ea90f24508b1f24a1f7b8081d31efc86_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ea90f24508b1f24a1f7b8081d31efc86_JaffaCakes118
Size

7.6MB
MD5

ea90f24508b1f24a1f7b8081d31efc86
SHA1

8f452886be6dce2237ed2c7bd4b6035fcabb749d
SHA256

7cd39a8f167ef4fc41888164ae27558489e7873a3f93530f709161875f96b950
SHA512

82d9d12a427a6268c1566e2d5a02396a8424534c4ef4e8c2e2846de673573ff44ebc3382d0f5ad495d790e66fe30333e955a111eec66aec81a64a22a1c3f0cef
SSDEEP

49152:HE9XTMt36FsYEcZXeUR4ytjDSnSU6K5amsRHg4arAQbBJqDwa9cBzkVog+Hedo81:IsyzG5aVRHg4aRrqz9oyxOqo806wiWm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea90f24508b1f24a1f7b8081d31efc86_JaffaCakes118

Files

ea90f24508b1f24a1f7b8081d31efc86_JaffaCakes118
.exe windows:4 windows x86 arch:x86

05b6b68a308345881a50f8db4b91d338

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\ludwig\director-5.80\Director\ReleaseDotNet2005\Director.pdb

Imports

ws2_32

sendto
recvfrom
send
recv
ntohs
gethostname
WSAStartup
WSACleanup
gethostbyname
inet_ntoa
select
closesocket
WSASocketA
setsockopt
bind
listen
WSAIoctl
shutdown
WSASetLastError
WSARecv
WSASend
WSAAsyncSelect
connect
getsockname
socket
accept
ntohl
inet_addr
WSAGetLastError
htonl
htons
getpeername

kernel32

LocalReAlloc
TlsFree
GetCPInfo
GetOEMCP
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileAttributesA
SetErrorMode
FindResourceExA
GetCurrentDirectoryA
GetProfileIntA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
VirtualAlloc
VirtualQuery
GetTimeFormatA
GetDateFormatA
TlsSetValue
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
RaiseException
ExitThread
CreateThread
HeapSize
SetStdHandle
GetFileType
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
Sleep
GetTimeZoneInformation
GetStdHandle
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
GetStringTypeA
GetStringTypeW
SetHandleCount
SetConsoleCtrlHandler
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
GetExitCodeProcess
CreateProcessA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetAtomNameA
GlobalFlags
SystemTimeToFileTime
FileTimeToSystemTime
GetDiskFreeSpaceA
GetTempFileNameA
GetFileTime
SetFileTime
GetFileAttributesA
WaitForMultipleObjects
ReleaseMutex
CreateMutexA
ReleaseSemaphore
CreateSemaphoreA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
VirtualProtect
GetShortPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GetThreadLocale
DeleteFileA
MoveFileA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameW
SuspendThread
ResumeThread
SetThreadPriority
GlobalGetAtomNameA
lstrcmpW
CopyFileA
GlobalSize
lstrcmpA
GlobalMemoryStatus
GetModuleFileNameA
GetSystemDirectoryA
FindClose
FindFirstFileA
GetCurrentProcess
GetSystemInfo
GlobalAddAtomA
FreeResource
GlobalFindAtomA
GlobalDeleteAtom
WriteFile
CreateFileA
MulDiv
GetFullPathNameA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetSystemDefaultLCID
VerifyVersionInfoA
VerSetConditionMask
GetVersionExA
WaitForSingleObject
SetEvent
CreateEventA
GetQueuedCompletionStatus
CreateIoCompletionPort
PostQueuedCompletionStatus
CancelIo
InterlockedExchangeAdd
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
LocalFree
FormatMessageA
lstrcpynA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
lstrcmpiW
GetStringTypeExW
GetStringTypeExA
CompareStringA
GetEnvironmentVariableW
InterlockedExchange
lstrcmpiA
GetVersion
CompareStringW
GetEnvironmentVariableA
GetUserDefaultLCID
SetEnvironmentVariableA
GetLocalTime
GetCPInfoExA
GetSystemTime
GetCurrentThreadId
GetCurrentProcessId
FreeLibrary
CloseHandle
OpenProcess
SetLastError
lstrlenA
GetProcAddress
GetModuleHandleA
LoadLibraryA
MultiByteToWideChar
GetTickCount
GetSystemTimeAsFileTime
ExpandEnvironmentStringsA
GetLastError
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
FindResourceA
InterlockedCompareExchange
DeviceIoControl
FindNextFileA
SearchPathA
ExitProcess
OpenSemaphoreA

user32

WinHelpA
EndDialog
CreateDialogIndirectParamA
CheckMenuItem
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetAsyncKeyState
WaitMessage
BringWindowToTop
InsertMenuItemA
ReuseDDElParam
UnpackDDElParam
ShowOwnedPopups
MsgWaitForMultipleObjects
RegisterClipboardFormatA
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
GetSysColorBrush
GetDialogBaseUnits
GetDCEx
LockWindowUpdate
PostThreadMessageA
FindWindowA
DrawIcon
SetWindowRgn
InSendMessage
CreateMenu
GetTabbedTextExtentA
SendNotifyMessageA
AdjustWindowRectEx
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
ScrollWindowEx
SetFocus
IsWindowEnabled
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
GetMenuStringA
GetKeyState
GetWindowPlacement
EnumChildWindows
TrackPopupMenuEx
DestroyCursor
GetActiveWindow
GetNextDlgTabItem
CreateIconIndirect
IsClipboardFormatAvailable
SetMenuItemInfoA
SetForegroundWindow
MessageBeep
LoadAcceleratorsA
MapDialogRect
TranslateAcceleratorA
UnhookWindowsHookEx
EndPaint
SetWindowsHookExA
GetDesktopWindow
BeginPaint
ValidateRect
ModifyMenuA
GetKeyNameTextA
GetSubMenu
GetMenuItemID
MapVirtualKeyA
CopyAcceleratorTableA
InsertMenuA
WindowFromDC
GetMenuItemRect
SetLayeredWindowAttributes
AppendMenuA
CallNextHookEx
IsMenu
GetMenuDefaultItem
SetPropA
GrayStringA
GetClassNameA
DrawEdge
GetMenuInfo
TabbedTextOutA
GetWindowDC
DeleteMenu
DrawStateA
GetClassLongA
GetIconInfo
CallWindowProcA
RemoveMenu
CopyImage
GetMessagePos
RemovePropA
MonitorFromRect
GetPropA
GetMenuState
GetMonitorInfoA
LoadMenuA
MonitorFromWindow
GetWindow
CloseClipboard
EmptyClipboard
OpenClipboard
GetCursorInfo
DispatchMessageA
TranslateMessage
GetMessageA
DestroyWindow
CreateWindowExA
UnregisterClassA
RegisterClassExA
SetWindowLongA
DefWindowProcA
GetClassInfoA
IsRectEmpty
ReleaseDC
GetDC
DrawMenuBar
EnableMenuItem
CharLowerW
CharLowerA
CharUpperA
CharUpperW
MoveWindow
FrameRect
DrawTextA
SetRect
UnionRect
EnableScrollBar
EqualRect
SetScrollPos
DrawTextExA
DrawFrameControl
ShowWindow
SetRectEmpty
DragDetect
DestroyIcon
DeferWindowPos
EndDeferWindowPos
BeginDeferWindowPos
IsChild
GetSystemMenu
RegisterWindowMessageA
DestroyMenu
GetWindowThreadProcessId
WindowFromPoint
SystemParametersInfoA
GetGuiResources
SetMenu
MenuItemFromPoint
GetMenu
IsWindowVisible
LoadBitmapA
GetSysColor
UpdateWindow
DrawFocusRect
GetDlgItem
FillRect
LoadCursorA
SetCursor
ClientToScreen
SetParent
ScreenToClient
GetMenuItemCount
SetMenuInfo
IsWindow
SetWindowPos
GetCapture
IsIconic
DrawIconEx
MessageBoxA
LoadIconA
GetFocus
ReleaseCapture
SetCapture
GetWindowLongA
InflateRect
ShowScrollBar
GetSystemMetrics
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
GetTopWindow
GetMessageTime
MapWindowPoints
ScrollWindow
TrackPopupMenu
CopyRect
IntersectRect
CreatePopupMenu
PostQuitMessage
PeekMessageA
SetScrollRange
GetScrollRange
GetScrollPos
GetClassInfoExA
GetMenuItemInfoA
RegisterClassA
KillTimer
SetTimer
RedrawWindow
LoadImageA
PtInRect
GetCursorPos
GetParent
GetClientRect
GetWindowRect
PostMessageA
OffsetRect
InvalidateRect
EnableWindow
SendMessageA
SetClipboardData

gdi32

ExtTextOutA
GetLayout
GetTextExtentPointA
GetCurrentPositionEx
CreateDCA
LPtoDP
GetMapMode
GetWindowExtEx
GetViewportExtEx
DPtoLP
SetTextColor
CopyMetaFileA
GetDCOrgEx
GetClipBox
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
SetMapMode
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
CreateBitmap
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
SetArcDirection
SetColorAdjustment
GetClipRgn
SelectClipPath
StartDocA
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
MoveToEx
SetWindowExtEx
ScaleWindowExtEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
CreateDIBPatternBrushPt
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
ExtCreatePen
GetCharWidthA
StretchDIBits
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
GetViewportOrgEx
EnumFontFamiliesExA
CreateEllipticRgn
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextFaceA
GetWindowOrgEx
CreateMetaFileA
CloseMetaFile
DeleteMetaFile
SelectClipRgn
RectVisible
PtVisible
DeleteDC
DeleteObject
GetBkColor
GetNearestColor
SetTextAlign
SetWindowOrgEx
CreatePolygonRgn
RoundRect
Polygon
GetObjectA
CreateICA
CreateRectRgnIndirect
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
SetRectRgn
GetTextExtentPoint32A
CombineRgn
CreateRectRgn
CreateFontA
BitBlt
GetDeviceCaps
TextOutA
GetTextColor
Rectangle
SelectObject
GetTextAlign
GetPixel
SetPixel
Escape
OffsetWindowOrgEx
GetStockObject
CreateHatchBrush
CreateDIBitmap
CreateFontIndirectA
ResetDCA
GetTextMetricsA
GetCurrentObject
Ellipse
SetBrushOrgEx
UnrealizeObject
CreatePatternBrush
CreatePen
MaskBlt
FillRgn
PtInRegion
SetBkColor

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter
GetJobA

advapi32

FreeSid
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyA
GetFileSecurityA
SetFileSecurityA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyA
RegSetValueA
RegCreateKeyExA
EqualSid
GetTokenInformation
OpenProcessToken
AllocateAndInitializeSid
GetUserNameA
CryptGenRandom
CryptAcquireContextA
CryptReleaseContext
RegSetValueExA

shell32

ExtractIconA
ShellExecuteExA
DragAcceptFiles
ShellExecuteA
SHGetFileInfoA
DragQueryFileA
DragFinish

comctl32

ord14
InitCommonControlsEx
_TrackMouseEvent
ImageList_GetIconSize

shlwapi

PathRemoveExtensionA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathFindFileNameA

oledlg

ord8

ole32

GetRunningObjectTable
CoLockObjectExternal
CreateFileMoniker
CoGetMalloc
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
CreateOleAdviseHolder
CreateDataAdviseHolder
OleGetClipboard
OleSetMenuDescriptor
OleQueryCreateFromData
OleQueryLinkFromData
CreateItemMoniker
CreateBindCtx
CoTreatAsClass
OleIsRunning
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CoCreateInstance
GetHGlobalFromStream
CreateStreamOnHGlobal
OleGetIconOfClass
OleCreateLinkToFile
OleCreateFromFile
OleSetContainedObject
GetHGlobalFromILockBytes
StgOpenStorageOnILockBytes
OleLoad
StringFromCLSID
CreateGenericComposite
OleCreate
OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
OleLockRunning
OleSaveToStream
WriteClassStm
OleSave
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CLSIDFromProgID
OleRun
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
OleRegGetMiscStatus
OleRegEnumVerbs
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
CoDisconnectObject
CLSIDFromString
StringFromGUID2
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleDuplicateData
CoTaskMemAlloc
DoDragDrop
ReleaseStgMedium

oleaut32

SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysStringLen
OleLoadPicture
OleCreatePictureIndirect
SysFreeString
VarBstrFromDate
VarUdateFromDate
VarDateFromStr
SystemTimeToVariantTime
SafeArrayRedim
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysReAllocStringLen
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarCyFromStr
SysAllocString
LoadTypeLi
VariantTimeToSystemTime

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CONST
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 948KB - Virtual size: 945KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 204KB - Virtual size: 806KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

05b6b68a308345881a50f8db4b91d338

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

version

Sections

.text Size: 4.5MB - Virtual size: 4.5MB

CONST Size: 4KB - Virtual size: 48B

.rdata Size: 948KB - Virtual size: 945KB

.data Size: 204KB - Virtual size: 806KB

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.text
Size: 4.5MB - Virtual size: 4.5MB

CONST
Size: 4KB - Virtual size: 48B

.rdata
Size: 948KB - Virtual size: 945KB

.data
Size: 204KB - Virtual size: 806KB

.rsrc
Size: 1.9MB - Virtual size: 1.9MB