054b788839d83f9efec765bf1fc097ad_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

054b788839d83f9efec765bf1fc097ad_JaffaCakes118
Size

2.7MB
MD5

054b788839d83f9efec765bf1fc097ad
SHA1

cf7608860d0b2feaae0f874df8b32cf991e8e829
SHA256

a26cbf441a336739d69926abd0af8085f510da2d69b60fa15a4da95f181abd72
SHA512

a8cc4a8f404d7fe099112cdedf729168b1f5313a54db995a88b87734d75219a63969825e03e14f09e4d3a8d4c3fb03fd2b30af582703200a10e4c74acdd0c37a
SSDEEP

49152:xw9t+g5DyaYiUbyZe+x6pBhL89dYxFltnf2jiCna7EdtYhav9UPE/x:xw9HZe+ApBhLHFvCiCawdtYo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
054b788839d83f9efec765bf1fc097ad_JaffaCakes118

Files

054b788839d83f9efec765bf1fc097ad_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c86d549877a0412d24ef4c3279c3dbf5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

T:\XYDII\Client\XYD2\Issue\XYD2_I.pdb

Imports

winmm

timeGetTime

kernel32

FindClose
FindFirstFileA
EnterCriticalSection
LeaveCriticalSection
VirtualFree
VirtualProtect
VirtualAlloc
ReadFile
GetFileSize
SetFileAttributesA
OutputDebugStringA
GetLocaleInfoA
GetACP
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleA
GetProcAddress
GetLocalTime
GetCurrentThread
GetCurrentProcess
IsBadReadPtr
CreateFileA
SetFilePointer
InterlockedExchange
WaitForMultipleObjects
SetEndOfFile
GetLocaleInfoW
SetStdHandle
IsBadCodePtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetOEMCP
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
SetUnhandledExceptionFilter
FlushFileBuffers
GetTimeZoneInformation
UnhandledExceptionFilter
WriteFile
TerminateThread
HeapCreate
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentDirectoryA
SetEnvironmentVariableA
CreateThread
CloseHandle
Sleep
CreateDirectoryA
RaiseException
DeleteCriticalSection
InitializeCriticalSection
GetTempPathA
DeleteFileA
GetThreadLocale
TlsAlloc
GetCurrentProcessId
GetCPInfo
LCMapStringW
VirtualQuery
GetSystemInfo
TerminateProcess
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
GetDateFormatA
GetVersionExA
IsBadStringPtrA
CreateEventA
WaitForSingleObject
SetEvent
GetTickCount
GetNumberFormatA
IsBadWritePtr
MultiByteToWideChar
CompareStringW
CompareStringA
GetTimeFormatA
GetLastError
InterlockedIncrement
InterlockedDecrement
LoadLibraryA
LCMapStringA
GetSystemDefaultLangID
ReleaseMutex
OpenMutexA
GetModuleFileNameA
FindResourceA
SizeofResource
LockResource
LoadResource
FindResourceExA
GlobalSize
GlobalUnlock
GlobalLock
GlobalAlloc
HeapFree
HeapAlloc
GetProcessHeap
GetFileAttributesA
GetWindowsDirectoryA
FreeLibrary
GetSystemTime
DuplicateHandle
CreateMutexA
HeapDestroy
HeapReAlloc
HeapSize
ExitProcess
RtlUnwind
ExitThread
GetCurrentThreadId
WideCharToMultiByte

user32

SetFocus
UpdateWindow
MessageBoxA
ChangeDisplaySettingsA
RegisterClassA
LoadImageA
PostQuitMessage
SetCursor
LoadCursorA
LoadCursorFromFileA
CreateWindowExA
SendMessageA
FindWindowA
wsprintfA
ScreenToClient
GetClientRect
ClientToScreen
SetWindowLongA
GetWindowLongA
GetMenu
AdjustWindowRectEx
PeekMessageA
GetMessageA
PostMessageA
TranslateMessage
DispatchMessageA
GetCursorPos
PtInRect
WaitMessage
LoadIconA
DefWindowProcA
DestroyWindow
SetCapture
ReleaseCapture
GetKeyboardState
EnumDisplaySettingsA
SetWindowPos
ShowWindow
SetRect
ReleaseDC
GetDC
MoveWindow
GetWindowRect
EndPaint
BeginPaint
InvalidateRect
MessageBoxW
GetClipboardData
IsClipboardFormatAvailable
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard

gdi32

GetStockObject
DeleteDC
DeleteObject
CreateCompatibleDC
BitBlt
SelectObject
GetTextMetricsA
CreateSolidBrush
SetBkColor
CreateFontA
StretchBlt

shlwapi

PathFileExistsA
PathFindFileNameA

dbghelp

StackWalk

dsound

ord1

ddraw

DirectDrawCreate

directnetclient

?Release@iDirectNetClient@@QAEXXZ
?CreateInstance@iDirectNetClient@@SAPAV1@XZ

wininet

InternetCloseHandle
InternetReadFile
FtpGetFileSize
FtpOpenFileA
InternetConnectA
InternetSetStatusCallback
InternetOpenA
InternetReadFileExA
HttpSendRequestA
InternetSetOptionA
HttpOpenRequestA

iphlpapi

GetAdaptersInfo

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyA
RegCloseKey
RegQueryValueExA

shell32

ShellExecuteA

ole32

StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoCreateInstance
CoInitialize
CoUninitialize
CoCreateGuid

Exports

Exports

GetLocalMac
WriteGuidFile

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c86d549877a0412d24ef4c3279c3dbf5

Headers

File Characteristics

PDB Paths

Imports

winmm

kernel32

user32

gdi32

shlwapi

dbghelp

dsound

ddraw

directnetclient

wininet

iphlpapi

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 240KB - Virtual size: 239KB

.data Size: 48KB - Virtual size: 2.4MB

.tls Size: 16KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 960B

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 240KB - Virtual size: 239KB

.data
Size: 48KB - Virtual size: 2.4MB

.tls
Size: 16KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 960B