c967bcbee49407a97d0b27698d6ab783_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c967bcbee49407a97d0b27698d6ab783_JaffaCakes118
Size

658KB
MD5

c967bcbee49407a97d0b27698d6ab783
SHA1

971a5ce86d04c23c4833a51ebd53778d0f693c2e
SHA256

5ca36739a214aaeeffdb76c9b99c9b9a00ce48fb885a8752404271b781f789e9
SHA512

171d376ded5981a6aa6c900a12d9ed5d4bf58e67377ef1367c40845e21374d366c6216dd9c2351843d18ae210014ab8fbd689ef600ee5ebb84d3a7e06f251f0f
SSDEEP

12288:g8yDReFwo19bvVzl5s4UGapb1rBpG9QnQ7Tlc4IIlPV:gTDReFTbv9liiapZ7G9QnWT1v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c967bcbee49407a97d0b27698d6ab783_JaffaCakes118

Files

c967bcbee49407a97d0b27698d6ab783_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e2c87a0d3f822999d0200f465282145a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

h:\work\dev\dragonica_exe\toolbin\patcher\Patcher.pdb

Imports

kernel32

GlobalUnlock
LoadResource
OpenMutexW
CloseHandle
GetPrivateProfileIntW
CreateMutexW
WriteFile
FormatMessageW
CreateFileW
ReadFile
lstrcmpW
SetLastError
GetCurrentDirectoryW
GetTickCount
GetPrivateProfileStringW
WaitForSingleObject
GetModuleHandleW
CompareStringW
CompareStringA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
IsValidLocale
GetModuleFileNameW
GetUserDefaultLCID
IsValidCodePage
GetLastError
HeapCreate
HeapDestroy
SetHandleCount
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
PeekNamedPipe
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileType
CreateDirectoryW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoA
GetCommandLineA
CreateThread
ExitThread
HeapReAlloc
VirtualQuery
VirtualProtect
GetModuleHandleA
GetFileAttributesA
MoveFileA
IsDebuggerPresent
lstrcmpiW
FreeLibrary
InterlockedIncrement
FindResourceW
GlobalLock
LoadLibraryExW
SizeofResource
lstrlenW
lstrlenA
MulDiv
RaiseException
GetCurrentProcess
GlobalAlloc
FlushInstructionCache
MultiByteToWideChar
GetOEMCP
InterlockedDecrement
Sleep
SetCurrentDirectoryW
GetCurrentThreadId
LeaveCriticalSection
DeleteFileW
EnterCriticalSection
InitializeCriticalSection
EnumSystemLocalesA
DeleteCriticalSection
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FindClose
FindNextFileW
FindFirstFileW
MoveFileW
GetFileInformationByHandle
CreateFileA
GetTimeZoneInformation
QueryPerformanceCounter
GetSystemInfo
SetEndOfFile
FlushFileBuffers
GetEnvironmentStrings
ExitProcess
GetModuleFileNameA
ReleaseSemaphore
TlsFree
GetCurrentProcessId
TlsAlloc
TlsSetValue
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
SetFilePointer
GetFileSize
GetStdHandle
WideCharToMultiByte
TerminateProcess
GetSystemTimeAsFileTime
TlsGetValue
ReleaseMutex

user32

GetCursorPos
BeginPaint
ScreenToClient
EndPaint
SendMessageW
GetDC
SetLayeredWindowAttributes
ReleaseDC
UnregisterClassA
DefWindowProcW
LoadIconW
InvalidateRect
PostQuitMessage
ReleaseCapture
GetClassNameW
SetWindowPos
IsWindow
GetSysColor
MessageBoxW
CreateAcceleratorTableW
SetClassLongW
GetSystemMetrics
UpdateWindow
DispatchMessageW
PeekMessageW
TranslateMessage
AdjustWindowRectEx
OffsetRect
GetWindowRect
CreateDialogParamW
EnableWindow
ShowWindow
SetRect
PostMessageW
EndDialog
DrawTextW
GetFocus
FillRect
InvalidateRgn
RedrawWindow
LoadCursorW
DestroyWindow
DestroyAcceleratorTable
GetParent
GetWindowTextW
SetCapture
UnregisterClassW
GetWindow
CharNextW
RegisterClassExW
IsChild
GetDlgItem
GetClientRect
CallWindowProcW
GetDesktopWindow
ClientToScreen
CreateWindowExW
SetFocus
GetWindowLongW
RegisterWindowMessageW
GetClassInfoExW
SetWindowLongW
MoveWindow
SetWindowTextW
GetWindowTextLengthW

gdi32

StretchBlt
SetBkMode
CreateFontW
BitBlt
GetStockObject
GetDeviceCaps
SelectObject
GetObjectW
CreateCompatibleDC
CreateSolidBrush
CreateCompatibleBitmap
DeleteDC
DeleteObject
SetTextColor
SetBkColor
CreateDIBSection

advapi32

RegDeleteValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW

shell32

ShellExecuteW

ole32

StringFromGUID2
OleInitialize
CoTaskMemFree
OleLockRunning
CoGetClassObject
OleUninitialize
CLSIDFromProgID
CoTaskMemAlloc
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemRealloc
CLSIDFromString

oleaut32

SysFreeString
LoadRegTypeLi
SysStringByteLen
VariantClear
VarUI4FromStr
DispCallFunc
LoadTypeLi
VariantInit
SysAllocString
SysAllocStringLen
SysStringLen
OleCreateFontIndirect

winmm

timeGetTime

wininet

HttpOpenRequestW
InternetQueryDataAvailable
InternetReadFile
InternetOpenW
HttpQueryInfoW
InternetCloseHandle
InternetAttemptConnect
InternetConnectW
HttpSendRequestW

msimg32

TransparentBlt

Sections

.text
Size: 528KB - Virtual size: 526KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2c87a0d3f822999d0200f465282145a

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

winmm

wininet

msimg32

Sections

.text Size: 528KB - Virtual size: 526KB

.rdata Size: 108KB - Virtual size: 107KB

.data Size: 24KB - Virtual size: 43KB

.rsrc Size: 16KB - Virtual size: 14KB

.text
Size: 528KB - Virtual size: 526KB

.rdata
Size: 108KB - Virtual size: 107KB

.data
Size: 24KB - Virtual size: 43KB

.rsrc
Size: 16KB - Virtual size: 14KB