f9bca61cac9ed4b7d46200eb6e527d7d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f9bca61cac9ed4b7d46200eb6e527d7d_JaffaCakes118
Size

1011KB
MD5

f9bca61cac9ed4b7d46200eb6e527d7d
SHA1

04b5110e8dcb5a82409f2852b153d6e0d04e6d2f
SHA256

65743b0492e5089a3cf6e51125b4487937251287471f5183fe2e296e6a4549bb
SHA512

6e7246d273fc5590b17ac62d0185a80c2add748e0152131e1bf6a0d1ec9d69b32389a2e408a9a566ccc133db58aa81eaff29291947f7af0a218c7b2cf1ba1520
SSDEEP

24576:rDv6F0W62DSKLO1CnpzMH4a+2aNjhsvOs0qjruWKb718G:f6F0W6iLcuZMYa+RfBs0cr/Kb7d

Score

1^/10

Malware Config

Signatures

Files

f9bca61cac9ed4b7d46200eb6e527d7d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b6c0f0b8eb7e18146ad541144193ea18

Code Sign

87:8c:e2:6f:70:47:73:f3:67:2a:81:06:0b:66:9b:59:22:75:53:58
Signer

Actual PE Digest

87:8c:e2:6f:70:47:73:f3:67:2a:81:06:0b:66:9b:59:22:75:53:58

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Out\Bin\4399Installer\Zt59696.pdb

Imports

kernel32

DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
SetErrorMode
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
GetStartupInfoW
HeapFree
HeapAlloc
UnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
Sleep
ExitProcess
HeapSize
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
SetEndOfFile
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
UnlockFile
LockFile
FlushFileBuffers
GlobalFindAtomW
GetVersionExW
LoadLibraryA
GetVersionExA
lstrlenA
GetThreadLocale
InterlockedIncrement
FormatMessageW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalFree
LocalAlloc
CompareStringW
GlobalFlags
GlobalUnlock
MulDiv
GetModuleHandleA
InterlockedDecrement
lstrlenW
WritePrivateProfileStringW
GlobalAddAtomW
GlobalFree
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
GetModuleHandleW
FileTimeToSystemTime
GetTickCount
UnmapViewOfFile
GetFileSize
LocalFileTimeToFileTime
GetCurrentDirectoryW
MultiByteToWideChar
WideCharToMultiByte
SetFileTime
SystemTimeToFileTime
SetFilePointer
FindClose
SetLastError
ReadFile
GetFileAttributesW
CreateDirectoryW
FindFirstFileW
TerminateProcess
OpenProcess
FreeResource
WriteFile
LockResource
MoveFileExW
DeleteFileW
GetTempPathW
SetUnhandledExceptionFilter
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
RaiseException
LoadLibraryW
CreateFileW
FreeLibrary
SizeofResource
LoadResource
FindResourceW
GetLastError
GetModuleFileNameW
GetProcAddress
GetFileType
CloseHandle
GetProcessHeap

user32

PostThreadMessageW
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
MessageBeep
IsChild
GetTopWindow
GetNextDlgTabItem
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
GetClientRect
EqualRect
IntersectRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
OffsetRect
CopyRect
CharNextW
SetFocus
ShowWindow
MoveWindow
SetWindowLongW
IsWindow
IsDialogMessageW
SendDlgItemMessageW
GetDlgItem
GetMenuItemID
GetSubMenu
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
GetWindowTextW
SetWindowTextW
GetSysColor
EndPaint
GetWindowDC
ReleaseDC
GetDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
UnhookWindowsHookEx
GetMenuItemCount
ReleaseCapture
LoadCursorW
GetCapture
SetCapture
ClientToScreen
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
SendMessageW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetWindow
SetWindowContextHelpId
GetParent
MapDialogRect
SetWindowPos
PostQuitMessage
PostMessageW
CreateDialogIndirectParamW
EndDialog
RegisterClipboardFormatW
UnregisterClassW
GetDesktopWindow
wsprintfW
DestroyMenu
CharUpperW
GetSysColorBrush
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageA
WinHelpW
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
SetActiveWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetMenu
DefWindowProcW
BeginPaint
CallWindowProcW

gdi32

DeleteObject
GetObjectW
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
GetDeviceCaps
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
CreateBitmap
SaveDC

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegOpenKeyW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyExW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey

shell32

ShellExecuteExW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter

oleaut32

SysStringLen
SysAllocStringLen
SysFreeString
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantClear
SafeArrayDestroy
SysAllocString
VariantChangeType
VariantInit
VariantCopy

psapi

GetModuleFileNameExW
EnumProcessModules
EnumProcesses

Sections

.text
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 678KB - Virtual size: 678KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6c0f0b8eb7e18146ad541144193ea18

Code Sign

87:8c:e2:6f:70:47:73:f3:67:2a:81:06:0b:66:9b:59:22:75:53:58Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

psapi

Sections

.text Size: 219KB - Virtual size: 219KB

.rdata Size: 59KB - Virtual size: 59KB

.data Size: 11KB - Virtual size: 26KB

.rsrc Size: 678KB - Virtual size: 678KB

.reloc Size: 35KB - Virtual size: 34KB

87:8c:e2:6f:70:47:73:f3:67:2a:81:06:0b:66:9b:59:22:75:53:58
Signer

.text
Size: 219KB - Virtual size: 219KB

.rdata
Size: 59KB - Virtual size: 59KB

.data
Size: 11KB - Virtual size: 26KB

.rsrc
Size: 678KB - Virtual size: 678KB

.reloc
Size: 35KB - Virtual size: 34KB