16b77e5dfb83a063dd37ef93edf831b0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16b77e5dfb83a063dd37ef93edf831b0_JaffaCakes118
Size

268KB
MD5

16b77e5dfb83a063dd37ef93edf831b0
SHA1

e0a15acd37831dd88c883a14b992f386dbca6044
SHA256

31f784ddc68de086ee92e15a724a9d79f1236a8587117b05f833bbe2c5c2f752
SHA512

d46a95d635b32ea643529e0c5c1a19fc110aa6100eb1583de84aa3406594199c927cf140e34eeb1456a131c645986d335cb597606105d9388ad082302534d735
SSDEEP

3072:X1tYpEEMT+tGdF4vKli3Wxy/t3XaBb5bW3fgCbf5iDwOq/ZhkegjjHwUJxTtmk70:X1mUdFJTbW3TjscR/Z3gjjRYk7eY/LC1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16b77e5dfb83a063dd37ef93edf831b0_JaffaCakes118

Files

16b77e5dfb83a063dd37ef93edf831b0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

767679433132e431ed7ef9dd8171895a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

R:\TempView\Misc\Setup3\BackupDownloader\QQSetupEx.pdb

Imports

ws2_32

htons
gethostbyname
WSACleanup
inet_addr
ntohl
gethostname
WSAStartup
recv
socket
inet_ntoa
closesocket
connect
send

netapi32

Netbios

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

HeapCreate
HeapDestroy
LCMapStringW
LCMapStringA
CreateThread
QueryPerformanceCounter
CreateDirectoryW
GetCurrentThreadId
WaitForSingleObject
OpenThread
CloseHandle
GetLastError
GetTickCount
CreateMutexW
GetFileSize
CreateFileW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
lstrlenA
lstrlenW
GetCommandLineW
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
InterlockedIncrement
RaiseException
InterlockedDecrement
GetSystemDirectoryW
GetVersionExW
ReadFile
GetFileAttributesW
DeleteFileW
GetSystemTimeAsFileTime
GetModuleHandleA
WriteFile
GetProcessTimes
FindFirstFileW
QueryPerformanceFrequency
SetFilePointer
SetStdHandle
VirtualQuery
Sleep
FindClose
GetCurrentProcessId
GetCurrentProcess
LoadLibraryA
SetFileAttributesW
GetModuleFileNameW
GetModuleHandleW
SetProcessAffinityMask
GetProcessAffinityMask
DeviceIoControl
FreeLibrary
CreateProcessW
CreatePipe
GetStdHandle
DuplicateHandle
LoadLibraryW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
SetLastError
TlsFree
VirtualFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
GetStartupInfoW
GetProcessHeap
GetVersionExA
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
FlushFileBuffers
WriteConsoleA
VirtualAlloc
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
WriteConsoleW
GetConsoleOutputCP
SetEndOfFile
CreateFileA
MoveFileW
GetThreadLocale
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
GetLocaleInfoA
InterlockedExchange

user32

RegisterClassExW
DestroyWindow
SendMessageW
IsWindow
GetDesktopWindow
PostThreadMessageW
GetCursorPos
DestroyMenu
GetClassInfoExW
LoadMenuW
GetSubMenu
SetForegroundWindow
CharLowerW
CharNextW
CharLowerA
SetTimer
GetMessageW
SetWindowLongW
DefWindowProcW
ShowWindow
DispatchMessageW
KillTimer
CreateWindowExW
RegisterClassW
UpdateWindow
GetWindowLongW
LoadImageW
PostMessageW
TrackPopupMenu
TranslateMessage

gdi32

GetStockObject

advapi32

RegCreateKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW

shell32

SHGetSpecialFolderPathW
Shell_NotifyIconW
SHFileOperationW
ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
CommandLineToArgvW

ole32

CoFreeLibrary
CoLoadLibrary

oleaut32

SysStringLen
SysFreeString

shlwapi

PathFileExistsW

wintrust

CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WinVerifyTrust
CryptCATAdminAcquireContext
WTHelperProvDataFromStateData
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseContext

crypt32

CertGetNameStringW

Sections

.text
Size: 176KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

767679433132e431ed7ef9dd8171895a

Headers

File Characteristics

PDB Paths

Imports

ws2_32

netapi32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wintrust

crypt32

Sections

.text Size: 176KB - Virtual size: 174KB

.rdata Size: 40KB - Virtual size: 36KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 40KB - Virtual size: 38KB

.text
Size: 176KB - Virtual size: 174KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 40KB - Virtual size: 38KB