d4a59d662b97d8feb4ff22e44f00ee5f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d4a59d662b97d8feb4ff22e44f00ee5f_JaffaCakes118
Size

795KB
MD5

d4a59d662b97d8feb4ff22e44f00ee5f
SHA1

a102b6e156ba0f80812d48dc2a7c2b0908f50c68
SHA256

1bcb949ae2c93ed11f5b76edb5f637e10b3ca6bb40ee1873eb98fd636f84d42a
SHA512

1c222668c46dac9decbf71f4aa28615d1616aa26930bb418f52fee082974a0660f370ae118e84b56f030c49cc6adc7a1d595e0bcfe67f26f59a08395cdabff87
SSDEEP

12288:qIJx9z8EBpQbNCKepg+GkOE5FLTqLBIvJTE05O4oSjOpj5Iaq58T/JRJIw:lZQbNCKeDH5ALBIvJT5OUj1aCsx7N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4a59d662b97d8feb4ff22e44f00ee5f_JaffaCakes118

Files

d4a59d662b97d8feb4ff22e44f00ee5f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

dcdb1af7631063ca6ab6e364e3368063

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\110817_092208_build_NaturalIce_NaturalIce_12.0.2.0\source\source_sa\bin\Release\ClientSA.pdb

Imports

comctl32

ord17

kernel32

MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalDeleteAtom
GlobalGetAtomNameA
CreateProcessA
SetFileAttributesA
DeleteFileA
GetTempPathA
GetTempFileNameA
InterlockedIncrement
InterlockedDecrement
GetVersionExA
GetComputerNameExA
GetSystemDirectoryA
GetOEMCP
GetACP
GetThreadLocale
GetUserDefaultLangID
GetSystemDefaultLangID
DosDateTimeToFileTime
GetVersion
ReleaseMutex
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
LocalAlloc
RemoveDirectoryA
GetFileAttributesA
GetPrivateProfileStringA
OpenFile
SetFilePointer
GetComputerNameA
GetVolumeInformationA
SetErrorMode
GetDriveTypeA
GetProcessHeap
HeapFree
HeapAlloc
WaitForMultipleObjects
OpenEventA
GlobalAddAtomA
CopyFileA
FreeResource
IsBadReadPtr
FileTimeToSystemTime
ResumeThread
SetThreadPriority
GetCurrentThread
FormatMessageA
GlobalFree
GlobalHandle
OpenMutexA
GetCurrentProcessId
InterlockedExchange
CompareFileTime
SystemTimeToFileTime
lstrlenW
GetTimeZoneInformation
OutputDebugStringA
OpenFileMappingA
RaiseException
GetSystemTime
GetDateFormatA
GetTimeFormatA
lstrcmpA
CompareStringW
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
LoadLibraryW
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
GetStdHandle
HeapCreate
GetStringTypeW
ExitProcess
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetCPInfo
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetCommandLineA
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualProtect
DecodePointer
EncodePointer
RtlUnwind
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
EnterCriticalSection
MultiByteToWideChar
ResetEvent
Sleep
WriteFile
CreateFileA
GetFileSize
ReadFile
CreateDirectoryA
LocalFree
CreateThread
TerminateThread
CreateEventA
InitializeCriticalSection
lstrlenA
lstrcpyA
FindResourceA
WritePrivateProfileStringA
lstrcpynA
LoadLibraryExA
CreateMutexA
CloseHandle
OpenProcess
GetTickCount
WaitForSingleObject
GetSystemTimeAsFileTime
GetModuleHandleA
GetModuleFileNameA
GetShortPathNameA
LoadLibraryA
GetProcAddress
FreeLibrary
SetLastError
SetEvent
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
SetEnvironmentVariableA

user32

CheckMenuItem
EnableMenuItem
DeleteMenu
InsertMenuA
IsWindowEnabled
CreateDialogIndirectParamA
SetActiveWindow
CharLowerBuffA
EnumWindows
SendMessageTimeoutA
UnregisterClassA
DrawAnimatedRects
GetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
EnableWindow
LoadMenuA
GetSubMenu
EnumThreadWindows
GetPropA
RemovePropA
SetPropA
DrawIcon
DefWindowProcA
SetWindowLongA
PostMessageA
IsIconic
GetClassInfoExA
LoadCursorA
DestroyWindow
PostThreadMessageA
RegisterClassExA
CreateWindowExA
GetThreadDesktop
DestroyIcon
LoadImageA
SetWindowPos
SetForegroundWindow
GetSystemMetrics
DestroyMenu
ModifyMenuA
SetMenuItemInfoA
TrackPopupMenu
FindWindowExA
SystemParametersInfoA
LoadBitmapA
PtInRect
CopyRect
LoadIconA
GetCursorPos
SetWindowRgn
ShowWindow
PeekMessageA
MsgWaitForMultipleObjects
AdjustWindowRectEx
GetMenu
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
DialogBoxParamA
GetAncestor
IsWindowVisible
IsWindow
GetWindowRect
FindWindowA
DispatchMessageA
TranslateMessage
SetDlgItemTextA
PostQuitMessage
CreateAcceleratorTableA
GetDesktopWindow
GetFocus
SetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
CallWindowProcA
FillRect
ReleaseCapture
GetClassNameA
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
MoveWindow
CharNextA
GetSysColor
SendMessageA
SetWindowContextHelpId
GetWindow
SendDlgItemMessageA
EndDialog
MapDialogRect
KillTimer
SetTimer
GetWindowLongA
MessageBoxA
RegisterClassA
GetMessageA
SetRect

gdi32

DeleteDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateSolidBrush
GetObjectA
GetStockObject
CreateRectRgn
GetRgnBox
PtInRegion
CombineRgn
ExtCreateRegion
GetRegionData
GetPixel
StretchBlt
SelectClipRgn
GetTextExtentPoint32A
DeleteObject

advapi32

LookupAccountNameA
CryptAcquireContextA
ConvertSidToStringSidA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegDeleteValueA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
RegDeleteKeyA
CryptHashData
CryptDecrypt
CryptDestroyKey
CryptDeriveKey
CryptDestroyHash
CryptCreateHash
CryptReleaseContext

shell32

ShellExecuteExA
SHAppBarMessage
Shell_NotifyIconA
ShellExecuteA

ole32

IIDFromString
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CoGetClassObject
CoTaskMemAlloc
OleLockRunning
StringFromGUID2
CoInitialize
CoUninitialize
CoReleaseServerProcess
CoAddRefServerProcess
CoCreateInstance
CLSIDFromProgID

oleaut32

SysStringLen
SysAllocStringLen
SysAllocString
VariantInit
VariantClear
SystemTimeToVariantTime
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VariantCopy
VariantChangeType
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayUnlock
SafeArrayLock
SafeArrayCreate
SysAllocStringByteLen
SysStringByteLen
VariantTimeToSystemTime
SysFreeString

shlwapi

PathFileExistsA
StrToIntA

rpcrt4

UuidCreate

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 583KB - Virtual size: 582KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 29KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dcdb1af7631063ca6ab6e364e3368063

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

rpcrt4

version

Sections

.text Size: 583KB - Virtual size: 582KB

.data Size: 29KB - Virtual size: 42KB

.rsrc Size: 144KB - Virtual size: 144KB

.reloc Size: 38KB - Virtual size: 37KB

.text
Size: 583KB - Virtual size: 582KB

.data
Size: 29KB - Virtual size: 42KB

.rsrc
Size: 144KB - Virtual size: 144KB

.reloc
Size: 38KB - Virtual size: 37KB