db11b775397bc510ca1ecf01edd68f4d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

db11b775397bc510ca1ecf01edd68f4d_JaffaCakes118
Size

788KB
MD5

db11b775397bc510ca1ecf01edd68f4d
SHA1

ad57af03e7772c312209dc5d5a8c21e2cc3848ab
SHA256

7bb4a080e07b233f8f90abf2ccb0fb9b668e9a068358c7f23aa8e93c87bc93ab
SHA512

7a9124f2d06cc0ce466bad097abb3a79b67692b1d34df71f7e9e1edb0421278c1021b91433a9dcbb88b917d497caa8447ea1bbda76d1a006c245af86d0c80976
SSDEEP

12288:73r5vwD/t+RBgxSgLWZ541lG4Vbd1ejWmHMM3qNjMVMRqWs0q:73r5ID/t+jOWZ541lG42WmsMWjq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db11b775397bc510ca1ecf01edd68f4d_JaffaCakes118

Files

db11b775397bc510ca1ecf01edd68f4d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f19525d6b519e32449f35fc1050ea6f8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

avcleanengine

Quarantine_Restore
GetRestoreCount
Quarantine_RestoreInit
GetQuarantineKeepDay
SetKeepDay
Init2
Engine2
GetScanCurrentPos
AdRepair
QuarantineView
Scan
GetRestartAVmon
Quarantine_Close
AdFailedRepair
Repair
QuarantinePow
Quarantine
Quarantine_Create
ClearCookie
ClearIECache
ClearSiteVisitedLog
ClearAutoForm
ClearHistory
ClearRecycleBin
ClearWinTemp
ClearTemp
ClearRecent
ClearMediaPlayLog
ClearRunList
ClearSearchInternet
ClearSearchPictureAndMusicAndVideo
ClearSearchComputerAndPeople
ClearSearchFileFolder
PowerScan
GetScanCurrentCount
Release

kernel32

RtlUnwind
SetEnvironmentVariableA
GetDriveTypeA
CreateThread
ExitThread
RaiseException
HeapFree
HeapAlloc
GetStartupInfoA
GetTimeZoneInformation
GetSystemTime
GetACP
SetStdHandle
GetFileType
HeapReAlloc
HeapSize
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
CompareStringA
CompareStringW
ExitProcess
GetProfileStringA
InterlockedExchange
GetLastError
CreateMutexA
lstrcmpiA
GetVersionExA
CloseHandle
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
SuspendThread
WinExec
CreateProcessA
GetModuleFileNameA
WritePrivateProfileStringA
GetPrivateProfileIntA
FindClose
FindFirstFileA
GetWindowsDirectoryA
CreateDirectoryA
MultiByteToWideChar
WriteFile
CreateFileA
ReadFile
GetFileSize
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
Sleep
ResumeThread
InitializeCriticalSection
GetCommandLineA
GetVolumeInformationA
CreateEventA
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
LockResource
SizeofResource
LoadResource
FindResourceA
ResetEvent
SetEvent
FindNextFileA
DeleteFileA
WideCharToMultiByte
DeleteCriticalSection
EnterCriticalSection
GetLocalTime
GetCurrentProcess
CreateSemaphoreA
ReleaseSemaphore
lstrcpyA
GlobalReAlloc
GetTempPathA
RemoveDirectoryA
SetFileAttributesA
GetLocaleInfoA
LeaveCriticalSection
GetVersion
IsBadWritePtr
IsBadReadPtr
lstrcpynA
GetPrivateProfileStringA
lstrlenA
lstrlenW
lstrcatA
SetFilePointer
SystemTimeToFileTime
GetCurrentDirectoryA
LocalFileTimeToFileTime
GetFileAttributesA
SetFileTime
FileTimeToSystemTime
UnmapViewOfFile
GetTickCount
GetCurrentThreadId
GetCurrentThread
lstrcmpA
GlobalDeleteAtom
SetThreadPriority
InterlockedIncrement
InterlockedDecrement
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
FreeLibrary
LoadLibraryA
SetLastError
LocalFree
FormatMessageA
DuplicateHandle
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFullPathNameA
GetThreadLocale
GetFileTime
FileTimeToLocalFileTime
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
GetProcessVersion
GetCPInfo
GetOEMCP
SetErrorMode

user32

GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
CreateWindowExA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
IntersectRect
GetWindowPlacement
MapDialogRect
SetWindowPos
GetWindow
SetWindowContextHelpId
EndDialog
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
EnableMenuItem
GetNextDlgTabItem
GetMessageA
GetActiveWindow
CallNextHookEx
ValidateRect
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
PostQuitMessage
LoadBitmapA
GetDesktopWindow
ReleaseCapture
SetCapture
GrayStringA
DrawTextA
TabbedTextOutA
GetFocus
PtInRect
DrawFrameControl
DrawFocusRect
GetKeyState
UpdateWindow
RedrawWindow
SetActiveWindow
SystemParametersInfoA
GetClassNameA
ModifyMenuA
GetMenuItemCount
GetMenuItemID
GetMenu
IsWindow
RegisterWindowMessageA
OffsetRect
SetParent
ClientToScreen
GetParent
TrackPopupMenu
wsprintfA
DestroyMenu
ExitWindowsEx
InflateRect
FrameRect
CopyRect
GetSysColor
FillRect
EnableWindow
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DefDlgProcA
IsWindowUnicode
LoadIconA
GetDC
ReleaseDC
SetRect
GetWindowLongA
SetWindowLongA
SetWindowRgn
GetForegroundWindow
MessageBoxA
RemoveMenu
InsertMenuA
SetForegroundWindow
IsWindowVisible
GetSubMenu
GetMenuStringA
CheckMenuItem
KillTimer
GetWindowRect
PostMessageA
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
IsChild
GetTopWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
PostThreadMessageA
RegisterClipboardFormatA
GetCursorPos
ScreenToClient
LoadCursorA
SetCursor
FindWindowA
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
InvalidateRect
SendMessageA
LoadMenuA
SetTimer
PeekMessageA
TranslateMessage
DispatchMessageA
LoadImageA
MessageBeep
GetNextDlgGroupItem
CopyAcceleratorTableA
CharNextA
LoadStringA
GetSysColorBrush
WindowFromPoint
CharUpperA
EndPaint
BeginPaint
GetWindowDC
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
MapWindowPoints
SetFocus
AdjustWindowRectEx
IsRectEmpty
ScrollWindow
GetScrollInfo
SetScrollInfo
SetMenuDefaultItem
ShowScrollBar
GetClassLongA

gdi32

GetTextExtentPointA
GetBkColor
GetTextColor
GetMapMode
PatBlt
DPtoLP
LPtoDP
GetWindowExtEx
GetViewportExtEx
LineTo
MoveToEx
IntersectClipRect
ExcludeClipRect
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
Escape
TextOutA
RectVisible
PtVisible
Rectangle
ExtTextOutA
CreateFontIndirectA
GetStockObject
GetTextExtentPoint32A
CreatePen
RoundRect
CreateFontA
CreateBitmap
StretchBlt
CreateDIBSection
GetObjectA
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
DeleteObject
GetDeviceCaps
CreateRoundRectRgn
CreateDIBitmap

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetMalloc
SHGetDesktopFolder
ShellExecuteA
Shell_NotifyIconA

comctl32

FlatSB_EnableScrollBar
InitializeFlatSB
ImageList_GetIconSize
ImageList_Draw
ImageList_DrawEx
ord17
ImageList_Destroy
ImageList_LoadImageA
_TrackMouseEvent

oledlg

ord8

ole32

CoTaskMemAlloc
CoTaskMemFree
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CLSIDFromProgID

olepro32

ord251
ord253

oleaut32

SafeArrayGetUBound
SafeArrayUnaccessData
SysAllocStringLen
VariantClear
SysAllocString
SysFreeString
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantCopy
SysAllocStringByteLen
VariantChangeType
VariantTimeToSystemTime
SysStringLen
SafeArrayAccessData

shlwapi

PathFileExistsA

wininet

HttpSendRequestA
InternetCloseHandle
InternetGetConnectedState
InternetReadFile
InternetConnectA
HttpOpenRequestA
InternetOpenA

Sections

.text
Size: 584KB - Virtual size: 580KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f19525d6b519e32449f35fc1050ea6f8

Headers

File Characteristics

Imports

avcleanengine

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

shlwapi

wininet

Sections

.text Size: 584KB - Virtual size: 580KB

.rdata Size: 124KB - Virtual size: 120KB

.data Size: 36KB - Virtual size: 144KB

.rsrc Size: 40KB - Virtual size: 39KB

.text
Size: 584KB - Virtual size: 580KB

.rdata
Size: 124KB - Virtual size: 120KB

.data
Size: 36KB - Virtual size: 144KB

.rsrc
Size: 40KB - Virtual size: 39KB