05d41d7688aee052e02e3f638a1e57fc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

05d41d7688aee052e02e3f638a1e57fc_JaffaCakes118
Size

196KB
MD5

05d41d7688aee052e02e3f638a1e57fc
SHA1

88cb8889690ba315b28acdd277308ba91f67355c
SHA256

bbf1641b9a603155cdd52fa3bd1eece76923624442e9813bf2ce349652de0af6
SHA512

77442a208da9d0b8663e4c9f02ca6779be722eaf9022439c252e7b095f503ac497e6d9eea3bd841433ce9ef8ae56ba55fc8e9a10c0715f0ea4c3a8c021378397
SSDEEP

3072:tx0CfNkVxuV+bVuDklplkZ78CU8QiGIOKox8IEIiHQl+4:txOGwVQEpWXU8BGIMD18T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05d41d7688aee052e02e3f638a1e57fc_JaffaCakes118

Files

05d41d7688aee052e02e3f638a1e57fc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f4a4fcaf9dc7f7af8c6b3c2ddfab7478

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Work\Nbms_bar\trunk\BarClient\ProcessSafe\Release\ProcessSafe.pdb

Imports

kernel32

LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
LoadLibraryA
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcmpA
InterlockedDecrement
InterlockedIncrement
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
lstrcmpW
FreeLibrary
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetFileAttributesA
GetFileTime
GlobalFlags
GetCPInfo
GetOEMCP
FlushFileBuffers
GetCurrentDirectoryA
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
VirtualProtect
GetSystemInfo
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
GetDriveTypeA
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
SetFilePointer
WriteFile
ReadFile
SetErrorMode
lstrcpyA
lstrcatA
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpynA
LocalFree
DeviceIoControl
CreateFileA
CompareStringW
CompareStringA
lstrlenA
GetVersion
MultiByteToWideChar
RaiseException
GetSystemDirectoryA
GetProcAddress
VirtualAlloc
WriteProcessMemory
ExpandEnvironmentStringsA
lstrcpyW
lstrlenW
lstrcmpiA
CreateMutexA
Process32First
Process32Next
CreateToolhelp32Snapshot
Module32First
CreateThread
TerminateThread
WaitForSingleObject
GetTickCount
GetLocalTime
GetCurrentThreadId
OutputDebugStringA
SetEvent
OpenFileMappingA
OpenEventA
CreateFileMappingA
CreateEventA
MapViewOfFile
UnmapViewOfFile
CloseHandle
GetPrivateProfileStringA
FindFirstFileA
FindNextFileA
FindClose
OpenProcess
GetTimeZoneInformation
DeleteFileA
GetLastError
SetFileAttributesA
GetCurrentProcess
TerminateProcess
IsBadWritePtr
CreateDirectoryA
VirtualQuery
GetModuleFileNameA
FormatMessageA
SetUnhandledExceptionFilter
GetCommandLineA
GetModuleHandleA
SetConsoleCtrlHandler
Sleep
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
GetKeyState
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
GetDlgItem
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SendMessageA
MessageBoxA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
UnhookWindowsHookEx
LoadCursorA
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetSystemMetrics
GetMenuState
GetMenuItemID
GetForegroundWindow
GetMenuItemCount
GetSubMenu
CharUpperA
PostMessageA
GetWindowThreadProcessId
UnregisterClassA
EnumWindows
GetWindowTextA
PeekMessageA
GetMessageA
TranslateMessage
GetFocus
RemovePropA
DispatchMessageA
wsprintfA
ClientToScreen
PostQuitMessage
DestroyMenu
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowTextA
ValidateRect
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA

gdi32

DeleteObject
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
CreateBitmap
GetStockObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

shell32

ShellExecuteA

comctl32

ord17

shlwapi

PathFindExtensionA
PathStripToRootA
PathIsUNCA
PathFindFileNameA

oleaut32

VariantChangeType
VariantClear
VariantInit

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4a4fcaf9dc7f7af8c6b3c2ddfab7478

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oleaut32

Sections

.text Size: 148KB - Virtual size: 145KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 8KB - Virtual size: 26KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 148KB - Virtual size: 145KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 8KB - Virtual size: 26KB

.rsrc
Size: 4KB - Virtual size: 1KB