dd95d8be6150f11a191685c1b78c1785_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dd95d8be6150f11a191685c1b78c1785_JaffaCakes118
Size

2.0MB
MD5

dd95d8be6150f11a191685c1b78c1785
SHA1

5835a9cc6336c555b2172199d5cc8bd2ce13b94c
SHA256

72e9b35ce645671cd80e70f964ccf00b15773e8f57905ec151c42953efed3757
SHA512

f3f238c163b4724be4213b288bee628faf29eb36448b1ab4f01f9d21f6956c69af31922a97b5610b425a24c13dbd105333eac33aed88b88fe09b274443d0bdeb
SSDEEP

24576:TixocGFWJwObZ1e9cCFglBw8kxmJ9jOnozokdwzzzKvvvyWzI:TiIFoze9cCS+TmJ9jON

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd95d8be6150f11a191685c1b78c1785_JaffaCakes118

Files

dd95d8be6150f11a191685c1b78c1785_JaffaCakes118
.exe windows:4 windows x86 arch:x86

42823b020a511896d057984ba538bf00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\work\Prototypes\AntiMalwareMaster\source\AntiMalwareMaster\Release\VirusRemover.pdb

Imports

kernel32

RtlUnwind
HeapAlloc
HeapFree
HeapReAlloc
VirtualAlloc
GetSystemInfo
VirtualQuery
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetProcessHeap
GetStartupInfoA
ExitProcess
SetStdHandle
GetFileType
HeapSize
GetACP
IsValidCodePage
SetErrorMode
HeapDestroy
HeapCreate
GetStdHandle
GetTimeZoneInformation
SetHandleCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetOEMCP
GetCPInfo
VirtualFree
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
GetThreadLocale
WritePrivateProfileStringA
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameW
GlobalAlloc
FormatMessageA
LocalFree
GlobalLock
GlobalUnlock
GlobalFree
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetFileAttributesA
FindResourceExW
FindResourceW
VirtualProtect
GetCurrentProcess
WriteProcessMemory
FindResourceExA
InterlockedCompareExchange
GetCurrentThreadId
GetLocaleInfoA
GetVersionExA
InterlockedDecrement
SetLastError
GetModuleHandleA
InterlockedIncrement
FreeLibrary
MulDiv
lstrcatA
LoadLibraryA
GetProcAddress
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrcmpW
SetFilePointer
FlushFileBuffers
CreateEventA
ResetEvent
SetEvent
GetExitCodeThread
WaitForSingleObject
TerminateThread
GetVolumeInformationA
CreateDirectoryA
CopyFileA
DeleteFileA
RemoveDirectoryA
CreateThread
GetSystemDirectoryA
Sleep
WriteFile
ResumeThread
SuspendThread
FindFirstFileA
FindNextFileA
FindClose
GetTickCount
GetTempPathA
ReleaseMutex
lstrcpyA
lstrcmpA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
UnmapViewOfFile
GetFileSize
CreateFileMappingA
MapViewOfFileEx
ReadFile
CreateFileA
GetCommandLineA
CreateMutexA
FreeResource
lstrcpynA
GetModuleFileNameA
lstrlenA
lstrcmpiA
CompareStringW
CompareStringA
GetLocalTime
lstrlenW
GetVersion
GetLastError
MultiByteToWideChar
InterlockedExchange
CloseHandle
GetComputerNameA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource

user32

IsDialogMessageA
GetMenuCheckMarkDimensions
ModifyMenuA
CheckMenuItem
GetMenuStringA
CreateDialogIndirectParamA
GetNextDlgTabItem
SendDlgItemMessageA
WinHelpA
IsChild
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
GetMenu
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
EqualRect
GetScrollInfo
DefWindowProcA
IntersectRect
GetWindowPlacement
GetWindowTextA
GetActiveWindow
GetDlgItem
BeginPaint
EndPaint
GetAsyncKeyState
GetKeyState
DrawFocusRect
GetCapture
GetComboBoxInfo
DestroyCursor
LoadMenuA
IsWindowEnabled
SetFocus
EnableScrollBar
SetScrollPos
MapWindowPoints
CallWindowProcA
GetClassInfoA
DestroyMenu
IsRectEmpty
IsZoomed
GetMenuItemID
SetMenuDefaultItem
EnableMenuItem
SetRect
GetSubMenu
WindowFromPoint
LoadImageW
LoadImageA
LoadCursorW
LoadIconW
LoadBitmapW
LoadStringW
GetFocus
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
SystemParametersInfoA
TrackPopupMenuEx
TrackPopupMenu
SetRectEmpty
GetMenuItemRect
UnionRect
FrameRect
SetMenuItemInfoA
SetMenuItemBitmaps
GetMenuItemInfoA
GetMenuDefaultItem
InflateRect
GetMenuItemCount
GetMenuState
IsMenu
InsertMenuItemA
OffsetRect
ReleaseCapture
SetCapture
SetCursor
CopyRect
DrawIcon
SendMessageA
IsIconic
GetClientRect
RegisterClipboardFormatA
ClientToScreen
CopyImage
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
GetSysColor
ValidateRect
DrawTextA
GetClassNameA
FindWindowExA
ScreenToClient
LoadBitmapA
PtInRect
GetSystemMenu
DrawStateA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
UnregisterClassA
CharNextA
DestroyIcon
wsprintfW
BringWindowToTop
AnimateWindow
UpdateWindow
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageA
LoadCursorA
MapVirtualKeyA
GetKeyNameTextA
SetWindowContextHelpId
MapDialogRect
GetWindowThreadProcessId
GetMessageA
PostQuitMessage
GrayStringA
DrawTextExA
TabbedTextOutA
MoveWindow
GetSysColorBrush
SetWindowTextA
LoadIconA
EnableWindow
GetSystemMetrics
SetWindowPos
KillTimer
CharUpperA
MessageBoxA
LoadStringA
ShowWindow
PostMessageA
GetWindow
FindWindowA
ReleaseDC
GetWindowDC
GetWindowRect
IsWindow
CreatePopupMenu
AppendMenuA
IsWindowVisible
SetTimer
SetParent
SetForegroundWindow
GetCursorPos
RegisterWindowMessageA
CharLowerBuffA
GetParent
GetDlgCtrlID
SetWindowRgn
FillRect
GetDC
SetLayeredWindowAttributes
SetWindowLongA
GetWindowLongA
GetDesktopWindow
RedrawWindow
PeekMessageA
PostThreadMessageA
InvalidateRect
CreateDialogParamA
EndDialog

gdi32

PtVisible
RectVisible
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetWindowExtEx
CreateRectRgnIndirect
GetTextMetricsA
GetViewportExtEx
SelectClipRgn
ExcludeClipRect
RestoreDC
SaveDC
GetClipBox
ExtSelectClipRgn
DeleteObject
CreateFontA
GetRgnBox
SetPixel
GetDeviceCaps
GetBitmapBits
SetBitmapBits
GetPixel
CreateBrushIndirect
MoveToEx
LineTo
GetTextColor
SetStretchBltMode
DPtoLP
CreateBitmap
GetMapMode
SetMapMode
CreateSolidBrush
CreateDIBitmap
GetBkColor
GetBkMode
SetBkColor
SetBkMode
SetTextColor
TextOutA
GetTextExtentPoint32A
GetDIBits
CreateEllipticRgn
Rectangle
CreateFontIndirectA
ExtCreatePen
CreatePen
CombineRgn
CreateRoundRectRgn
GetStockObject
CreateRectRgn
GetObjectA
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt
StretchBlt
DeleteDC
PatBlt

msimg32

AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA

shell32

ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA
SHGetFolderPathA
SHGetSpecialFolderPathA
SHAppBarMessage

comctl32

ImageList_AddMasked
ImageList_GetIconSize
ImageList_Draw
ImageList_DrawEx
ImageList_GetImageInfo
_TrackMouseEvent
ord17
ImageList_GetImageCount

shlwapi

PathIsUNCA
PathAddBackslashA
PathRemoveFileSpecA
PathAppendA
PathStripPathA
PathFindExtensionA
PathRemoveExtensionA
StrCmpNIW
PathFindFileNameA
PathStripToRootA

oledlg

ord8

ole32

OleIsCurrentClipboard
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoCreateInstance
OleRun
StringFromGUID2
CLSIDFromProgID
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromString
CoInitializeEx
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
CoTaskMemFree

oleaut32

SysAllocStringLen
SysAllocString
SysStringLen
VarBstrCmp
VariantInit
VariantClear
SysAllocStringByteLen
VariantCopy
VariantChangeType
SafeArrayGetVartype
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
OleCreateFontIndirect
SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime

urlmon

IsValidURL

rpcrt4

UuidCreate

dbghelp

ImageDirectoryEntryToData

wininet

InternetCloseHandle
HttpQueryInfoA
InternetReadFile
InternetOpenA
InternetSetOptionA
InternetOpenUrlA
InternetGetLastResponseInfoA
InternetGetCookieA

iphlpapi

GetAdaptersInfo

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Sections

.text
Size: 720KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 541B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42823b020a511896d057984ba538bf00

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

rpcrt4

dbghelp

wininet

iphlpapi

version

Sections

.text Size: 720KB - Virtual size: 716KB

.rdata Size: 164KB - Virtual size: 163KB

.data Size: 20KB - Virtual size: 35KB

.tls Size: 4KB - Virtual size: 541B

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.text
Size: 720KB - Virtual size: 716KB

.rdata
Size: 164KB - Virtual size: 163KB

.data
Size: 20KB - Virtual size: 35KB

.tls
Size: 4KB - Virtual size: 541B

.rsrc
Size: 1.1MB - Virtual size: 1.1MB