fd8ff61839f4e9afe69d337487545e11_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fd8ff61839f4e9afe69d337487545e11_JaffaCakes118
Size

1003KB
MD5

fd8ff61839f4e9afe69d337487545e11
SHA1

4c0a1c81cec66fd5626047da2043383b0e03ce28
SHA256

a00e2d12eadba5d1e0dd5a2de307cdf6f07dd01b9cb3db74454953c36e7b86a5
SHA512

ab090d3e93b7d74a0cb77b262e0bcdddbdf71cb4d4079b7686b1d473623b4f07845cf985227ebbc55ff7b47ae678f5d6961edaeb51cb8d3617c456d7ac7100b4
SSDEEP

12288:2hUXkJ4/vK/fWZPJIU+1AVK5QLH93q5yN5QwSRTw4G0vO5BnLvvaqnFEg21W:Zy+ZxIMSQA9R3GokOoKgyW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd8ff61839f4e9afe69d337487545e11_JaffaCakes118

Files

fd8ff61839f4e9afe69d337487545e11_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c33a0bdbd918591184938fd166ce6a30

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\MakePackages\ShuameBuilder\Release\Installer\Setup\Basic\Bin\ShuamePacket.pdb

Imports

kernel32

FlushInstructionCache
DeleteCriticalSection
MapViewOfFileEx
CreateFileMappingW
UnmapViewOfFile
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcpynW
CopyFileW
GetTempPathW
GetLocalTime
GetDiskFreeSpaceExW
TerminateThread
FreeLibrary
lstrcmpiW
LoadLibraryExW
InterlockedDecrement
InterlockedIncrement
MapViewOfFile
WaitForMultipleObjects
GetExitCodeThread
GetSystemInfo
GetSystemTimes
GetSystemTimeAsFileTime
SetFilePointer
VirtualFree
VirtualAlloc
ReleaseSemaphore
ResetEvent
CreateSemaphoreW
GetStdHandle
WriteFile
MoveFileW
GetFullPathNameW
SetEndOfFile
GetCPInfo
LocalAlloc
Process32FirstW
CreateToolhelp32Snapshot
QueryDosDeviceW
GetModuleHandleW
GetCurrentProcess
LoadLibraryW
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
OutputDebugStringW
CreateDirectoryW
GetFileAttributesW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetDriveTypeA
SetLastError
GetModuleHandleA
CreateFileA
FlushFileBuffers
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
GetACP
QueryPerformanceCounter
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
LCMapStringW
LCMapStringA
RtlUnwind
ExitThread
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedExchange
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
SetWaitableTimer
RaiseException
SizeofResource
FreeResource
GetCurrentThreadId
Sleep
CreateThread
SetEvent
CreateEventW
lstrlenW
ReadFile
GetFileSize
CreateFileW
GetSystemDirectoryW
RemoveDirectoryW
FindClose
FindNextFileW
GetTempFileNameW
MoveFileExW
DeleteFileW
SetFileAttributesW
GetModuleFileNameW
GetProcAddress
GetDriveTypeW
GetLogicalDriveStringsW
GetVersion
lstrlenA
MultiByteToWideChar
GetLastError
GetTickCount
WideCharToMultiByte
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
FindResourceExW
FindResourceW
CreateWaitableTimerW
HeapFree
GetProcessHeap
HeapAlloc
ReleaseMutex
CreateMutexW
lstrcmpW
FindFirstFileW
Process32NextW
TerminateProcess
OpenProcess
GetCurrentDirectoryA
LoadResource
LockResource
GetCurrentProcessId

user32

SendMessageW
ShowWindow
GetDesktopWindow
InvalidateRect
IsWindow
ReleaseDC
DestroyWindow
UnregisterClassA
LoadCursorW
GetKeyState
IsWindowEnabled
MoveWindow
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindowRect
SetCursor
PtInRect
SetRect
GetDC
InflateRect
CopyRect
CharLowerW
CharUpperW
DestroyIcon
CharNextW
SetActiveWindow
GetActiveWindow
GetWindow
MapWindowPoints
EnableWindow
LoadImageW
LoadBitmapW
SetFocus
SetForegroundWindow
IsIconic
EqualRect
GetCursorPos
UpdateLayeredWindow
GetClassInfoExW
RegisterClassExW
CreateWindowExW
SetRectEmpty
PostThreadMessageW
UpdateWindow
IsWindowVisible
IsDialogMessageW
MessageBoxW
KillTimer
SetTimer
LoadIconW
SetWindowPos
PostMessageW
UnionRect
OffsetRect
BeginPaint
EndPaint
SetCapture
ScreenToClient
ReleaseCapture
IntersectRect
IsRectEmpty
GetDlgCtrlID
InvalidateRgn
GetParent
GetDlgItem
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW

gdi32

CombineRgn
CreateRectRgnIndirect
CreateFontIndirectW
GetStockObject
GetObjectW
DeleteDC
GetRgnBox
CreateDIBSection
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
SelectObject
RectInRegion
DeleteObject

advapi32

InitializeSecurityDescriptor
RegDeleteValueW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetSecurityDescriptorDacl

shell32

ord680
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHFileOperationW
SHGetPathFromIDListW
SHChangeNotify
SHBrowseForFolderW
ShellExecuteW

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoInitializeEx
CoUninitialize

oleaut32

VariantCopy
VariantClear
SysAllocString
SysFreeString
VarUI4FromStr

shlwapi

StrToIntA
PathAddBackslashW
SHDeleteKeyW
PathRemoveBackslashW
PathFileExistsW

comctl32

InitCommonControlsEx
_TrackMouseEvent

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

dbghelp

MakeSureDirectoryPathExists

iphlpapi

GetPerAdapterInfo
GetAdaptersInfo

netapi32

Netbios

wininet

InternetReadFileExA
HttpQueryInfoW
HttpEndRequestW
InternetWriteFile
InternetOpenW
InternetSetOptionW
HttpOpenRequestW
InternetCloseHandle
InternetSetStatusCallbackW
InternetConnectW
InternetCrackUrlW
HttpSendRequestExW

Sections

.text
Size: 642KB - Virtual size: 642KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 325KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c33a0bdbd918591184938fd166ce6a30

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

dbghelp

iphlpapi

netapi32

wininet

Sections

.text Size: 642KB - Virtual size: 642KB

.rdata Size: 120KB - Virtual size: 120KB

.data Size: 17KB - Virtual size: 35KB

.rsrc Size: 325KB - Virtual size: 325KB

.text
Size: 642KB - Virtual size: 642KB

.rdata
Size: 120KB - Virtual size: 120KB

.data
Size: 17KB - Virtual size: 35KB

.rsrc
Size: 325KB - Virtual size: 325KB