147deaf1fc018925a2b258d613716fbf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

147deaf1fc018925a2b258d613716fbf_JaffaCakes118
Size

3.0MB
MD5

147deaf1fc018925a2b258d613716fbf
SHA1

f0f6be38f7ce5adadcf94e2e5c793cff11c6e6de
SHA256

3025f24c0b344a2926087fe695c817e0aaeadcd782d7ede18f316fd3e235922e
SHA512

bbc2002afcaea7300d2048d1bd8971e6ae184952042398a8f9e9975d02831e2fa8cbcf625a87c9f88a12c2e03e9b45dab4dacb90c9313bbc5aa5d5f2c315b6a5
SSDEEP

49152:hD9huwDetY3zT+vQkrpAJCq+VneUMALzIuC7+JgHx1y4A0Bhi5Hal9Dy+d5gf0rN:p9IwDetYuBJ/5IoOryn0j4k9Pd5gfKyg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
147deaf1fc018925a2b258d613716fbf_JaffaCakes118

Files

147deaf1fc018925a2b258d613716fbf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4e9f873120be694059330f02e88cd37b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\svn\APPS\temp\GMUnpacker\ReleaseGMUnpacker.pdb

Imports

kernel32

FindClose
FindFirstFileW
FindNextFileW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
FreeResource
FindResourceW
LoadResource
LockResource
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
SizeofResource
InterlockedDecrement
MulDiv
InterlockedIncrement
ResumeThread
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetCurrentThreadId
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
LoadLibraryA
VirtualAlloc
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
RtlUnwind
RaiseException
HeapReAlloc
CreateThread
ExitThread
GetStartupInfoA
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
WaitForSingleObject
GetTickCount
DeleteFileW
GetFullPathNameW
GetWindowsDirectoryW
GetTempPathW
lstrlenW
CreateDirectoryW
RemoveDirectoryW
SetCurrentDirectoryW
GetLongPathNameW
SetFileAttributesW
GetTempFileNameW
GetFileAttributesW
GetCurrentDirectoryW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetFileSize
ReadFile
WriteFile
SetEndOfFile
GetLastError
SetFileTime
SetFilePointer
GetEnvironmentVariableW
lstrcmpW
GetModuleHandleW
GetModuleFileNameW
WinExec
CreateEventW
ResetEvent
SetEvent
Sleep
CreateProcessW
FreeLibrary
LoadLibraryW
CloseHandle
CreateFileA
GetProcAddress

user32

HideCaret
CreateCaret
SetCaretPos
RedrawWindow
ClientToScreen
ShowCaret
OffsetRect
InvalidateRgn
MoveWindow
DestroyAcceleratorTable
SetWindowLongW
GetWindowLongW
CreateAcceleratorTableW
GetDesktopWindow
KillTimer
LoadIconW
MonitorFromWindow
PostQuitMessage
CharPrevW
DrawIconEx
FillRect
DrawTextW
TrackMouseEvent
GetAsyncKeyState
LoadBitmapW
GetMonitorInfoW
SetTimer
SendMessageW
GetClassNameW
ShowWindow
EnumThreadWindows
PostMessageW
LoadStringW
GetParent
SetWindowPos
DestroyWindow
InvalidateRect
GetFocus
ReleaseCapture
GetCursorPos
UpdateLayeredWindow
GetUpdateRect
SetWindowRgn
GetDC
IsChild
SetCapture
ScreenToClient
ReleaseDC
EndPaint
GetKeyState
BeginPaint
IntersectRect
PtInRect
IsRectEmpty
CharNextW
SetCursor
GetClassInfoExW
RegisterClassW
EnableWindow
SetPropW
DispatchMessageW
TranslateMessage
DestroyIcon
IsWindow
GetMessageW
LoadCursorW
CreateWindowExW
RegisterClassExW
GetPropW
SetFocus
IsIconic
LoadImageW
CallWindowProcW
DefWindowProcW
CharNextA
SetForegroundWindow
GetWindow
MapWindowPoints
GetWindowTextLengthW
SetWindowTextW
GetWindowTextW
IsZoomed
SystemParametersInfoW
GetWindowRect
GetClientRect
GetActiveWindow
GetSysColor

gdi32

CreateRectRgnIndirect
CreateRoundRectRgn
GetStockObject
CreateRectRgn
CreateCompatibleDC
GetObjectW
CreateFontIndirectW
CreateDIBSection
DeleteDC
CreatePen
SelectObject
BitBlt
StretchBlt
Rectangle
DeleteObject
GetTextMetricsW
CombineRgn
TextOutW
SetBitmapBits
SelectClipRgn
SetTextColor
GetBitmapBits
SetStretchBltMode
ExtSelectClipRgn
GetClipBox
RoundRect
GetCharABCWidthsW
SetBkMode
SetBkColor
GetTextExtentPoint32W
ExtTextOutW
CreateSolidBrush
GetDeviceCaps
CreateCompatibleBitmap

advapi32

RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetPathFromIDListW
SHGetSpecialFolderPathW
ShellExecuteExW
SHGetFileInfoW
ShellExecuteW
SHBrowseForFolderW

ole32

OleLockRunning
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleInitialize
OleUninitialize

oleaut32

OleLoadPicture
SysAllocString
SysFreeString

wininet

HttpQueryInfoW
InternetReadFile
InternetOpenUrlW
InternetSetOptionW
InternetOpenW
InternetCloseHandle

riched20

ord4

comctl32

_TrackMouseEvent

msimg32

AlphaBlend

Sections

.text
Size: 520KB - Virtual size: 519KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e9f873120be694059330f02e88cd37b

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

riched20

comctl32

msimg32

Sections

.text Size: 520KB - Virtual size: 519KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 12KB - Virtual size: 19KB

.rsrc Size: 84KB - Virtual size: 81KB

.text
Size: 520KB - Virtual size: 519KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 84KB - Virtual size: 81KB