d2170b7983f01e1fe462056de123b770_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d2170b7983f01e1fe462056de123b770_JaffaCakes118
Size

298KB
MD5

d2170b7983f01e1fe462056de123b770
SHA1

a764e019383166e3052e848cd2c01b2b9262948e
SHA256

5c19671871c96f9f6d508a7e43d9c89d8ef8368dca596cb1cb602a0880ea71a7
SHA512

a308ec305d106aa5843efc00ef9c9414d02e6886c70fa52b39ffc25b53021cfd1dfea3d79a65c3954457573b929c3d03c88a9d6ba568876c12bed0cb187c7d9c
SSDEEP

6144:kJwlRfDX0WezfhNgcdVden2/s58bC90Lsj+2IgTqp:kiXEWezZNgcd+nz90QsgWp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2170b7983f01e1fe462056de123b770_JaffaCakes118

Files

d2170b7983f01e1fe462056de123b770_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ba63177dbb1f7576c4ee0897a69ef401

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\projects\Client\bin\Release\msbb.pdb

Imports

comctl32

ord17

rpcrt4

UuidCreate

wininet

InternetReadFile
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCrackUrlA
InternetOpenUrlA

kernel32

lstrlenW
lstrcmpA
GetVersion
lstrlenA
GetCurrentThreadId
InterlockedIncrement
SetEvent
InterlockedDecrement
DeleteFileA
SetFileAttributesA
FreeLibrary
GetProcAddress
LoadLibraryExA
CopyFileA
GetSystemTimeAsFileTime
Sleep
GetCurrentProcessId
GetWindowsDirectoryA
GetModuleFileNameA
WaitForSingleObject
OpenProcess
CloseHandle
CreateFileA
ReadFile
CreateEventA
MoveFileA
WriteFile
lstrcpyA
ResumeThread
CreateThread
SetFilePointer
GetFileSize
GetTempFileNameA
GetTempPathA
LoadLibraryA
TerminateThread
HeapFree
GetProcessHeap
GlobalUnlock
GlobalLock
GlobalAlloc
FileTimeToSystemTime
GetTickCount
GetPrivateProfileStringA
SystemTimeToFileTime
ResetEvent
GetModuleHandleA
SetLastError
GlobalFree
GlobalHandle
lstrcpynA
GetLocalTime
GlobalAddAtomA
OpenEventA
CreateProcessA
GetShortPathNameA
MoveFileExA
RemoveDirectoryA
lstrcatA
GlobalDeleteAtom
GlobalGetAtomNameA
CreateDirectoryA
CreateMutexA
ReleaseMutex
GetDiskFreeSpaceExA
GlobalMemoryStatus
GetSystemDirectoryA
GetOEMCP
GetUserDefaultLangID
GetSystemDefaultLangID
OpenFile
FlushFileBuffers
FindClose
FindFirstFileA
GetFileAttributesA
TerminateProcess
FileTimeToLocalFileTime
DosDateTimeToFileTime
GetVolumeInformationA
FindNextFileA
GetTimeZoneInformation
HeapAlloc
GetCurrentProcess
FlushInstructionCache
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapDestroy
HeapReAlloc
HeapSize
RtlUnwind
ExitProcess
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
MulDiv

user32

SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
SetDlgItemTextA
MsgWaitForMultipleObjects
PeekMessageA
PostQuitMessage
EndDialog
GetWindowRect
GetSystemMetrics
SendDlgItemMessageA
DdeFreeStringHandle
DdeDisconnect
DdeConnect
DdeDisconnectList
DdeQueryNextServer
DdeFreeDataHandle
DdeClientTransaction
DdeConnectList
DdeCreateStringHandleA
DdeQueryStringA
DdeInitializeA
DdeUninitialize
DdeNameService
ShowWindow
DialogBoxIndirectParamA
CreateDialogIndirectParamA
GetActiveWindow
SetWindowContextHelpId
MapDialogRect
CharLowerBuffA
SendMessageTimeoutA
EnumWindows
WaitForInputIdle
SetCursor
ExitWindowsEx
CreateAcceleratorTableA
EnumChildWindows
IsDlgButtonChecked
CallWindowProcA
SendMessageA
AdjustWindowRectEx
KillTimer
GetClientRect
GetMenu
GetWindowLongA
SetWindowPos
SetForegroundWindow
RegisterWindowMessageA
MessageBoxA
RegisterClassA
GetMessageA
TranslateMessage
DispatchMessageA
PostThreadMessageA
RegisterClassExA
CreateWindowExA
CharUpperA
LoadCursorA
wsprintfA
GetClassInfoExA
IsWindow
SetTimer
PostMessageA
SetWindowLongA
UnregisterClassA
CharNextA
wvsprintfA
CharLowerA
DestroyWindow
DefWindowProcA
GetParent
GetClassNameA
RedrawWindow
GetDlgItem
GetFocus
DestroyAcceleratorTable
IsChild
GetWindow
SetFocus
BeginPaint
EndPaint
InvalidateRgn
InvalidateRect
FillRect
SetCapture
ReleaseCapture
GetDC
GetDesktopWindow
ReleaseDC
GetWindowThreadProcessId
GetSysColor
FindWindowA

gdi32

CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetTextExtentPoint32A
SelectObject
DeleteObject
GetStockObject
GetObjectA
DeleteDC
GetDeviceCaps

advapi32

RegDeleteValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetKeySecurity
RegOpenKeyA
RegGetKeySecurity
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegQueryInfoKeyA

shell32

ShellExecuteA

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
OleLockRunning
CreateStreamOnHGlobal
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleInitialize
OleUninitialize
CoUninitialize
CoInitialize

oleaut32

VariantInit
SysAllocString
VariantClear
SysAllocStringLen
SysFreeString
SysStringByteLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SysStringLen

shlwapi

SHDeleteKeyA

Sections

.text
Size: 200KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba63177dbb1f7576c4ee0897a69ef401

Headers

File Characteristics

PDB Paths

Imports

comctl32

rpcrt4

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 200KB - Virtual size: 197KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 24KB - Virtual size: 21KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 200KB - Virtual size: 197KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 24KB - Virtual size: 21KB

.rsrc
Size: 12KB - Virtual size: 11KB