badbec459b1a3d3d149588f7ce126822_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

badbec459b1a3d3d149588f7ce126822_JaffaCakes118
Size

97KB
MD5

badbec459b1a3d3d149588f7ce126822
SHA1

d4e8229a70a09c1efcb6bb9910a0bf143ea6c4a9
SHA256

5f515db0ba920561d7d91f28cc2fc547ae8035c7e08de370093e5b012c3864a0
SHA512

d5005f9bb20d8d581d6fff2a639a20061d34bfad6af0ca039c210ff3ee972ec0105848e142ab6fb2bc522e834cc6c2a4e3e55e9ef09d52d23187250f7c60429b
SSDEEP

1536:TzvhT7Z1P7/SL27lHU6tCwPYp3VipALYRXsr2K98y4Oyu0h7huWcF:XhG2thtCwefLmXA2Q8y4Oyu0ZhuP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
badbec459b1a3d3d149588f7ce126822_JaffaCakes118

Files

badbec459b1a3d3d149588f7ce126822_JaffaCakes118
.exe windows:4 windows x86 arch:x86

08e4bbc4b540cc3f58165a925eca2128

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\builds\moz2_slave\win32_build\build\obj-firefox\toolkit\crashreporter\client\crashreporter.pdb

Imports

kernel32

FreeLibrary
GetLastError
GlobalAlloc
GetProcAddress
LoadResource
GetFileAttributesW
WideCharToMultiByte
LockResource
GetModuleFileNameW
LoadLibraryW
GetSystemTime
FindResourceW
WaitForSingleObject
CreateThread
FormatMessageW
GlobalLock
CreateDirectoryW
LocalFree
GlobalUnlock
SizeofResource
GlobalFree
MultiByteToWideChar
DeleteFileW
GetModuleHandleW
CloseHandle
CreateProcessW
InterlockedExchange
MoveFileW
Sleep
InterlockedCompareExchange
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent

user32

SetDlgItemTextW
GetSysColorBrush
ShowWindow
GetWindowTextW
ChildWindowFromPoint
MessageBoxW
CallWindowProcW
CheckDlgButton
DialogBoxIndirectParamW
OpenClipboard
CloseClipboard
GetClientRect
IsDlgButtonChecked
SetFocus
LoadIconW
GetPropW
SetTimer
RemovePropW
GetFocus
GetDlgItemTextW
GetWindowRect
DialogBoxParamW
BeginPaint
MoveWindow
SetWindowTextW
GetDlgItem
InvalidateRect
IsClipboardFormatAvailable
SetWindowLongW
SendMessageW
GetWindowLongW
EndDialog
EndPaint
FillRect
MapWindowPoints
SetPropW
EnableWindow
IsWindowEnabled
SendDlgItemMessageW
PostMessageW
GetDC
DrawTextW
GetSysColor
GetClipboardData

gdi32

SetTextColor
GetTextExtentPoint32W
SetBkMode
GetStockObject
SelectObject

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCreateKeyW
RegDeleteValueW
RegSetValueExW
RegOpenKeyW
RegCloseKey

comctl32

InitCommonControlsEx

shell32

SHGetFolderPathW

wininet

InternetReadFile
InternetCrackUrlW
InternetConnectW
HttpSendRequestW
InternetCloseHandle
HttpAddRequestHeadersW
InternetQueryDataAvailable
HttpQueryInfoW
InternetOpenW
HttpOpenRequestW

shlwapi

PathAppendW

mozcrt19

__CxxFrameHandler3
_CxxThrowException
setlocale
__crtLCMapStringA
__pctype_func
isupper
___lc_codepage_func
_calloc_crt
_controlfp_s
__uncaught_exception
islower
_fsopen
wcstombs_s
_wfsopen
_get_osplatform
abort
_free_locale
_putenv
___lc_handle_func
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
??2@YAPAXI@Z
srand
__argc
_wgetenv
strcspn
wcslen
sprintf_s
??3@YAXPAX@Z
_localtime64
strcpy
strftime
getenv
??_U@YAPAXI@Z
memcmp
_invalid_parameter_noinfo
fclose
memchr
free
_snprintf
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
memset
__wargv
_time64
memcpy_s
memmove_s
malloc
strcat
?what@exception@std@@UBEPBDXZ
strlen
fwrite
??1exception@std@@UAE@XZ
??_V@YAXPAX@Z
??0exception@std@@QAE@XZ
localeconv
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
rand
setvbuf
wcsncpy_s
fgetpos
fflush
memcpy
fseek
fsetpos
fgetc
ungetc
wcsrchr
fputc
ceil
wcscpy
sprintf
_wfopen_s
fputs
fscanf_s
fgets
fprintf
strcmp
wcscmp
wcstol
swprintf_s
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_strdup

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

08e4bbc4b540cc3f58165a925eca2128

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

comctl32

shell32

wininet

shlwapi

mozcrt19

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 16KB - Virtual size: 16KB