15c0f380436cfa53426f8f5b8690de24_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

15c0f380436cfa53426f8f5b8690de24_JaffaCakes118
Size

829KB
MD5

15c0f380436cfa53426f8f5b8690de24
SHA1

3f02d23cbf8042a8ca9eec7aa1aac3f71dc3ff46
SHA256

d2d0c3347dcc97d310053349d232d9a3bf26648590c86000671af6e658ee0b13
SHA512

56783c454b70f1a82519255e67356a9d64c33fee8db1df43a7766265540041800e08cc007bf484d77b9bc4cb3679111ad8e005eede2204db3658059b1704a809
SSDEEP

12288:2D4wk38WNtTmVbRvLbKxHKfhxvXdtaASj2sWkxjSxTPm6ZbS+mA:i4H3MV1vLbkKfhJdtaAVsWkxexTPnSTA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15c0f380436cfa53426f8f5b8690de24_JaffaCakes118

Files

15c0f380436cfa53426f8f5b8690de24_JaffaCakes118
.exe windows:4 windows x86 arch:x86

746d1bcbae1db07c0f95504219ee12b2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\svn\APPS\temp\GMUnpacker\ReleaseGMUnpacker.pdb

Imports

kernel32

FindClose
FindFirstFileW
FindNextFileW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
FreeResource
FindResourceW
LoadResource
LockResource
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
SizeofResource
InterlockedDecrement
MulDiv
InterlockedIncrement
ResumeThread
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetCurrentThreadId
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
LoadLibraryA
VirtualAlloc
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
RtlUnwind
RaiseException
HeapReAlloc
CreateThread
ExitThread
GetStartupInfoA
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
WaitForSingleObject
GetTickCount
DeleteFileW
GetFullPathNameW
GetWindowsDirectoryW
GetTempPathW
lstrlenW
CreateDirectoryW
RemoveDirectoryW
SetCurrentDirectoryW
GetLongPathNameW
SetFileAttributesW
GetTempFileNameW
GetFileAttributesW
GetCurrentDirectoryW
MultiByteToWideChar
WideCharToMultiByte
GetFileSize
WriteFile
SetEndOfFile
SetFileTime
GetLastError
CreateFileW
ReadFile
SetFilePointer
GetEnvironmentVariableW
lstrcmpW
GetModuleHandleW
GetModuleFileNameW
WinExec
CreateEventW
ResetEvent
SetEvent
Sleep
CreateProcessW
FreeLibrary
LoadLibraryW
CloseHandle
CreateFileA
GetProcAddress

user32

HideCaret
CreateCaret
SetCaretPos
RedrawWindow
ClientToScreen
ShowCaret
OffsetRect
DestroyAcceleratorTable
MoveWindow
CreateAcceleratorTableW
SetWindowLongW
GetWindowLongW
InvalidateRgn
GetDesktopWindow
KillTimer
LoadIconW
MonitorFromWindow
PostQuitMessage
CharPrevW
DrawIconEx
FillRect
DrawTextW
TrackMouseEvent
GetAsyncKeyState
LoadBitmapW
GetMonitorInfoW
SetTimer
SendMessageW
GetClassNameW
ShowWindow
EnumThreadWindows
PostMessageW
LoadStringW
GetParent
SetWindowPos
DestroyWindow
InvalidateRect
GetFocus
ReleaseCapture
GetCursorPos
UpdateLayeredWindow
GetUpdateRect
SetWindowRgn
GetDC
IsChild
SetCapture
ScreenToClient
ReleaseDC
EndPaint
GetKeyState
BeginPaint
IntersectRect
PtInRect
IsRectEmpty
CharNextW
SetCursor
DefWindowProcW
GetClassInfoExW
RegisterClassW
EnableWindow
SetPropW
DispatchMessageW
TranslateMessage
DestroyIcon
IsWindow
GetMessageW
LoadCursorW
CreateWindowExW
RegisterClassExW
GetPropW
SetFocus
IsIconic
LoadImageW
CallWindowProcW
CharNextA
GetClientRect
SetForegroundWindow
GetWindow
MapWindowPoints
GetWindowTextLengthW
SetWindowTextW
GetWindowTextW
IsZoomed
SystemParametersInfoW
GetWindowRect
GetActiveWindow
GetSysColor

gdi32

CreateCompatibleDC
CreateRectRgnIndirect
CreateRoundRectRgn
GetStockObject
GetObjectW
CreateFontIndirectW
CreateDIBSection
DeleteDC
CreatePen
SelectObject
BitBlt
Rectangle
StretchBlt
DeleteObject
GetTextMetricsW
CombineRgn
CreateRectRgn
TextOutW
SetBitmapBits
SelectClipRgn
SetTextColor
GetBitmapBits
SetStretchBltMode
ExtSelectClipRgn
GetClipBox
RoundRect
GetCharABCWidthsW
SetBkMode
SetBkColor
GetTextExtentPoint32W
ExtTextOutW
CreateSolidBrush
GetDeviceCaps
CreateCompatibleBitmap

advapi32

RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetPathFromIDListW
SHGetSpecialFolderPathW
ShellExecuteExW
SHGetFileInfoW
ShellExecuteW
SHBrowseForFolderW

ole32

OleLockRunning
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleInitialize
OleUninitialize

oleaut32

OleLoadPicture
SysAllocString
SysFreeString

wininet

HttpQueryInfoW
InternetReadFile
InternetOpenUrlW
InternetSetOptionW
InternetOpenW
InternetCloseHandle

riched20

ord4

comctl32

_TrackMouseEvent

msimg32

AlphaBlend

Sections

.text
Size: 520KB - Virtual size: 519KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

746d1bcbae1db07c0f95504219ee12b2

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

riched20

comctl32

msimg32

Sections

.text Size: 520KB - Virtual size: 519KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 12KB - Virtual size: 19KB

.rsrc Size: 84KB - Virtual size: 81KB

.text
Size: 520KB - Virtual size: 519KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 84KB - Virtual size: 81KB