c1b865b1565f9856373dfb03fb20c331_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c1b865b1565f9856373dfb03fb20c331_JaffaCakes118
Size

2.1MB
MD5

c1b865b1565f9856373dfb03fb20c331
SHA1

f5fc59b2ded100bb227693510ea9c6375b9df871
SHA256

2e40fdc7599dff184a498b89f6d054028017823e91cad54c6d990dd8de71c155
SHA512

22a9962c558b6a73122eff08d487d1b6b5b575d123804dace031fc0b5547cd2fc0f2ff06cc20eba5f70d6adfba4d781c2c4f7014c61a767fe5d5f8f52c7061e4
SSDEEP

49152:8TEWW1lwQNh5GTxomqaNlac7mkMlNaav:TWW1lwQNhETxomqaNxkN5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1b865b1565f9856373dfb03fb20c331_JaffaCakes118

Files

c1b865b1565f9856373dfb03fb20c331_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fdb42b3a94c5db1b81e40b7fb0aa062f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\88\Debug\tb_setup_zip.pdb

Imports

kernel32

LockResource
FreeResource
GetProcAddress
lstrcmpiW
LoadLibraryExW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InitializeCriticalSection
GetLastError
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetModuleFileNameW
GetModuleHandleW
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
FlushInstructionCache
SetLastError
RaiseException
DeleteCriticalSection
GetCurrentThreadId
GetTempPathW
FindResourceW
GetConsoleOutputCP
WriteConsoleA
VirtualQuery
InitializeCriticalSectionAndSpinCount
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
DeleteFileW
lstrlenA
TlsGetValue
FatalAppExitA
GetCPInfo
LCMapStringW
LCMapStringA
GetModuleFileNameA
GetDateFormatA
GetTimeFormatA
GetConsoleCP
DebugBreak
SetStdHandle
ExitThread
MoveFileA
DeleteFileA
IsBadReadPtr
HeapValidate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
RtlUnwind
OpenFileMappingA
GetCurrentThread
CreateFileMappingA
HeapDestroy
HeapSize
HeapReAlloc
IsProcessorFeaturePresent
LoadLibraryA
lstrlenW
InterlockedDecrement
InterlockedIncrement
HeapFree
GetProcessHeap
HeapAlloc
VirtualAlloc
VirtualFree
ReleaseMutex
CreateMutexW
WaitForSingleObject
CreateThread
CloseHandle
Sleep
SetErrorMode
CreateIoCompletionPort
GetQueuedCompletionStatus
QueueUserWorkItem
PostQueuedCompletionStatus
GetTickCount
GetConsoleMode
GetFileType
UnregisterWait
SetHandleInformation
CreateEventW
RegisterWaitForSingleObject
CancelIo
SetEvent
InterlockedCompareExchange
TryEnterCriticalSection
CreateSemaphoreW
ReleaseSemaphore
ResetEvent
WaitForMultipleObjects
QueryPerformanceFrequency
WideCharToMultiByte
GetCurrentDirectoryW
SetEnvironmentVariableW
SetCurrentDirectoryW
GlobalMemoryStatusEx
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
SetConsoleTitleW
GetConsoleTitleW
QueryPerformanceCounter
GetSystemInfo
GetConsoleScreenBufferInfo
SetConsoleMode
ReadConsoleInputW
GetNumberOfConsoleInputEvents
DuplicateHandle
ReadConsoleA
WriteConsoleInputW
WriteConsoleW
SetConsoleCursorPosition
FillConsoleOutputAttribute
FillConsoleOutputCharacterW
SetConsoleTextAttribute
InterlockedExchange
SetConsoleCtrlHandler
CreateFileW
ReadFile
WriteFile
GetFileInformationByHandle
DeviceIoControl
FindClose
FindNextFileW
FindFirstFileW
GetFileAttributesW
MoveFileExW
FlushFileBuffers
SetFileTime
CreateHardLinkW
RemoveDirectoryW
CreateDirectoryW
GetModuleHandleA
LocalFree
FormatMessageA
ReadDirectoryChangesW
GetShortPathNameW
GetLongPathNameW
GetEnvironmentVariableW
GetExitCodeProcess
UnregisterWaitEx
AssignProcessToJobObject
CreateProcessW
SetInformationJobObject
CreateJobObjectW
TerminateProcess
OpenProcess
CreateNamedPipeA
CreateNamedPipeW
SetNamedPipeHandleState
SwitchToThread
WaitNamedPipeW
ConnectNamedPipe
PeekNamedPipe
GetStartupInfoW
GetStdHandle
GetNamedPipeHandleStateW
CreateFileA
SetFilePointer
SystemTimeToFileTime
DosDateTimeToFileTime
FileTimeToSystemTime
FileTimeToDosDateTime
GetFileSize
GetLocalTime
GetSystemTime
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
SetFileAttributesW
GetTimeZoneInformation
QueryDosDeviceW
GetLogicalDriveStringsW
VirtualProtect
LoadLibraryW
GetVersionExW
OpenEventA
OutputDebugStringA
OutputDebugStringW
GetFileAttributesA

user32

LoadStringW
wsprintfW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
DefWindowProcW
UnregisterClassW
DestroyWindow
CreateDialogParamW
IsWindow
SetTimer
MsgWaitForMultipleObjects
PeekMessageA
IsWindowUnicode
GetMessageA
DispatchMessageA
UnregisterClassA
GetSystemMetrics
GetForegroundWindow
GetWindowThreadProcessId
CharNextW
SetWindowLongW
CreateWindowExW
AttachThreadInput
SystemParametersInfoW
AllowSetForegroundWindow
SetForegroundWindow
PostQuitMessage
PostMessageW
PostThreadMessageW
KillTimer
GetClassInfoExW
LoadCursorW
RegisterClassExW
GetWindowLongW
CallWindowProcW

advapi32

RegDeleteValueW
OpenThreadToken
SetThreadToken
CryptDestroyKey
CryptDestroyHash
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
CryptAcquireContextW
RegDeleteKeyW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CryptReleaseContext
CryptHashData
CryptGetHashParam
CryptCreateHash
RevertToSelf

shell32

ord165
ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoReleaseMarshalData
CoMarshalInterface
CreateStreamOnHGlobal
CoUnmarshalInterface
CoRevokeClassObject
CoRegisterClassObject

oleaut32

VarUI4FromStr
SysFreeString

shlwapi

StrToIntA
StrCmpW

comctl32

InitCommonControlsEx

ws2_32

socket
select
WSASetLastError
WSAStartup
getsockopt
WSAIoctl
WSADuplicateSocketW
WSASocketW
WSASend
getpeername
htonl
WSASendTo
closesocket
inet_addr
htons
FreeAddrInfoW
GetAddrInfoW
WSAGetLastError
shutdown
bind
WSARecvFrom
ioctlsocket
setsockopt
listen
WSARecv
getsockname

psapi

GetProcessMemoryInfo

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

gdiplus

GdiplusShutdown
GdiplusStartup

winmm

waveOutSetVolume

Sections

.textbss
Size: - Virtual size: 817KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fdb42b3a94c5db1b81e40b7fb0aa062f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

ws2_32

psapi

iphlpapi

gdiplus

winmm

Sections

.textbss Size: - Virtual size: 817KB

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 264KB - Virtual size: 264KB

.data Size: 77KB - Virtual size: 88KB

.idata Size: 11KB - Virtual size: 10KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 61KB - Virtual size: 61KB

.textbss
Size: - Virtual size: 817KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 264KB - Virtual size: 264KB

.data
Size: 77KB - Virtual size: 88KB

.idata
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 61KB - Virtual size: 61KB