baa091a652a637440770e6ec7b079ac3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

baa091a652a637440770e6ec7b079ac3_JaffaCakes118
Size

554KB
MD5

baa091a652a637440770e6ec7b079ac3
SHA1

01a508c447a54373a6d21ae90d046fe1e872e9e6
SHA256

2f9020d841a644349d1542ded4295694bc5379ba12b5f4830652f11a50834259
SHA512

ea64f69b6b2ccd2ba8e93b93f9d85896c0c753ce5f90f31a71f5bb404bef94daea3a4f5cbf4dbe53cc82acfc4b23a3859416a4504c3ff31ae2f507147a564aaf
SSDEEP

12288:AikrMdLTtDd0Xwj7jWhBR85QmICFyjRKAqnuFqnV:A/rELJDd0Xwj7ah/85Xwd+uF+V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
baa091a652a637440770e6ec7b079ac3_JaffaCakes118

Files

baa091a652a637440770e6ec7b079ac3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4b5cbc17ce43b35b3ceda534e9db5d70

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\prj\deployment\201006_Release\rc\MOD\rcc_host\Release\clienthost_u_u.pdb

Imports

kernel32

WriteConsoleA
SetEndOfFile
GetLocaleInfoW
GetTimeZoneInformation
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
FlushFileBuffers
GetConsoleOutputCP
GetConsoleCP
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
VirtualAlloc
FatalAppExitA
VirtualFree
HeapCreate
HeapDestroy
IsValidCodePage
GetOEMCP
GetStdHandle
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
CompareStringW
CompareStringA
GetDateFormatA
GetTimeFormatA
ExitProcess
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
WriteConsoleW
SetEnvironmentVariableA
WriteFile
ReleaseMutex
CreateMutexA
WaitForSingleObject
ReadFile
CreateFileA
SetFilePointer
CloseHandle
DeleteFileA
FreeLibrary
LoadLibraryW
GetProcAddress
MulDiv
lstrcmpW
GetCurrentProcessId
GetModuleFileNameW
GetTickCount
GetModuleHandleW
GetCurrentDirectoryW
lstrcatW
GetModuleFileNameA
GetLastError
lstrlenW
lstrlenA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetConsoleMode
Sleep
GetProcessHeap
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RaiseException
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
HeapFree
RtlUnwind
InterlockedCompareExchange
InterlockedDecrement
LoadLibraryA
IsBadReadPtr
GetVersion
GetVolumeInformationW
GetVersionExW
GetWindowsDirectoryW
GetCurrentProcess
GetComputerNameW
SetFileAttributesW
CopyFileW
DeleteFileW
CreateFileW
TerminateThread
CreateThread
lstrcpyW
lstrcpynA
GetModuleHandleA
lstrcpynW
GetTempPathA
FindClose
FindNextFileA
RemoveDirectoryA
FindFirstFileA
FindNextFileW
FindFirstFileW
EnumResourceTypesW
FindResourceW
GetTempPathW
SetCurrentDirectoryW
CreateDirectoryW
SetCurrentDirectoryA
CreateDirectoryA
SizeofResource
LockResource
LoadResource
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceA
FindResourceA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InterlockedIncrement
GetFileAttributesA

user32

wvsprintfA
DialogBoxParamA
EnumChildWindows
LockWindowUpdate
GetDialogBaseUnits
GetWindowRgn
DefDlgProcA
GetClassNameA
LoadBitmapA
wsprintfA
DialogBoxParamW
wsprintfW
CreateWindowExW
ShowWindow
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
SetDlgItemTextW
LoadIconA
UnregisterClassW
RegisterClassW
SystemParametersInfoW
DrawTextW
DrawTextA
FrameRect
BeginDeferWindowPos
IsWindow
DeferWindowPos
EndDeferWindowPos
GetSystemMenu
TrackPopupMenuEx
FillRect
GetWindowTextW
LoadImageW
LoadBitmapW
EnableMenuItem
GetWindowPlacement
SetWindowTextW
SetWindowRgn
GetClientRect
DrawIconEx
SetRect
MapWindowPoints
InflateRect
KillTimer
CharNextW
CharNextA
CharUpperBuffW
CharUpperBuffA
IsCharAlphaNumericW
IsCharAlphaNumericA
ExitWindowsEx
GetDesktopWindow
GetParent
GetWindow
GetMenu
GetFocus
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SetForegroundWindow
IsWindowUnicode
GetClassNameW
GetWindowTextLengthW
MessageBoxW
SetTimer
LoadCursorW
SetCursor
GetDlgItem
BeginPaint
EndPaint
SendMessageW
IsWindowEnabled
IsIconic
GetDCEx
GetWindowDC
ReleaseDC
AdjustWindowRectEx
GetWindowRect
PtInRect
DefDlgProcW
OffsetRect
SetWindowLongW
RedrawWindow
EndDialog
DestroyIcon
PostMessageW
GetWindowLongW
GetSystemMetrics
InvalidateRect
SetWindowPos
IsWindowVisible

gdi32

CreateCompatibleBitmap
SelectObject
GetMapMode
SetMapMode
GetWindowExtEx
LPtoDP
GetViewportExtEx
SetViewportExtEx
DPtoLP
SetViewportOrgEx
GetBkColor
CreateCompatibleDC
GetClipBox
DeleteDC
DeleteObject
BitBlt
SetTextColor
CreateSolidBrush
ExcludeClipRect
SetBkMode
CreateDIBSection
CreateBitmap
GetObjectW
CreateRoundRectRgn
CreateRectRgnIndirect
StretchBlt
GetStockObject
CreateFontIndirectW
ExtSelectClipRgn
SetRectRgn
OffsetRgn
SetWindowExtEx
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentExPointA
GetTextExtentExPointW
SetBkColor
ExtTextOutW
CreateRectRgn

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString

shlwapi

PathCompactPathW
PathCompactPathA
PathAppendA

version

VerQueryValueA
VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoSizeW

advapi32

CryptReleaseContext
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegSetValueExW
RegDeleteValueA
RegDeleteValueW
RegCloseKey
RegCreateKeyA
RegCreateKeyW
RegDeleteKeyA
RegDeleteKeyW
RegEnumValueA
RegEnumValueW
CryptDestroyHash

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHFileOperationW
ShellExecuteW
ShellExecuteA

ole32

CoTaskMemFree

Exports

Exports

Data
Start
Stop

Sections

.text
Size: 444KB - Virtual size: 443KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b5cbc17ce43b35b3ceda534e9db5d70

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

oleaut32

shlwapi

version

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 444KB - Virtual size: 443KB

.rdata Size: 80KB - Virtual size: 78KB

.data Size: 36KB - Virtual size: 43KB

.rsrc Size: 128KB - Virtual size: 127KB

.reloc Size: 28KB - Virtual size: 24KB

.text
Size: 444KB - Virtual size: 443KB

.rdata
Size: 80KB - Virtual size: 78KB

.data
Size: 36KB - Virtual size: 43KB

.rsrc
Size: 128KB - Virtual size: 127KB

.reloc
Size: 28KB - Virtual size: 24KB