d2546b37251d1eeb0e70cbdb85468fa2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d2546b37251d1eeb0e70cbdb85468fa2_JaffaCakes118
Size

440KB
MD5

d2546b37251d1eeb0e70cbdb85468fa2
SHA1

fbb70afa9d48681f06f71eb5df4e7fe2dd73d2e6
SHA256

9560f408e0dfe54c6a8f774fd9b0106e5c416373d9680d87225d07a94581b263
SHA512

5aa1aded0a282d661c3cd29beb871a32f3b91cd6aa5b6575fce89c19164a1db439cccaf056893d9532de87a15c4040fa420925653f582bac0d1d059992b1ea21
SSDEEP

12288:iwE8xVoM8fxloKMTKgWev3bPkenHvt1uX3GS:9VoM85lo+gWev3bHTSGS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2546b37251d1eeb0e70cbdb85468fa2_JaffaCakes118

Files

d2546b37251d1eeb0e70cbdb85468fa2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8378b54a62c945a479687348b5e48cc4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\Sales SDK\xClient\Build v1.4\Release\xClient.pdb

Imports

ws2_32

connect
WSAStartup
htons
recv
socket
closesocket
send

psapi

GetModuleFileNameExA

kernel32

GetLastError
LoadLibraryA
GetModuleHandleA
CloseHandle
CreateRemoteThread
OpenProcess
Sleep
Module32First
GetProcAddress
VirtualProtectEx
VirtualAllocEx
VirtualProtect
CreateToolhelp32Snapshot
Module32Next
GetCurrentProcessId
WriteProcessMemory
Process32First
GetVolumeInformationA
Process32Next
GlobalMemoryStatusEx
GetDiskFreeSpaceA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetModuleFileNameA
ExitProcess
CreateThread
LeaveCriticalSection
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetStdHandle
GetCurrentProcess
FreeLibrary
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
EnterCriticalSection
WriteConsoleW
CompareStringA
FlushFileBuffers
CompareStringW
SetEnvironmentVariableA
WriteFile
HeapReAlloc
CreateFileA
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
WideCharToMultiByte
GetTimeZoneInformation
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc

user32

GetWindowTextLengthA
DrawEdge
RedrawWindow
EnableWindow
GetWindowTextA
EndPaint
GetMessageA
RegisterClassExA
PostQuitMessage
LoadBitmapA
LoadIconA
DestroyWindow
BeginPaint
TranslateMessage
GetForegroundWindow
MessageBoxA
CreateWindowExA
SetClassLongA
DefWindowProcA
ShowWindow
DispatchMessageA
GetSystemMetrics
LoadImageA
UpdateWindow
SendMessageA

gdi32

BitBlt
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
CreateSolidBrush
CreateFontA

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA

shell32

Shell_NotifyIconA

comctl32

InitCommonControlsEx

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.v-lizer
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8378b54a62c945a479687348b5e48cc4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

psapi

kernel32

user32

gdi32

advapi32

shell32

comctl32

Sections

.text Size: 98KB - Virtual size: 97KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 5KB - Virtual size: 13KB

.v-lizer Size: 320KB - Virtual size: 320KB

.text
Size: 98KB - Virtual size: 97KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 5KB - Virtual size: 13KB

.v-lizer
Size: 320KB - Virtual size: 320KB