d4de144d71dc01b95f8b9380b42df56f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d4de144d71dc01b95f8b9380b42df56f_JaffaCakes118
Size

176KB
MD5

d4de144d71dc01b95f8b9380b42df56f
SHA1

b6fd20114419f99d2fb1827a75b42a977be7bd87
SHA256

32941da38bf1933a5b94ed287da125db81bdfdca126c16fd0cd4aac64e4ff9fe
SHA512

ee9744dfb9bf2875a634317a44a8fb83aba661d4a5b732b49141d0faf3dd8efb0c4a3e2810655694ce66ebcc320da814cfd921a9fd265f4c000de23d16b67c51
SSDEEP

3072:yYI+peV+fS76UAzwkGlat7BWbTPAse5TfTz0qM0XueXOzgMUlH:yueYSeh5GlOuq5Tfsjre

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4de144d71dc01b95f8b9380b42df56f_JaffaCakes118

Files

d4de144d71dc01b95f8b9380b42df56f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

24dae74c7ee72ab7a2c62f9ce9df6efb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Release\BestClick.pdb

Imports

kernel32

PrepareTape
WaitNamedPipeA
GlobalAddAtomA
Sleep
WaitForSingleObjectEx
SetStdHandle
GetFileType
GetThreadPriority
GetBinaryTypeA
ExitProcess
TlsGetValue
GlobalFindAtomA
ReadFile
GetFileSize
CreateFileA
GetSystemDirectoryA
GetSystemTime
WriteFile
DeleteFileA
OpenThread
SetPriorityClass
OpenProcess
GetCurrentProcessId
MoveFileExA
SetThreadPriority
GetCurrentThread
CreateProcessA
GetProcAddress
LoadLibraryA
MoveFileA
GetTempFileNameA
CopyFileA
ReleaseMutex
CreateMutexA
WriteProcessMemory
ReadProcessMemory
SetWaitableTimer
CreateWaitableTimerA
GetTickCount
OutputDebugStringA
GetLocalTime
SetFilePointer
CreateEventA
ResetEvent
SetEvent
TerminateThread
GetCurrentThreadId
LockResource
FindResourceExA
GetTempPathA
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
SetUnhandledExceptionFilter
QueryPerformanceCounter
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCommandLineA
GetStartupInfoA
ExitThread
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlUnwind
LocalFree
HeapSize
HeapReAlloc
HeapDestroy
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
GetModuleHandleA
GetModuleFileNameA
WideCharToMultiByte
lstrcmpA
GetCurrentProcess
FlushInstructionCache
HeapAlloc
MulDiv
GetLastError
lstrlenW
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenA
InterlockedDecrement
InterlockedIncrement
RequestDeviceWakeup
CreateThread
WaitForSingleObject
GetThreadPriorityBoost
CloseHandle
WriteProfileStringA
ResumeThread
GetProcessHeap
HeapFree
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetEnvironmentVariableA

user32

GetWindowLongA
UnregisterClassA
DefWindowProcA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
RegisterClassExA
LoadCursorA
GetClassInfoExA
RegisterWindowMessageA
GetSysColor
ReleaseCapture
SetCapture
MessageBoxA
SetWindowLongA
EnumWindows
EnumChildWindows
GetWindowThreadProcessId
IsWindowVisible
SetRect
CharLowerBuffA
GetWindowRect
ClientToScreen
PostMessageA
FindWindowExA
MsgWaitForMultipleObjects
IsWindowUnicode
GetMessageW
GetMessageA
TranslateMessage
GetCursorPos
FillRect
GetClientRect
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
GetDesktopWindow
CallWindowProcA
EndPaint
BeginPaint
SetFocus
GetWindow
GetFocus
DestroyAcceleratorTable
SendMessageA
IsWindow
GetDlgItem
RedrawWindow
DestroyWindow
SetWindowPos
GetClassNameA
GetParent
CharNextA
CreateAcceleratorTableA
CreateWindowExA
wsprintfA
AttachThreadInput
GetQueueStatus
SetThreadDesktop
DispatchMessageW
DispatchMessageA
PeekMessageA
GetKeyState
BeginDeferWindowPos
CreateDesktopA
IsChild

gdi32

BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
GetColorSpace
DrawEscape
SetTextCharacterExtra
UpdateICMRegKeyA
LineTo
GetDeviceCaps
PtVisible
StrokePath
GetTextCharset
GetTextFaceA
StartPage
AbortDoc
Chord
CreateDIBSection
SetPixel
GetPixel
GetObjectA
GetStockObject
CreateSolidBrush
FlattenPath
SetBkMode
GetArcDirection
SetTextAlign
TextOutA
CreateRoundRectRgn
CreateDiscardableBitmap
GetROP2

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoCreateGuid
CoTaskMemRealloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
CoTaskMemAlloc
StringFromGUID2
OleUninitialize
OleInitialize

oleaut32

OleCreateFontIndirect
VariantClear
VariantInit
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocStringByteLen
DispCallFunc
SafeArrayUnlock
SafeArrayLock
VarBstrCmp
SafeArrayDestroy
SafeArrayCreate
VariantCopyInd
SafeArrayRedim
SysStringByteLen
SysStringLen
SysFreeString
SysAllocString
SysAllocStringLen

shlwapi

PathFindExtensionW
PathFindExtensionA

gdiplus

GdipCloneImage
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipDisposeImage

wininet

DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
FindCloseUrlCache

ws2_32

connect
send
htons
closesocket
WSAStartup
WSACleanup
gethostbyname
socket
select
ioctlsocket
recv

Sections

.text
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24dae74c7ee72ab7a2c62f9ce9df6efb

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

gdiplus

wininet

ws2_32

Sections

.text Size: 132KB - Virtual size: 129KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 16B

.text
Size: 132KB - Virtual size: 129KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 16B