bd7836fd126afb59b75fbeec7d2ddcde_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bd7836fd126afb59b75fbeec7d2ddcde_JaffaCakes118
Size

10.4MB
MD5

bd7836fd126afb59b75fbeec7d2ddcde
SHA1

4fb7b586d90d0f47f0b856b7a557de5c3f094ce6
SHA256

51d7d9ad24ecd6c2c725a923b26c165f08261fd0b8c8559f3e00a7e625e62cd0
SHA512

bcd74ff43122f9b1f437271c4861d62c7d1e89203239a09ec9a2e5e196919307dfc8df6cb1c4b9a2ad545997545c3a0249ee2dde45e3900cc50a6f4216f585d0
SSDEEP

49152:SJNWNKYrNhkSic/fQyGNeGtfThP77L9jLOXkkrQCNq0jn6NosKAYcL+tLmwDhUfu:SvWNRDk4HHPGFThD7VOXkk8C40j5oe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd7836fd126afb59b75fbeec7d2ddcde_JaffaCakes118

Files

bd7836fd126afb59b75fbeec7d2ddcde_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7446fdff95c169ce596925f9a7f7bdc5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\projects\SVN\AntiSpyware Pro\desktop\trunk\bin\demo-release\AntiSpyware Pro.pdb

Imports

user32

GetCursorPos
CreatePopupMenu
AppendMenuW
TrackPopupMenu
DestroyMenu
LoadIconW
InvalidateRect
GetParent
PostMessageW
ScreenToClient
SetCapture
ReleaseCapture
SetCursor
LoadCursorW
CopyRect
PtInRect
OffsetRect
UpdateWindow
SetTimer
KillTimer
PostQuitMessage
DrawTextW
LoadBitmapW
FillRect
SendMessageW
EnableWindow
GetWindowTextW
GetWindowThreadProcessId
IsWindow
SendDlgItemMessageW
SetCursorPos
GetWindowRect
GetDlgItem
SetDlgItemTextW
wsprintfW
GetClassNameW
RedrawWindow
ReleaseDC
GetWindowDC
CharNextW
CopyAcceleratorTableW
SetRect
IsRectEmpty
GetMenuItemInfoW
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
ValidateRect
UnregisterClassW
CharUpperW
EndPaint
BeginPaint
ClientToScreen
UnpackDDElParam
ReuseDDElParam
LoadMenuW
LoadAcceleratorsW
InsertMenuItemW
BringWindowToTop
SetMenu
TranslateAcceleratorW
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
WinHelpW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
WindowFromPoint
EndDialog
SetWindowTextW
DialogBoxParamW
SetWindowRgn
SetWindowPos
GetSystemMetrics
SetLayeredWindowAttributes
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadImageW
RegisterWindowMessageW
GetClientRect
TabbedTextOutW
DrawTextExW
GrayStringW
GetKeyState
IsWindowVisible
SetForegroundWindow
InflateRect
GetSysColor
IntersectRect
SetRectEmpty
GetDC
CreateCaret
SetCaretPos
HideCaret
ShowCaret
SystemParametersInfoW
ExitWindowsEx
IsDlgButtonChecked
ShowScrollBar
DefWindowProcW
CreateWindowExW
RegisterClassExW
IsChild
GetCapture
MessageBoxW
VkKeyScanW
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetMenu
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
RegisterHotKey
UnregisterClassA
RegisterClipboardFormatW
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
GetWindow
CheckDlgButton
IsDialogMessageW
GetWindowLongW
GetDlgCtrlID
SetWindowLongW
MoveWindow
ShowWindow
IsWindowEnabled
SetFocus
GetFocus
GetWindowTextLengthW
UnhookWindowsHookEx
GetWindowPlacement
IsIconic
SystemParametersInfoA
CallWindowProcW
DeferWindowPos

wininet

FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
FindCloseUrlCache
HttpOpenRequestW
InternetConnectW
InternetCrackUrlW
InternetQueryDataAvailable
InternetCanonicalizeUrlW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
InternetOpenUrlW
InternetOpenW
InternetGetConnectedState
HttpSendRequestW
HttpSendRequestExW
HttpEndRequestW
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW

kernel32

GetModuleFileNameW
GetTempPathW
DeleteFileW
SetCurrentDirectoryW
GetCurrentProcess
ReadProcessMemory
lstrcpyW
VirtualFree
VirtualAlloc
DuplicateHandle
GlobalDeleteAtom
GetUserDefaultLangID
FileTimeToSystemTime
GetDriveTypeW
GetLogicalDrives
WaitForSingleObject
TerminateThread
Sleep
GetSystemTime
CreateProcessW
MoveFileW
lstrlenA
InterlockedIncrement
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
FreeResource
MulDiv
InterlockedDecrement
SetWaitableTimer
CreateWaitableTimerW
CancelWaitableTimer
SetThreadPriority
GetCurrentThread
SuspendThread
ResumeThread
SetEndOfFile
OpenEventW
GetCommandLineW
GetVersion
SetUnhandledExceptionFilter
GetFileAttributesW
GetFileAttributesExW
GetCurrentThreadId
GetLogicalDriveStringsW
DeviceIoControl
ExpandEnvironmentStringsW
CopyFileW
SetFileAttributesW
CreateDirectoryW
RemoveDirectoryW
GetSystemDirectoryW
GetWindowsDirectoryW
GetSystemTimeAsFileTime
QueryPerformanceFrequency
QueryPerformanceCounter
GetVersionExW
TerminateProcess
GetVolumeInformationW
GetFileInformationByHandle
MoveFileExW
CompareStringW
CompareStringA
CreateMutexW
ReleaseMutex
FindCloseChangeNotification
LocalFree
LocalAlloc
SearchPathW
MapViewOfFile
UnmapViewOfFile
IsBadReadPtr
CreateFileMappingW
GetSystemWindowsDirectoryW
GetSystemInfo
SetFilePointerEx
OutputDebugStringW
FormatMessageW
GetVersionExA
lstrcmpW
LoadLibraryA
GlobalFindAtomW
FileTimeToLocalFileTime
GetFileTime
GlobalGetAtomNameW
GetModuleHandleA
GetThreadLocale
FlushFileBuffers
LockFile
UnlockFile
GetFullPathNameW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
SetErrorMode
GetTickCount
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
HeapReAlloc
GetDriveTypeA
FindFirstFileA
ExitProcess
HeapSize
SetStdHandle
GetFileType
VirtualProtect
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetFullPathNameA
GetCurrentDirectoryA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
FreeLibrary
SetFilePointer
WriteFile
CreateThread
CreateFileW
GetFileSize
ReadFile
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
FindFirstChangeNotificationW
FindNextChangeNotification
lstrlenW
WaitForMultipleObjects
SetEvent
CreateEventW
ResetEvent
GetCurrentProcessId
Process32FirstW
OpenProcess
Process32NextW
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
CloseHandle
GetLocalTime
SystemTimeToFileTime
QueryDosDeviceW
GetLastError
SetLastError
GetProcAddress
GetModuleHandleW
LoadLibraryW
FindNextFileW
FindFirstFileW
FindClose
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GlobalAddAtomW

gdi32

SetWindowExtEx
GetRgnBox
GetTextColor
GetTextExtentPoint32W
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetPixel
ExcludeClipRect
RestoreDC
SaveDC
CreateFontW
MoveToEx
LineTo
GetObjectW
CreateBitmap
SetMapMode
SetBkColor
SetDIBits
GetDeviceCaps
StretchBlt
CreateSolidBrush
CreateICW
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
LPtoDP
DPtoLP
GetWindowExtEx
GetViewportExtEx
GetMapMode
GetBkColor
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetTextColor
SetBkMode
DeleteDC
DeleteObject
CreateRoundRectRgn
CreatePen
Rectangle
CreateFontIndirectW
PtInRegion
CreateRectRgn
GetClipBox
GetStockObject
SelectObject
CreateRectRgnIndirect

msimg32

TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegCreateKeyExW
RegSetValueExW
CopySid
GetLengthSid
RegQueryValueW
RegOpenKeyW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegDeleteKeyW
RegEnumKeyW
RegEnumValueW
RegQueryInfoKeyW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameW
RegDeleteValueW
RegNotifyChangeKeyValue
RegQueryValueExW
RegOpenKeyExW
OpenProcessToken
GetTokenInformation
LookupAccountSidW

shell32

SHChangeNotify
ShellExecuteW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation
DragFinish
DragQueryFileW
Shell_NotifyIconW

comctl32

ImageList_Draw
_TrackMouseEvent
ImageList_Add

shlwapi

PathMatchSpecW
SHCopyKeyW
SHDeleteKeyW
PathUnquoteSpacesW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

CLSIDFromString
CoUninitialize
CreateStreamOnHGlobal
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CoInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantClear
SysAllocStringLen
SysFreeString
OleLoadPicture
VariantChangeType
VariantInit
SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysStringLen

urlmon

URLDownloadToCacheFileW

psapi

GetProcessImageFileNameW

ws2_32

shutdown
recv
WSAStartup
WSAGetLastError
closesocket
listen
bind
inet_addr
socket
htons
sendto
accept
ntohs
WSCDeinstallProvider
connect
send
htonl
WSCEnumProtocols
WSCGetProviderPath

ntdll

RtlNtStatusToDosError
NtDeviceIoControlFile
NtQueryInformationProcess
NtQueryObject
NtQuerySystemInformation
_strlwr
_itoa
RtlCompareUnicodeString

mapi32

ord19
ord23
ord21
ord17
ord11

netapi32

Netbios

rasapi32

RasEnumConnectionsW
RasHangUpW
RasConnectionNotificationW
RasEnumEntriesW
RasGetEntryPropertiesW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 316KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.8MB - Virtual size: 8.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7446fdff95c169ce596925f9a7f7bdc5

Headers

File Characteristics

PDB Paths

Imports

user32

wininet

kernel32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

psapi

ws2_32

ntdll

mapi32

netapi32

rasapi32

version

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 316KB - Virtual size: 312KB

.data Size: 56KB - Virtual size: 80KB

.rsrc Size: 8.8MB - Virtual size: 8.8MB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 316KB - Virtual size: 312KB

.data
Size: 56KB - Virtual size: 80KB

.rsrc
Size: 8.8MB - Virtual size: 8.8MB