0baa50be240842470f15af84d63e5c98_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0baa50be240842470f15af84d63e5c98_JaffaCakes118
Size

272KB
MD5

0baa50be240842470f15af84d63e5c98
SHA1

b109260bc4ab2296e8e4805370e31c7b07c6e2da
SHA256

8d778bf1d90fc3b5cb208b67bebeb359d74177603af1646862a2cf7a936b49a2
SHA512

421831a6cd4494937c095072a0494b2924e5a607b845eaf1435f5b462be5106b68b7cfa223ae8c94736bd9580bffecdf476e9036737101e71b3d1289021973e6
SSDEEP

6144:gbIiNns7p45u2qSNXyPb/GNTBdi6mecP:z45Jqj4TTi6F0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0baa50be240842470f15af84d63e5c98_JaffaCakes118

Files

0baa50be240842470f15af84d63e5c98_JaffaCakes118
.exe windows:4 windows x86 arch:x86

236c3146f27e623e615c590600be1710

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

z:\Works\Remote\rServer\Release\rServer.pdb

Imports

psapi

GetModuleFileNameExA

kernel32

VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime
GetStartupInfoA
GetCommandLineA
HeapReAlloc
TerminateProcess
HeapSize
SetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetUnhandledExceptionFilter
VirtualProtect
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
HeapFree
HeapAlloc
GetFileTime
GetFileAttributesA
SetErrorMode
GetOEMCP
GetCPInfo
InterlockedIncrement
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
LeaveCriticalSection
EnterCriticalSection
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
WritePrivateProfileStringA
InterlockedDecrement
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
SetLastError
MulDiv
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA
FreeLibrary
lstrcatA
lstrcmpW
lstrcpynA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalReAlloc
GlobalFree
CreateThread
SetEvent
ReleaseMutex
WaitForSingleObject
CloseHandle
CreateMutexA
CreateEventA
FindResourceA
LoadResource
LockResource
SizeofResource
OpenProcess
DeleteCriticalSection
InitializeCriticalSection
RaiseException
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
SetHandleCount

user32

GetSysColorBrush
GetMenuItemInfoA
InflateRect
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
ShowOwnedPopups
PostQuitMessage
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
wsprintfA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyMenu
GetActiveWindow
SetCursor
ReleaseCapture
LoadAcceleratorsA
InvalidateRect
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
BringWindowToTop
SetMenu
GetDesktopWindow
TranslateAcceleratorA
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
IsWindowEnabled
ShowWindow
SetWindowTextA
IsDialogMessageA
GetMenuState
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
IsWindow
SetFocus
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
CharUpperA
EnableWindow
LoadCursorA
PostMessageA
SetTimer
UnregisterClassA
GetWindowThreadProcessId
GetWindowTextA
GetForegroundWindow
UpdateWindow
ReleaseDC
GetMessageTime
GetMessagePos
LoadIconA
PeekMessageA
MapWindowPoints
MessageBoxA
TrackPopupMenu
GetKeyState
SetForegroundWindow
IsWindowVisible
GetClientRect
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
GetParent
ScreenToClient
EqualRect
GetDC
GetWindowRect
GetSystemMetrics
GetWindow
PtInRect
CopyRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowPos
SetWindowLongA
GetWindowLongA
CallWindowProcA
DefWindowProcA
SendMessageA
GetDlgCtrlID
RegisterClassA
GetClassInfoA
DeferWindowPos
EndPaint

gdi32

CreatePatternBrush
CreateSolidBrush
CreateFontIndirectA
GetTextExtentPoint32A
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
CreateCompatibleBitmap
GetObjectA
DeleteObject
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetSystemPaletteEntries
GetStockObject
SelectPalette
RealizePalette
GetDIBits
BitBlt
GetDeviceCaps
CreateCompatibleDC
CreateDCA
CreatePalette

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCloseKey

shell32

DragFinish
DragQueryFileA

comctl32

ord17
ImageList_Draw
ImageList_GetImageInfo
ImageList_Destroy

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

wininet

InternetWriteFile
InternetReadFile
HttpSendRequestA
InternetConnectA
HttpOpenRequestA
InternetQueryDataAvailable
HttpAddRequestHeadersA
HttpQueryInfoA
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetSetFilePointer

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

adler32
adler32_combine
compress
compress2
compressBound
crc32
crc32_combine
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflags
gzflush
gzgetc
gzgetc_
gzgets
gzoffset
gzoffset64
gzopen
gzopen64
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzseek64
gzsetparams
gztell
gztell64
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

236c3146f27e623e615c590600be1710

Headers

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

wininet

oleaut32

Exports

Exports

Sections

.text Size: 180KB - Virtual size: 179KB

.rdata Size: 56KB - Virtual size: 54KB

.data Size: 8KB - Virtual size: 41KB

.rsrc Size: 24KB - Virtual size: 21KB

.text
Size: 180KB - Virtual size: 179KB

.rdata
Size: 56KB - Virtual size: 54KB

.data
Size: 8KB - Virtual size: 41KB

.rsrc
Size: 24KB - Virtual size: 21KB