bfd5f53ce2f72ad36e51eea21a71eac9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bfd5f53ce2f72ad36e51eea21a71eac9_JaffaCakes118
Size

1.3MB
MD5

bfd5f53ce2f72ad36e51eea21a71eac9
SHA1

f481e2e274f1ec942b5fef963d9a7b1ab146a237
SHA256

b79420256a0f4dad718f7dac19506886c787c6eeba5242282c09e5c51975c36d
SHA512

d194c87a2e98297ddee007f3ff4f537cadc784c67caffd6b45f1ffa61ca4a0bb820d11d331b8aa0b5b002e15283736b519cfa8aa72f4f672c5705f812fbed8c2
SSDEEP

24576:+dv35oVcdBb/VPZeZ1vYx0rO1X/YEfHOEe1aqyAA6+JzdJG6fzb7x:YvpZf/qfwxAKXAEfHOZ1rApdo+1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Ativador Office 2016/Ativador Office 2016/KMSAuto.exe

Files

bfd5f53ce2f72ad36e51eea21a71eac9_JaffaCakes118
.rar
Ativador Office 2016/Ativador Office 2016/KMSAuto.exe
.exe windows:4 windows x86 arch:x86

154f7ea372dbeaabc533858c06929872

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
wcsstr
_wcsicmp
setlocale
swscanf
_wcsnicmp
wcsncmp
wcsncpy
memmove
_wcsdup
free
wcscmp
wcslen
wcscpy
wcscat
strlen
strcpy
strcat
memcmp
_stricmp
sscanf
sprintf
memcpy
fread
longjmp
_setjmp3
_wfopen
fclose
malloc
_snwprintf
strcmp
tolower
gmtime
localtime
mktime
_itow
fabs
ceil
floor
pow
frexp
modf
_CIpow
atof
fwrite
fflush
exit
__p__iob
fprintf
ferror
getenv
_vsnwprintf
fmod
sin
cos
abs

kernel32

GetModuleHandleW
HeapCreate
GetEnvironmentVariableW
CreateSemaphoreW
GetLastError
CloseHandle
HeapDestroy
ExitProcess
SystemTimeToFileTime
LocalFileTimeToFileTime
FindResourceW
LoadResource
LockResource
SizeofResource
CreateToolhelp32Snapshot
GetLogicalDriveStringsW
QueryDosDeviceW
FileTimeToLocalFileTime
FileTimeToSystemTime
ExpandEnvironmentStringsW
GetCurrentProcess
GetUserDefaultLangID
GetSystemDefaultLangID
MultiByteToWideChar
GetProcAddress
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
GetCurrentProcessId
OpenProcess
FormatMessageW
GetVolumeInformationW
FindFirstFileW
FindNextFileW
FindClose
WideCharToMultiByte
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
CreateProcessW
Beep
CreateFileW
DeviceIoControl
GetCommandLineW
GetComputerNameW
GetDateFormatW
GetDiskFreeSpaceExW
GetExitCodeProcess
GetFileTime
GetPrivateProfileStringW
GetShortPathNameW
GetSystemDirectoryW
GetSystemPowerStatus
GetTimeZoneInformation
GetUserDefaultLCID
GetWindowsDirectoryW
GlobalMemoryStatus
LocalFree
Process32FirstW
Process32NextW
QueryPerformanceCounter
QueryPerformanceFrequency
SetComputerNameW
SetFileTime
SetSystemTime
SetVolumeLabelW
Sleep
TerminateProcess
WritePrivateProfileStringW
HeapAlloc
HeapFree
GetCurrentThreadId
InitializeCriticalSection
GetModuleFileNameW
DuplicateHandle
CreatePipe
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
PeekNamedPipe
SetEnvironmentVariableW
HeapReAlloc
ReadFile
SetFilePointer
SetEndOfFile
WriteFile
GetFileSize
FreeLibrary
LoadLibraryA
TlsAlloc
TlsSetValue
GetTickCount
TlsGetValue
LoadLibraryW
DeleteFileW
GetVersionExW
GlobalLock
GlobalSize
GlobalUnlock
GlobalAlloc
GlobalFree
GetVersionExA
SetLastError
MulDiv
GetDriveTypeW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CopyFileW
GetTempPathW
MoveFileW
GetLocalTime
HeapSize
DeleteCriticalSection
TlsFree
lstrlenA
WaitForMultipleObjects
GetCurrentThread
CreateSemaphoreA
CreateThread
ReleaseSemaphore

winspool.drv

ClosePrinter
DeletePrinter
OpenPrinterW
SetPrinterW

user32

OemToCharW
UpdateWindow
SendMessageW
RedrawWindow
ReleaseDC
EnumWindows
GetWindowThreadProcessId
FindWindowExW
FindWindowW
GetCursorPos
GetForegroundWindow
GetWindow
GetWindowLongW
GetWindowTextW
SetCursorPos
AnimateWindow
AttachThreadInput
BlockInput
ChangeDisplaySettingsW
CharToOemW
CreateWindowExW
DrawMenuBar
EnableMenuItem
EnableWindow
EnumDisplaySettingsW
ExitWindowsEx
FlashWindow
GetClassNameW
GetDC
GetDesktopWindow
GetFocus
GetKeyState
GetLastInputInfo
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowRect
IsWindow
IsWindowEnabled
KillTimer
LoadCursorW
LockWorkStation
MessageBeep
PostMessageW
RegisterHotKey
RemoveMenu
SetClassLongW
SetFocus
SetForegroundWindow
SetTimer
SetWindowLongW
SetWindowPos
ShowWindow
UnregisterHotKey
WaitForInputIdle
keybd_event
mouse_event
CharUpperW
CharLowerW
MessageBoxW
IsWindowVisible
DestroyWindow
SetWindowTextW
CallWindowProcW
GetParent
GetWindowTextLengthW
GetClientRect
InvalidateRect
DefWindowProcW
ScreenToClient
GetUpdateRect
MapWindowPoints
IntersectRect
ValidateRect
GetIconInfo
DrawStateW
GetSysColorBrush
FrameRect
DrawFocusRect
SetScrollPos
GetPropW
SetPropW
InflateRect
GetWindowDC
RemovePropW
SetRect
DrawTextW
SetCursor
BeginPaint
FillRect
EndPaint
GetMessagePos
MoveWindow
ReleaseCapture
SetCapture
ClientToScreen
RegisterClassExW
PeekMessageW
TranslateMessage
DispatchMessageW
SetActiveWindow
UnregisterClassW
DestroyAcceleratorTable
LoadIconW
RegisterClassW
AdjustWindowRectEx
CreateAcceleratorTableW
MsgWaitForMultipleObjects
GetMessageW
GetActiveWindow
TranslateAcceleratorW
GetMenu
EnumChildWindows
DefFrameProcW
IsChild
RegisterWindowMessageW
DestroyIcon
CopyImage
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx

gdi32

CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
GetPixel
GetStockObject
SetBkMode
DeleteObject
CreateBrushIndirect
GetTextExtentPoint32W
GetObjectType
GetObjectW
CreateRectRgn
SelectClipRgn
ExcludeClipRect
SetBkColor
SetTextColor
CreateRectRgnIndirect
TextOutW
CreatePen
MoveToEx
LineTo
SetStretchBltMode
StretchBlt
CreateSolidBrush
GetDeviceCaps
CreateFontW
SetDIBits
GdiSetBatchLimit
GdiGetBatchLimit
CreateDIBSection
GetObjectA
GetDIBits
CreateBitmap
SetPixel
SetTextAlign
SetBrushOrgEx
CreateFontIndirectW
GetTextMetricsW

advapi32

RegOpenKeyExW
RegOpenKeyW
RegConnectRegistryW
RegQueryValueExW
RegCloseKey
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
LookupAccountNameW
IsValidSid
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyW
AdjustTokenPrivileges
ChangeServiceConfigW
ControlService
CryptAcquireContextW
CryptCreateHash
CryptDeriveKey
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptHashData
CryptReleaseContext
GetUserNameW
ImpersonateLoggedOnUser
LogonUserW
LookupPrivilegeValueW
OpenProcessToken
RegEnumValueW
RevertToSelf
StartServiceW

comctl32

InitCommonControlsEx
ImageList_Destroy
ImageList_Replace
ImageList_Add
ImageList_ReplaceIcon
ImageList_Remove
ImageList_AddMasked
ImageList_Create

oleaut32

SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetElement
SysFreeString
VariantInit
DispGetParam
SysAllocString
VariantClear
SysStringLen

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoCreateGuid
CoInitialize
StringFromGUID2
CreateStreamOnHGlobal
GetHGlobalFromStream
OleInitialize
RevokeDragDrop
OleCreate
OleSetContainedObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
ExtractIconExW
ExtractIconW
IsNetDrive
RealDriveType
SHAddToRecentDocs
SHFileOperationW
SHFormatDrive
SHGetFileInfoW
ShellAboutW
Shell_NotifyIconW
ShellExecuteExW

wsock32

WSAStartup
gethostbyname
WSACleanup
gethostbyaddr
inet_addr
closesocket
gethostname
htons
select
__WSAFDIsSet
ioctlsocket
recvfrom
connect
socket
bind
recv
send
sendto

winmm

timeBeginPeriod

icmp

IcmpCloseHandle
IcmpCreateFile
IcmpSendEcho

imagehlp

MakeSureDirectoryPathExists

iphlpapi

GetAdaptersInfo
GetNetworkParams

msi

MsiEnumProductsW
MsiGetProductInfoW

netapi32

NetApiBufferFree
NetLocalGroupAdd
NetLocalGroupDel
NetLocalGroupEnum
NetUserDel
NetUserGetInfo
NetUserSetInfo

setupapi

SetupIterateCabinetW

urlmon

URLDownloadToFileW
UrlMkSetSessionOption

userenv

GetDefaultUserProfileDirectoryW

wininet

DeleteUrlCacheEntryW
InternetCloseHandle
InternetGetConnectedState
InternetOpenUrlW
InternetOpenW
InternetReadFile
UnlockUrlCacheEntryFileW

Sections

.code
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Ativador Office 2016/Ativador Office 2016/KMSAutoLite.ini
Ativador Office 2016/KMSAutoLite.ini

Sharing

General

Malware Config

Signatures

Files

154f7ea372dbeaabc533858c06929872

Headers

File Characteristics

Imports

msvcrt

kernel32

winspool.drv

user32

gdi32

advapi32

comctl32

oleaut32

ole32

shell32

wsock32

winmm

icmp

imagehlp

iphlpapi

msi

netapi32

setupapi

urlmon

userenv

wininet

Sections

.code Size: 101KB - Virtual size: 101KB

.text Size: 300KB - Virtual size: 299KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 5.4MB - Virtual size: 5.4MB

.rsrc Size: 44KB - Virtual size: 44KB

.code
Size: 101KB - Virtual size: 101KB

.text
Size: 300KB - Virtual size: 299KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 5.4MB - Virtual size: 5.4MB

.rsrc
Size: 44KB - Virtual size: 44KB