c8a6b75e72df96dec9b71498849b7590_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c8a6b75e72df96dec9b71498849b7590_JaffaCakes118
Size

520KB
MD5

c8a6b75e72df96dec9b71498849b7590
SHA1

cee3da6a8bc50e3dd530099a5385f0ad35ec3c2b
SHA256

3cf37c51c9b133f7dafa520b302fa8b9fb266af78f7365a9b8edbe08c36f1791
SHA512

3a4cf33a194646f461811b1b8dc0b57f854a760f33318692231a0347d34f1cc8397e1ce257812077913f2030be93d83b28e7818c0c88cf29f05d26258b9839b0
SSDEEP

12288:coSqacTvbbH301hUVT5UQCoCzhMOa6c9dC1:coVHbjdYJX6dC1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8a6b75e72df96dec9b71498849b7590_JaffaCakes118

Files

c8a6b75e72df96dec9b71498849b7590_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3e5c8bd11179bd7f4816c1a1dc2a1b70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\projects\cwshredder2.18\CWShredder_src_218-1006\cwshredderEXE\Release\cwshredder.pdb

Imports

ws2_32

WSAEnumProtocolsA
WSAStartup

advapi32

OpenProcessToken
RegQueryValueA
RegCloseKey
RegEnumValueA
RegOpenKeyExA
CloseServiceHandle
RegQueryValueExA
EnumServicesStatusA
OpenSCManagerA
RegEnumKeyA
SetServiceStatus
CreateServiceA
DeleteService
OpenServiceA
RegisterServiceCtrlHandlerA
RegCreateKeyA
RegOpenKeyA
StartServiceCtrlDispatcherA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
QueryServiceStatus
ControlService
RegQueryInfoKeyA
RegEnumKeyExA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegCreateKeyExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GetCurrentThread
SetThreadPriority
SetEvent
CreateEventA
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationA
GlobalFlags
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
lstrcmpA
TlsFree
InterlockedIncrement
GetCPInfo
GetOEMCP
GetFileTime
WritePrivateProfileStringA
SetErrorMode
ExitProcess
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
HeapReAlloc
ExitThread
CreateThread
HeapSize
SetStdHandle
GetFileType
SetHandleCount
GetStdHandle
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
VirtualProtect
VirtualQuery
ConvertDefaultLocale
EnumResourceLanguagesA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
SetLastError
MulDiv
GlobalAlloc
FormatMessageA
LocalFree
lstrcpynA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
lstrcpyA
GetModuleHandleA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
ExpandEnvironmentStringsA
GetComputerNameA
GetCurrentDirectoryA
lstrlenA
lstrcmpiA
CompareStringW
CompareStringA
GetVersion
SetEnvironmentVariableA
MultiByteToWideChar
GetFullPathNameA
GetCurrentProcessId
GetSystemInfo
VirtualAlloc
VirtualFree
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
FreeLibrary
GetTempPathA
CreateFileA
GetFileSize
ReadFile
FindNextFileA
GetTickCount
SetFileAttributesA
DeleteFileA
CopyFileA
FindFirstFileA
FindClose
MoveFileExA
GetShortPathNameA
LoadLibraryA
GetProcAddress
OpenProcess
HeapAlloc
CloseHandle
HeapFree
GetCurrentProcess
GetFileAttributesA
Sleep
CreateMutexA
ResumeThread
SuspendThread
GetLastError
GetSystemDirectoryA
GetWindowsDirectoryA
InterlockedDecrement
GetModuleFileNameA
GetUserDefaultLangID
WideCharToMultiByte
FileTimeToLocalFileTime
FileTimeToSystemTime
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
FindResourceA
LoadResource
LocalReAlloc

user32

RegisterClipboardFormatA
PostThreadMessageA
LoadCursorA
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
SetCursor
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
wsprintfA
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
MessageBeep
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
GetNextDlgGroupItem
CharNextA
InvalidateRgn
InvalidateRect
CopyAcceleratorTableA
SetRect
IsRectEmpty
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
GetDesktopWindow
ReleaseCapture
SetCapture
DestroyMenu
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
CharUpperA
SystemParametersInfoA
ExitWindowsEx
SetTimer
KillTimer
MessageBoxA
GetSystemMetrics
LoadIconA
GetClientRect
IsIconic
SendMessageA
DrawIcon
EnableWindow

gdi32

DeleteDC
GetStockObject
ExtSelectClipRgn
CreateRectRgnIndirect
GetMapMode
GetRgnBox
GetBkColor
GetTextColor
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
ScaleWindowExtEx
SetWindowExtEx
SetTextColor
GetClipBox
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetDeviceCaps
CreateBitmap
GetObjectA
SetBkColor

comdlg32

GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

shell32

SHFreeNameMappings
SHFileOperationA
ShellExecuteA

comctl32

ImageList_Destroy
ord17

shlwapi

PathAppendA
UrlUnescapeA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsDirectoryA
PathIsUNCA

oledlg

ord8

ole32

OleIsCurrentClipboard
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
CoRegisterMessageFilter
OleFlushClipboard

oleaut32

SysFreeString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
DispCallFunc
SysAllocString
VariantCopy
SysAllocStringByteLen
SysStringLen
SysAllocStringLen
VariantChangeType
VariantClear
VariantInit

wininet

HttpOpenRequestA
InternetOpenUrlA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetQueryDataAvailable
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA

Sections

.text
Size: 292KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e5c8bd11179bd7f4816c1a1dc2a1b70

Headers

File Characteristics

PDB Paths

Imports

ws2_32

advapi32

version

kernel32

user32

gdi32

comdlg32

winspool.drv

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

Sections

.text Size: 292KB - Virtual size: 289KB

.rdata Size: 132KB - Virtual size: 128KB

.data Size: 12KB - Virtual size: 29KB

.rsrc Size: 80KB - Virtual size: 78KB

.text
Size: 292KB - Virtual size: 289KB

.rdata
Size: 132KB - Virtual size: 128KB

.data
Size: 12KB - Virtual size: 29KB

.rsrc
Size: 80KB - Virtual size: 78KB