.text Size: 425KB - Virtual size: 424KB

.rdata Size: 106KB - Virtual size: 106KB

.data Size: 14KB - Virtual size: 30KB

.rsrc Size: 6KB - Virtual size: 8KB

.text
Size: 425KB - Virtual size: 424KB

.rdata
Size: 106KB - Virtual size: 106KB

.data
Size: 14KB - Virtual size: 30KB

.rsrc
Size: 6KB - Virtual size: 8KB