d618943617442c080b4890ebac435d6b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d618943617442c080b4890ebac435d6b_JaffaCakes118
Size

817KB
MD5

d618943617442c080b4890ebac435d6b
SHA1

24abbef72db43274913dd736a40b2b575795ead0
SHA256

98875538860e99e4f4630d1fd4c949686e9ecbe04d08844a8e04058ad83691e4
SHA512

5470190d681f99e18b9cc9c9acf4a22c316e1152d2967cde7de07e23106d97e99202591be7253abd74b2a9fbc034c0637fff608fd52591fd628187b596f8c213
SSDEEP

24576:jppUtaEQRL2KcsA052j1pZv3pHuy6c+adLmD:gW01p94bc+adLmD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d618943617442c080b4890ebac435d6b_JaffaCakes118

Files

d618943617442c080b4890ebac435d6b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

82804e9a7b83ee97790fbfe0af0b0dc4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\111123_142832_build_StPauliGirl_StPauliGirl_12.0.15.0\source\source_sa\bin\Release\ClientSA.pdb

Imports

comctl32

ord17

kernel32

GetModuleHandleA
DeleteFileA
GetTempPathA
GetTempFileNameA
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
lstrlenW
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
ReadDirectoryChangesW
CancelIo
SleepEx
GetFileTime
SetFilePointer
SetEndOfFile
FormatMessageA
GetVersionExA
GetComputerNameExA
GetSystemDirectoryA
GetOEMCP
GetACP
GetThreadLocale
GetUserDefaultLangID
GetSystemDefaultLangID
DosDateTimeToFileTime
GetVersion
ReleaseMutex
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
LocalAlloc
RemoveDirectoryA
GetFileAttributesA
GetPrivateProfileStringA
OpenFile
GetComputerNameA
GetVolumeInformationA
SetErrorMode
GetDriveTypeA
GetProcessHeap
HeapFree
HeapAlloc
WaitForMultipleObjects
OpenEventA
GlobalAddAtomA
CopyFileA
FreeResource
IsBadReadPtr
FileTimeToSystemTime
CreateProcessA
ResumeThread
SetThreadPriority
GetCurrentThread
OpenMutexA
SetFileAttributesA
InterlockedExchange
CompareFileTime
SystemTimeToFileTime
WritePrivateProfileStringA
GetTimeZoneInformation
OutputDebugStringA
OpenFileMappingA
CompareStringW
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
LoadLibraryW
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
GetStdHandle
HeapCreate
GetStringTypeW
ExitProcess
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetCPInfo
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetCommandLineA
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualProtect
DecodePointer
EncodePointer
RtlUnwind
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
GlobalGetAtomNameA
GlobalDeleteAtom
ResetEvent
Sleep
WriteFile
CreateFileA
GetFileSize
ReadFile
CreateDirectoryA
LocalFree
CreateThread
TerminateThread
CreateEventA
InitializeCriticalSection
SetEnvironmentVariableA
lstrlenA
lstrcpyA
FindResourceA
lstrcpynA
lstrcmpA
LoadLibraryExA
CreateMutexA
CloseHandle
OpenProcess
GetTickCount
WaitForSingleObject
GetSystemTimeAsFileTime
GetModuleFileNameA
GetShortPathNameA
LoadLibraryA
GetProcAddress
FreeLibrary
SetLastError
SetEvent
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetCurrentProcessId

user32

SetMenuItemInfoA
TrackPopupMenu
FindWindowExA
SetRect
LoadBitmapA
PtInRect
CopyRect
GetSystemMetrics
LoadIconA
GetCursorPos
SetWindowRgn
ShowWindow
GetWindowRect
PeekMessageA
MsgWaitForMultipleObjects
RegisterWindowMessageA
UnregisterClassA
ModifyMenuA
DestroyMenu
GetSubMenu
LoadMenuA
EnableWindow
DefWindowProcA
SendDlgItemMessageA
PostMessageA
IsWindow
GetClassInfoExA
LoadCursorA
DestroyWindow
PostThreadMessageA
RegisterClassExA
CreateWindowExA
GetThreadDesktop
DispatchMessageA
TranslateMessage
SendMessageTimeoutA
EnumWindows
CharLowerBuffA
DestroyIcon
LoadImageA
InsertMenuA
DeleteMenu
EnableMenuItem
CheckMenuItem
GetPropA
RemovePropA
SetPropA
EndDialog
DrawIcon
IsIconic
DialogBoxParamA
IsWindowVisible
IsWindowEnabled
GetWindowThreadProcessId
AttachThreadInput
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
DrawAnimatedRects
GetMessageA
RegisterClassA
MessageBoxA
GetAncestor
GetWindowTextLengthA
GetWindowLongA
SetTimer
KillTimer
PostQuitMessage
GetWindowTextA
SetWindowTextA
CreateAcceleratorTableA
GetDesktopWindow
GetFocus
GetWindow
SetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
FillRect
ReleaseCapture
GetClassNameA
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
MoveWindow
CharNextA
GetSysColor
SendMessageA
AdjustWindowRectEx
GetClientRect
SetWindowPos
GetMenu
FindWindowA
CallWindowProcA
SetDlgItemTextA
SystemParametersInfoA

gdi32

SelectClipRgn
StretchBlt
GetPixel
GetRegionData
ExtCreateRegion
CombineRgn
PtInRegion
GetRgnBox
GetTextExtentPoint32A
GetStockObject
GetObjectA
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
DeleteObject
CreateRectRgn
SelectObject

advapi32

RegCreateKeyExA
CryptAcquireContextA
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptDeriveKey
CryptDestroyKey
CryptDecrypt
CryptHashData
RegDeleteKeyA
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
ConvertSidToStringSidA
LookupAccountNameA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegSetValueExA

shell32

ShellExecuteExA
SHGetFolderPathA
SHAppBarMessage
Shell_NotifyIconA
ShellExecuteA

ole32

OleInitialize
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoTaskMemAlloc
OleLockRunning
StringFromGUID2
CoReleaseServerProcess
CoAddRefServerProcess
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

LoadTypeLi
SysStringLen
SafeArrayCreate
SafeArrayLock
SafeArrayUnlock
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
LoadRegTypeLi
OleCreateFontIndirect
VariantChangeType
VariantCopy
SysAllocString
SysAllocStringLen
VariantClear
VariantInit
SysFreeString

shlwapi

StrToIntA
PathCombineA
PathRemoveFileSpecA
PathStripPathA
PathFileExistsA

ws2_32

ntohs
ntohl

rpcrt4

UuidCreate

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 568KB - Virtual size: 568KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 29KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.adata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

82804e9a7b83ee97790fbfe0af0b0dc4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

rpcrt4

version

Sections

.text Size: 568KB - Virtual size: 568KB

.data Size: 29KB - Virtual size: 42KB

.rsrc Size: 114KB - Virtual size: 113KB

.reloc Size: 36KB - Virtual size: 36KB

.adata Size: 68KB - Virtual size: 68KB

.text
Size: 568KB - Virtual size: 568KB

.data
Size: 29KB - Virtual size: 42KB

.rsrc
Size: 114KB - Virtual size: 113KB

.reloc
Size: 36KB - Virtual size: 36KB

.adata
Size: 68KB - Virtual size: 68KB