bb4db3ce10fe0fff6d6c6c7cd750d2a9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bb4db3ce10fe0fff6d6c6c7cd750d2a9_JaffaCakes118
Size

4.7MB
MD5

bb4db3ce10fe0fff6d6c6c7cd750d2a9
SHA1

aeceaf004d01d4574507c74fe56748019de6e404
SHA256

c5906f618697c7e787dbbb434a00074cc437766580fba6eac1500d22f05cb97c
SHA512

4970e946fb424ce0ed4092caffd71cb7e02b427c345c757e73b662b5b0bae4f28d1a593f8ace623ec119b16d4c6b094317d8fa80e5d34014756ebc4f37191297
SSDEEP

24576:90zjtiCGnxttJyrBI6UcrkuuVDixGoRDcaXyjH+E2Exkc8zdSC:yzj0nP6rBPU5ti5bXE0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb4db3ce10fe0fff6d6c6c7cd750d2a9_JaffaCakes118

Files

bb4db3ce10fe0fff6d6c6c7cd750d2a9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9eba0979716298433b0bcfb2ecc1b3cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\작업\PCScan 관련\Release\QScan.pdb

Imports

kernel32

GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
LCMapStringA
GetConsoleCP
GetFileType
GetTimeZoneInformation
VirtualAlloc
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentDirectoryA
GetDriveTypeA
GetProcessHeap
SetEnvironmentVariableA
SetStdHandle
lstrlenW
HeapSize
ExitProcess
VirtualProtect
ExitThread
RaiseException
RtlUnwind
HeapReAlloc
HeapAlloc
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetTickCount
GetFileTime
GetFileSizeEx
SetErrorMode
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
InterlockedExchange
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
MoveFileW
CreateEventW
SuspendThread
SetEvent
SetThreadPriority
GetThreadLocale
FormatMessageW
GetCurrentProcessId
MulDiv
GetModuleHandleA
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
GetVersionExA
GetNumberFormatW
GetVersionExW
CreateThread
GetModuleHandleW
SetLastError
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
WritePrivateProfileStringW
OpenProcess
FreeLibrary
lstrcmpA
lstrcpynW
lstrcpyW
GetProcAddress
LoadLibraryW
LocalFree
GetVersion
WideCharToMultiByte
GetDriveTypeW
GetLogicalDriveStringsW
FreeResource
lstrlenA
CreateMutexW
GetModuleFileNameW
FindClose
FindNextFileW
SetFileAttributesW
GetFileAttributesW
FindFirstFileW
CloseHandle
WriteFile
SetFilePointer
GetFileSize
CreateFileW
GetSystemDirectoryW
GetLongPathNameW
GetTempPathW
ExpandEnvironmentStringsW
MultiByteToWideChar
DeleteFileW
RemoveDirectoryW
WaitForSingleObject
ResumeThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
Sleep
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
lstrcmpW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetConsoleMode

user32

SetCapture
InvalidateRgn
CopyAcceleratorTableW
SetRect
GetSysColorBrush
DestroyMenu
SetWindowContextHelpId
MapDialogRect
CharUpperW
GetMessageW
TranslateMessage
ValidateRect
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
CharNextW
EndPaint
BeginPaint
GetWindowDC
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
UnregisterClassW
SetFocus
GetWindowTextLengthW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
EnableWindow
GetSysColor
KillTimer
InvalidateRect
GetMenuItemCount
MessageBoxW
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
PtInRect
GetMenu
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindow
GetNextDlgGroupItem
ReleaseCapture
ClientToScreen
ReleaseDC
DrawFocusRect
WindowFromPoint
GetCapture
CopyRect
MessageBeep
RegisterClipboardFormatW
SetWindowLongW
GetWindowLongW
LockWindowUpdate
PostThreadMessageW
GetFocus
SetTimer
PostMessageW
GetWindowRect
RedrawWindow
GetParent
UpdateWindow
GetClientRect
FillRect
OffsetRect
SetCursor
SendMessageW
IsWindow
GetDC
FindWindowW
EnumWindows
GetWindowThreadProcessId
IsWindowVisible
GetWindowPlacement
GetWindowTextW
SetParent
wsprintfW
SetForegroundWindow
DefDlgProcW
LoadCursorW
GetClassInfoW
LoadIconW
IsIconic
GetSystemMetrics
DrawIcon
FrameRect
InflateRect
IsRectEmpty
LoadImageW
DrawEdge
DrawTextW
TabbedTextOutW
DrawTextExW
GrayStringW
LoadBitmapW
wsprintfA
IsCharAlphaNumericW
GetMenuItemID
TrackPopupMenu
GetCursorPos
SetMenuDefaultItem
GetSubMenu
LoadMenuW
PostQuitMessage

gdi32

GetRgnBox
CreateRectRgnIndirect
GetTextColor
GetDeviceCaps
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetTextAlign
SetMapMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
StretchBlt
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
DeleteDC
GetBkColor
DPtoLP
GetViewportExtEx
GetWindowExtEx
GetMapMode
LPtoDP
SelectObject
SetBkMode
CreatePen
Rectangle
GetStockObject
BitBlt
SetViewportOrgEx
GetViewportOrgEx
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
CreateSolidBrush
DeleteObject

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegSetKeySecurity
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegSetValueExW
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegDeleteValueW
RegDeleteKeyW
RegFlushKey
RegCreateKeyExW
FreeSid
CryptDestroyHash
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegOpenKeyExW
RegCloseKey
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
CryptReleaseContext

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetFileInfoW
SHGetSpecialFolderPathW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

StrCmpW
StrStrW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
UrlUnescapeW
StrCpyW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize
CreateILockBytesOnHGlobal

oleaut32

SysAllocString
SysAllocStringByteLen
SysStringLen
SysFreeString
VarDateFromStr
VariantInit
SysAllocStringLen
VariantClear
VariantChangeType
OleCreateFontIndirect
SystemTimeToVariantTime
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
GetErrorInfo

netapi32

Netbios

iphlpapi

GetAdaptersInfo

crypt32

CryptUnprotectData

wininet

InternetOpenUrlW
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
FindCloseUrlCache
FindNextUrlCacheEntryW
InternetGetConnectedState
InternetOpenW

ws2_32

recv
send
closesocket
__WSAFDIsSet
select
connect
htons
socket
WSACleanup
gethostbyname
WSAStartup
ioctlsocket

Sections

.text
Size: 477KB - Virtual size: 476KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9eba0979716298433b0bcfb2ecc1b3cd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

netapi32

iphlpapi

crypt32

wininet

ws2_32

Sections

.text Size: 477KB - Virtual size: 476KB

.rdata Size: 104KB - Virtual size: 103KB

.data Size: 14KB - Virtual size: 33KB

.rsrc Size: 4.1MB - Virtual size: 4.1MB

.reloc Size: 62KB - Virtual size: 61KB

.text
Size: 477KB - Virtual size: 476KB

.rdata
Size: 104KB - Virtual size: 103KB

.data
Size: 14KB - Virtual size: 33KB

.rsrc
Size: 4.1MB - Virtual size: 4.1MB

.reloc
Size: 62KB - Virtual size: 61KB