d544dd3d0f86243266a1ea5a4d0935bb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d544dd3d0f86243266a1ea5a4d0935bb_JaffaCakes118
Size

5.7MB
MD5

d544dd3d0f86243266a1ea5a4d0935bb
SHA1

cce87a2932e9400a69ec3d01ce6ca836f89575fc
SHA256

49728c14bfd94636af5339b29a4fec84adc06a817d330a96ae1a1a948a055c2b
SHA512

1bee1a63ad7e903d6f375b76afc8a49c132cd5c35a40815f65504550e689b70fe39ee27d8f757ed60b1d757aa166d2dc71ae717329b6c31703048472e6349379
SSDEEP

98304:2bSYALn2NYT0rL8d7zCW4aeQ7bWWahdVbmt4QI5zEKKJA7/fYMnkOBVdT:yRCUYTyCp7eQ7mbbm2zEKp7dkOBv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d544dd3d0f86243266a1ea5a4d0935bb_JaffaCakes118

Files

d544dd3d0f86243266a1ea5a4d0935bb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

570a799f87c2d772d0c5d341f5a16c1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\work\yxbox\trunk\bin\Win32\Release\Patch\downloader2\RAR压缩_24_197.pdb

Imports

wininet

InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetOpenUrlW
InternetQueryDataAvailable
InternetSetOptionExW
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetConnectW
InternetReadFile
InternetCrackUrlW
InternetOpenW
GetUrlCacheEntryInfoW
DeleteUrlCacheEntryW
HttpSendRequestW
InternetGetConnectedState
InternetCloseHandle
HttpOpenRequestW
HttpQueryInfoW
HttpAddRequestHeadersW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetModuleBaseNameW
EnumProcessModules
GetModuleFileNameExW
EnumProcesses

kernel32

GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
InterlockedIncrement
InterlockedDecrement
IsBadWritePtr
SetFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
FileTimeToSystemTime
GetLocalTime
MoveFileW
GetCurrentProcess
VirtualFree
IsBadReadPtr
VirtualAlloc
VirtualProtect
ResumeThread
SetEvent
CreateEventW
ExitThread
GetStdHandle
ReleaseSemaphore
CreateSemaphoreW
SetLastError
FileTimeToLocalFileTime
LocalAlloc
GetThreadLocale
DuplicateHandle
GetVolumeInformationW
MulDiv
GetSystemInfo
InterlockedExchange
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GlobalDeleteAtom
GlobalAddAtomW
GetModuleHandleA
CompareStringW
GlobalFindAtomW
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetFileSizeEx
GetFileTime
GlobalFlags
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
GetFileType
SetStdHandle
RtlUnwind
RaiseException
ExitProcess
VirtualQuery
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
LCMapStringA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetCurrentProcessId
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetCurrentDirectoryA
GetDriveTypeA
SetEnvironmentVariableA
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
GetDiskFreeSpaceW
EnterCriticalSection
LockFileEx
HeapSize
FlushFileBuffers
ReadFile
HeapValidate
HeapCreate
GetFileAttributesA
LeaveCriticalSection
HeapDestroy
FormatMessageW
InitializeCriticalSection
FormatMessageA
GetProcessHeap
UnlockFileEx
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
HeapFree
QueryPerformanceCounter
SystemTimeToFileTime
HeapAlloc
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
TryEnterCriticalSection
SetFilePointer
HeapCompact
CreateFileA
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
FindNextFileW
CreatePipe
GetStartupInfoW
GetExitCodeProcess
CreateProcessW
SetErrorMode
TerminateProcess
OpenProcess
GetTickCount
GetFileSize
GetShortPathNameW
FindClose
GetVersionExW
FindFirstFileW
RemoveDirectoryW
LoadLibraryW
FreeResource
CreateThread
WaitForMultipleObjects
LoadLibraryA
GetTempPathW
OutputDebugStringW
FreeLibrary
lstrcmpW
CreateMutexW
GlobalFree
GlobalUnlock
GlobalAlloc
GlobalLock
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetModuleFileNameW
WaitForSingleObject
SetEnvironmentVariableW
WriteFile
DeleteFileW
CloseHandle
CreateFileW
LockResource
GetProcAddress
GetLastError
CreateDirectoryA
WritePrivateProfileStringW
lstrlenW
MultiByteToWideChar
SizeofResource
CopyFileW
Sleep
WideCharToMultiByte
GetSystemDirectoryW
GetPrivateProfileStringW
GetModuleHandleW
CreateDirectoryW
LoadResource
FindResourceW
lstrlenA
SetFileAttributesW
GetFileAttributesW
GetSystemTimeAsFileTime
GetVersionExA
OutputDebugStringA
GetCurrentThreadId
DeleteCriticalSection
GetStringTypeW
GetFileAttributesExW
lstrcmpA

user32

SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
DestroyMenu
UnhookWindowsHookEx
GetSysColor
EndPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
CallNextHookEx
GetMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
ValidateRect
GetWindow
SetWindowContextHelpId
MapDialogRect
GetLastActivePopup
IsWindowEnabled
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
CheckMenuItem
GetMenuState
GetMenuItemID
GetMenuItemCount
CharUpperW
SetRectEmpty
CopyRect
IsRectEmpty
SetCapture
SetFocus
ReleaseCapture
CallWindowProcW
DefWindowProcW
GetWindowThreadProcessId
GetDesktopWindow
TrackPopupMenu
GetSubMenu
DeleteMenu
LoadMenuW
SetMenuItemInfoW
GetWindowRect
GetDC
GetWindowLongW
PostThreadMessageW
RegisterClipboardFormatW
ReleaseDC
SetWindowLongW
SetWindowPos
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
SetRect
BeginPaint
TranslateMessage
PeekMessageW
DispatchMessageW
wsprintfW
SetCursor
GetSystemMenu
SetTimer
ScreenToClient
PostMessageW
KillTimer
LoadCursorW
GetClientRect
PtInRect
LoadIconW
InvalidateRect
AppendMenuW
SystemParametersInfoW
EnableMenuItem
GetCursorPos
ShowWindow
IsWindow
GetSystemMetrics
CloseWindow
SendMessageW
EnableWindow
SendMessageTimeoutW
MessageBoxW
GetSysColorBrush
CharNextW
SetWindowsHookExW
MoveWindow
ModifyMenuW

gdi32

GetStockObject
GetTextColor
ExtSelectClipRgn
GetMapMode
GetRgnBox
GetBkColor
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
ScaleWindowExtEx
SetBkColor
RestoreDC
SaveDC
CreateBitmap
SetWindowExtEx
ScaleViewportExtEx
GetDeviceCaps
DeleteDC
SetViewportExtEx
OffsetViewportOrgEx
DeleteObject
SelectObject
BitBlt
CreateCompatibleDC
CreateRectRgnIndirect
CreateCompatibleBitmap
GetWindowExtEx
GetViewportExtEx
GetObjectW
GetClipBox
SetMapMode
SetTextColor
SetViewportOrgEx

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegQueryValueExW
RegQueryValueW
RegEnumKeyW
ConvertSidToStringSidW
GetTokenInformation
RegCreateKeyExW
OpenProcessToken
RegDeleteKeyW
RegEnumValueW
RegDeleteValueW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
InitializeSecurityDescriptor
RegOpenKeyW

shell32

ExtractIconW
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteExW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFileExistsW
PathIsDirectoryW
PathStripPathW
StrCpyW
PathRemoveBackslashW
UrlUnescapeW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathRemoveFileSpecW
PathFindFileNameW

ole32

OleFlushClipboard
CoRegisterMessageFilter
CoRevokeClassObject
OleInitialize
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
CoInitialize
CoTaskMemFree
CoInitializeSecurity
CoTaskMemAlloc
OleIsCurrentClipboard
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
OleCreatePictureIndirect
OleCreateFontIndirect
VariantChangeType
SysStringLen
VariantCopy
SafeArrayGetUBound
SafeArrayUnaccessData
SafeArrayAccessData
VariantClear
SafeArrayGetLBound
SysAllocString
SysFreeString
SysAllocStringLen
VariantInit

oledlg

OleUIBusyW

urlmon

URLDownloadToFileW

gdiplus

GdipCreateFontFamilyFromName
GdipGetImageWidth
GdipDeleteBrush
GdipCloneBrush
GdipCreateSolidFill
GdipFillRectangleI
GdipDrawImageRectRect
GdipDeletePen
GdipSetImageAttributesColorMatrix
GdipSetTextRenderingHint
GdipSetImageAttributesWrapMode
GdipLoadImageFromFile
GdipSetStringFormatAlign
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDrawString
GdipSetSolidFillColor
GdipCreateStringFormat
GdipCreatePen1
GdipDeleteStringFormat
GdipDrawRectangleI
GdipGetPathWorldBounds
GdipGetFontStyle
GdipGetFamily
GdipAddPathString
GdipGetFontSize
GdipDeletePath
GdipCreatePath
GdipCreateFont
GdipDeleteFontFamily
GdipDeleteFont
GdipGetImageHeight
GdipCloneImage
GdipDisposeImage
GdipAlloc
GdipLoadImageFromStreamICM
GdipFree
GdipCreateFromHDC
GdipDeleteGraphics
GdiplusStartup
GdiplusShutdown
GdipLoadImageFromStream

iphlpapi

IcmpCloseHandle
IcmpCreateFile
GetAdaptersAddresses
GetAdaptersInfo
IcmpSendEcho

netapi32

Netbios

snmpapi

SnmpUtilOidNCmp
SnmpUtilOidCpy
SnmpUtilVarBindFree

ws2_32

htons
send
WSAStartup
WSAGetLastError
__WSAFDIsSet
gethostbyname
socket
recv
select
connect
closesocket
WSACleanup
inet_addr
inet_ntoa

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

570a799f87c2d772d0c5d341f5a16c1c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

version

psapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

urlmon

gdiplus

iphlpapi

netapi32

snmpapi

ws2_32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 274KB - Virtual size: 273KB

.data Size: 44KB - Virtual size: 72KB

.rsrc Size: 3.8MB - Virtual size: 3.8MB

.reloc Size: 93KB - Virtual size: 93KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 274KB - Virtual size: 273KB

.data
Size: 44KB - Virtual size: 72KB

.rsrc
Size: 3.8MB - Virtual size: 3.8MB

.reloc
Size: 93KB - Virtual size: 93KB