04ace991f89edc6a09525df76b0d7d50_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

04ace991f89edc6a09525df76b0d7d50_JaffaCakes118
Size

384KB
MD5

04ace991f89edc6a09525df76b0d7d50
SHA1

6e8602135a7f1b9cbb3288d5ca840d5cad07a8ba
SHA256

bce7d04b474fe3d7c60b755edadae7e51018d04331203c42816365ec94e2faaf
SHA512

9fee0ff04ff13a1b89c8703a14cd8268ef30ffdc03e5fc313f38f4a68fadc73e69d08c3e8380360aee1da36d1a5014316a06bebe5e1a08e3035c317a563cfdf5
SSDEEP

6144:OKNy93HgwK33ra0Go9WNn97S//x9Jaq7CgqMAM80s5TBJZ/+hOAEPTlc:OIy93AwK20+na/xDaq/8Z5TrZ/wEPTlc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04ace991f89edc6a09525df76b0d7d50_JaffaCakes118

Files

04ace991f89edc6a09525df76b0d7d50_JaffaCakes118
.exe windows:4 windows x86 arch:x86

60ed5534cdf2923809b0146c9374c54a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\交接工作-郑永明+++++++++++++++\E\Development\SDK22ForVS2005\Captiv8\Clients\RenewVersion\Release\RenewVersion.pdb

Imports

kernel32

UnlockFile
SetEndOfFile
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetFullPathNameA
GetCPInfo
GetOEMCP
SetErrorMode
GetTickCount
GetFileTime
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
ExitProcess
RaiseException
HeapSize
LockFile
GetACP
Sleep
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
GetDriveTypeA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
FlushFileBuffers
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
GetThreadLocale
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
GlobalAddAtomA
FormatMessageA
LocalFree
MulDiv
GlobalFree
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalAlloc
GlobalDeleteAtom
FileTimeToLocalFileTime
FileTimeToSystemTime
SetCurrentDirectoryA
GetCurrentDirectoryA
GetProcAddress
FindNextFileA
FindFirstFileA
FindClose
FreeLibrary
LoadLibraryA
MoveFileA
SetFileAttributesA
GetFileAttributesA
GetFileSize
GlobalUnlock
GlobalLock
SetLastError
GetVersion
CompareStringA
InterlockedExchange
MultiByteToWideChar
CompareStringW
lstrlenA
DeleteFileA
ReleaseMutex
GetLastError
CreateMutexA
GetPrivateProfileStringA
GetLogicalDriveStringsA
WideCharToMultiByte
WritePrivateProfileStringA
CopyFileA
GetPrivateProfileIntA
Process32Next
GetPriorityClass
OpenProcess
Process32First
CreateToolhelp32Snapshot
FreeResource
SizeofResource
CreateDirectoryA
LockResource
LoadResource
FindResourceA
GetModuleHandleA
GetModuleFileNameA
WriteFile
CloseHandle
SetFilePointer
ReadFile
GetTimeZoneInformation
CreateFileA

user32

RegisterClipboardFormatA
PostThreadMessageA
ReleaseCapture
LoadCursorA
SetCapture
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
GetWindowPlacement
GetWindowRect
GetSysColor
SystemParametersInfoA
DestroyMenu
CopyRect
UnhookWindowsHookEx
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuState
UnregisterClassA
GetSysColorBrush
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
GetMenuItemID
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
GetMessageTime
CharNextA
GetMenuItemCount
GetSubMenu
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetWindow
SetWindowContextHelpId
GetParent
MapDialogRect
SetWindowPos
PostQuitMessage
PostMessageA
IsWindow
CharUpperA
EnableWindow
GetClientRect
GetSystemMetrics
SendMessageA
IsIconic
LoadIconA
AdjustWindowRectEx

gdi32

ExtSelectClipRgn
DeleteDC
GetWindowExtEx
GetStockObject
ScaleWindowExtEx
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
GetViewportExtEx
DeleteObject
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetBkColor
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
ExtTextOutA
GetObjectA
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegDeleteKeyA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
OleFlushClipboard
CoFreeUnusedLibraries
CLSIDFromString
CLSIDFromProgID
CoTaskMemFree
CoRegisterMessageFilter
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysAllocStringByteLen
SysFreeString
SysStringLen

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 260KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

60ed5534cdf2923809b0146c9374c54a

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

version

Sections

.text Size: 260KB - Virtual size: 258KB

.rdata Size: 68KB - Virtual size: 64KB

.data Size: 12KB - Virtual size: 30KB

.rsrc Size: 40KB - Virtual size: 38KB

.text
Size: 260KB - Virtual size: 258KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 12KB - Virtual size: 30KB

.rsrc
Size: 40KB - Virtual size: 38KB