0046fbdc2ce79bab4dd52b008a8d2d65_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0046fbdc2ce79bab4dd52b008a8d2d65_JaffaCakes118
Size

468KB
MD5

0046fbdc2ce79bab4dd52b008a8d2d65
SHA1

8f11efc5f5ec8e897fc4252fc03854c925a8dd01
SHA256

af10f96cd7593578b18e0711a91c5cbfb1781576c1134e263b03c1ebb5ed4230
SHA512

c0de22318ea1249ebc20ac4a8fff48dbfd93565bec966cf6792e9fe2fdd50ae78e79eab540f1e53a58b978c6dea75125add4e93b27faa43ca7e6c560262e1c4a
SSDEEP

6144:nXfxZiLQtdSfcsrPUgYWvHlybzGE1qclbHFrJXOihq90Y7H9az/v:nXfzYUgYPfGE1dlrFgX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0046fbdc2ce79bab4dd52b008a8d2d65_JaffaCakes118

Files

0046fbdc2ce79bab4dd52b008a8d2d65_JaffaCakes118
.exe windows:4 windows x86 arch:x86

29ef50f71548e442d697b5e698c8b0a5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Visual Studio Projects\VirusPPT-DDXPPX-FTP-CommandExecuter (VS2005)\release\VirusPPTFTP.pdb

Imports

iphlpapi

GetIpForwardTable

kernel32

GetCurrentThread
GetTickCount
GetModuleHandleA
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
ExitProcess
DeleteFileA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
RaiseException
ExitThread
CreateThread
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
SetStdHandle
GetFileType
GetStdHandle
FreeEnvironmentStringsA
ConvertDefaultLocale
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetCurrentDirectoryA
GetDriveTypeA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
WritePrivateProfileStringW
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
lstrlenA
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
FreeResource
FindNextFileW
GetFileTime
GetFileAttributesW
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileW
GetShortPathNameW
GetFullPathNameW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LoadLibraryW
GetThreadLocale
WideCharToMultiByte
GetLastError
CreateEventW
SuspendThread
SetEvent
WaitForSingleObject
GetCurrentThreadId
ResumeThread
SetThreadPriority
FreeLibrary
InterlockedDecrement
GetModuleFileNameW
SetLastError
GetModuleHandleW
GetProcAddress
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
TerminateProcess
GetExitCodeProcess
OpenProcess
GetCurrentProcess
SetPriorityClass
lstrlenW
GetVolumeInformationW
GetDriveTypeW
GetProcessId
GetComputerNameA
WinExec
GetLocalTime
CreateDirectoryW
Module32NextW
Module32FirstW
CloseHandle
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
DeleteFileW
SetFileAttributesW
GetLogicalDriveStringsA
Sleep
LockResource
GetModuleFileNameA
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
GetEnvironmentStrings

user32

GetNextDlgGroupItem
MessageBeep
UnregisterClassW
LoadCursorW
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
UnregisterClassA
SetCursor
SetWindowContextHelpId
MapDialogRect
RegisterClipboardFormatW
PostQuitMessage
ShowWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetWindowTextW
InvalidateRgn
GetLastActivePopup
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
PostMessageW
MessageBoxW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
CharUpperW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
EnableMenuItem
CheckMenuItem
SetWindowsHookExW
CallNextHookEx
GetMessageW
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
CharNextW
PostThreadMessageW
ReleaseCapture
TranslateMessage
DispatchMessageW
SetCapture
DestroyIcon
DestroyMenu
GetForegroundWindow
GetActiveWindow
IsWindowVisible
PeekMessageW
GetCursorPos
ValidateRect
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
keybd_event
GetDlgItem
BringWindowToTop
MoveWindow
GetWindowTextA
GetWindow
GetClientRect
GetSystemMetrics
IsIconic
SetFocus
LoadIconW
SendMessageW
SetTimer
GetKeyState
GetWindowThreadProcessId
EnableWindow
FindWindowW
CreateWindowExW
TabbedTextOutW

gdi32

ExtSelectClipRgn
DeleteDC
GetStockObject
PtVisible
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
GetWindowExtEx
GetViewportExtEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
GetDeviceCaps
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
RectVisible

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegSetValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyW
RegCloseKey
RegQueryValueExW
RegDeleteValueW
GetUserNameA
RegSetValueExW
RegOpenKeyExW

shell32

SHGetPathFromIDListA
SHGetPathFromIDListW
ShellExecuteExW
ExtractIconW
SHGetSpecialFolderLocation

comctl32

InitCommonControlsEx

shlwapi

PathIsUNCW
PathFindExtensionW
PathStripToRootW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

CoFreeUnusedLibraries
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CoRegisterClassObject
CoRevokeClassObject
OleUninitialize
OleInitialize
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
CoGetClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal

oleaut32

SysFreeString
OleCreateFontIndirect
LoadTypeLi
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysStringByteLen
SysStringLen

ws2_32

WSACleanup
WSAStartup

wininet

InternetConnectW
FtpFindFirstFileW
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
InternetFindNextFileW
FtpGetFileW
FtpPutFileW
FtpGetCurrentDirectoryW
FtpSetCurrentDirectoryW
FtpDeleteFileW

Sections

.text
Size: 256KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

29ef50f71548e442d697b5e698c8b0a5

Headers

File Characteristics

PDB Paths

Imports

iphlpapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

wininet

Sections

.text Size: 256KB - Virtual size: 252KB

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 128KB - Virtual size: 128KB

.text
Size: 256KB - Virtual size: 252KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 128KB - Virtual size: 128KB