ded64ba4c82bd9aa01d722fa3cbd8986_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ded64ba4c82bd9aa01d722fa3cbd8986_JaffaCakes118
Size

977KB
MD5

ded64ba4c82bd9aa01d722fa3cbd8986
SHA1

5fc70ec5cf9e8749e2d9eda098855e551bca6e58
SHA256

773cccba55dbaa5bfc957ddf0e392d6be8a35497a8cb643e71a53e87c4acb91d
SHA512

23b6bae43eee4ecd1e63453e5df10540d381b311c4864b196ddf79ded5834a427c15c4fb41a7c1222b4f1a550b8368fb6658240a0048a09629e9da5638151eb6
SSDEEP

24576:Id4WXdx60F0IPYbsN266cbsRG6ELOGf27+:IVdLHgo26FDh3O7+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ded64ba4c82bd9aa01d722fa3cbd8986_JaffaCakes118

Files

ded64ba4c82bd9aa01d722fa3cbd8986_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cd3a8fc4751da420999aae793ab2c034

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Build\JenkinsHome\jobs\desktop_apps_ng\workspace\build\loader\Release\loader.pdb

Imports

kernel32

FreeLibrary
GetExitCodeProcess
CreateDirectoryW
GetTempPathW
GetFileAttributesW
GetTickCount
GetStartupInfoW
CreateProcessW
GetACP
SetLastError
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
GetProcessHeap
InterlockedCompareExchange
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
GetVersionExW
GetNativeSystemInfo
InitializeCriticalSection
InterlockedDecrement
GlobalAlloc
GlobalLock
InterlockedIncrement
GlobalUnlock
lstrcmpW
MulDiv
ReadFile
SetFilePointer
GetFileSize
SetEndOfFile
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
LoadLibraryW
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
CreateFileW
FlushFileBuffers
GetFileType
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetStdHandle
GetModuleHandleExW
ExitProcess
RtlUnwind
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
DuplicateHandle
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
CopyFileW
DeleteFileW
GetDiskFreeSpaceExW
SetEvent
GetCurrentThreadId
LeaveCriticalSection
GetModuleFileNameW
RemoveDirectoryW
EnterCriticalSection
GetCommandLineA
GetSystemTimeAsFileTime
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
OutputDebugStringW
InitializeSListHead
GetCurrentProcessId
IsDebuggerPresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
WaitForSingleObjectEx
ResetEvent
GetCPInfo
GetLocaleInfoW
LCMapStringW
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
WriteFile
GetModuleHandleW
GetProcAddress
CloseHandle
CreateEventW
DeleteCriticalSection
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
LocalFree
GetConsoleCP
GetCommandLineW
QueryPerformanceCounter
GetStringTypeW
TryEnterCriticalSection
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA

user32

PostThreadMessageW
SendMessageW
wsprintfW
GetCursorPos
UnregisterClassW
LoadCursorW
RegisterClassExW
PeekMessageW
TranslateMessage
DispatchMessageW
SetWindowLongW
DestroyWindow
DefWindowProcW
SetTimer
InvalidateRgn
KillTimer
GetWindowTextLengthW
GetWindow
GetFocus
GetDC
SetWindowPos
FillRect
ScreenToClient
GetSystemMetrics
SetWindowTextW
ShowWindow
IsWindow
MsgWaitForMultipleObjects
RedrawWindow
ClientToScreen
DestroyAcceleratorTable
IsChild
GetSysColor
MoveWindow
CreateAcceleratorTableW
SetFocus
CharNextW
GetClassNameW
SetCapture
GetClientRect
GetDlgItem
GetDesktopWindow
SystemParametersInfoW
GetParent
RegisterWindowMessageW
ReleaseCapture
InvalidateRect
ReleaseDC
BeginPaint
EndPaint
GetWindowTextW
CallWindowProcW
CreateWindowExW
GetClassInfoExW
PostQuitMessage
GetWindowLongW

gdi32

BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetStockObject
GetDeviceCaps
DeleteDC
GetObjectW
DeleteObject
CreateSolidBrush

shell32

SHGetFolderPathW
CommandLineToArgvW

ole32

StringFromCLSID
CoCreateGuid
CoTaskMemFree
CoAddRefServerProcess
CoReleaseServerProcess
CoCreateInstance
OleInitialize
CoGetClassObject
CoTaskMemAlloc
StringFromGUID2
CLSIDFromProgID
CreateStreamOnHGlobal
CLSIDFromString
OleLockRunning
OleUninitialize

oleaut32

VariantCopy
SysAllocString
SysFreeString
VariantClear
LoadTypeLi
OleCreateFontIndirect
DispCallFunc
SysAllocStringLen
VariantChangeType
LoadRegTypeLi
VariantInit
SysStringLen

advapi32

CryptDestroyKey
CryptAcquireContextW
CryptVerifySignatureW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptReleaseContext
RegSetValueExW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegQueryValueExW
RegCloseKey

shlwapi

PathFindFileNameW

ws2_32

ntohl

Sections

.text
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 419KB - Virtual size: 419KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd3a8fc4751da420999aae793ab2c034

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

shlwapi

ws2_32

Sections

.text Size: 363KB - Virtual size: 363KB

.rdata Size: 121KB - Virtual size: 121KB

.data Size: 23KB - Virtual size: 27KB

.rsrc Size: 419KB - Virtual size: 419KB

.reloc Size: 26KB - Virtual size: 25KB

.text
Size: 363KB - Virtual size: 363KB

.rdata
Size: 121KB - Virtual size: 121KB

.data
Size: 23KB - Virtual size: 27KB

.rsrc
Size: 419KB - Virtual size: 419KB

.reloc
Size: 26KB - Virtual size: 25KB