17aaebff9df13cb082b30c2ec527b425_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

17aaebff9df13cb082b30c2ec527b425_JaffaCakes118
Size

656KB
MD5

17aaebff9df13cb082b30c2ec527b425
SHA1

ac0760032a4b8a7d9c8b27fe8961029e5a708de0
SHA256

a0b6b5f876027e34757a1e1c815aa39a1a2d64314e8ad6f8d6453ac6c5540ffd
SHA512

b2af4bd2f783c701275dd83291e3baae35ab7710fa4356969a79020b40daf1a12b61a8d74d280a9822d6f163e9d887cc0ba2ff85e5afaed592e0ea2c50ebc1a0
SSDEEP

12288:VHq8CTJekqe32ovhI3sbxj13ZQR6VgtxbcTxh0WtvAFdb0FW/x:VK12ovastj1SHXc1hfvATbP5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17aaebff9df13cb082b30c2ec527b425_JaffaCakes118

Files

17aaebff9df13cb082b30c2ec527b425_JaffaCakes118
.exe windows:5 windows x86 arch:x86

76a7f801fb966f75be55165742812c2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\Maint_9.0.4\Release_Win32\uninstbb.pdb

Imports

wininet

InternetOpenW
InternetSetOptionW
InternetOpenUrlW
InternetCrackUrlW
InternetGetCookieExW
InternetSetCookieExW
InternetCloseHandle

oleacc

AccessibleObjectFromEvent

kernel32

VirtualAlloc
WriteFile
FlushFileBuffers
VirtualFree
LocalFree
InitializeCriticalSectionAndSpinCount
GetComputerNameW
GetLocalTime
GetWindowsDirectoryW
FormatMessageW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
GetCurrentProcessId
GetProcAddress
IsValidCodePage
WideCharToMultiByte
GetCommandLineW
lstrlenA
FindResourceW
SizeofResource
LoadResource
GetModuleHandleW
GetStartupInfoW
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
OpenProcess
Sleep
HeapAlloc
GetProcessHeap
HeapFree
GetVersionExW
GetSystemWow64DirectoryW
SystemTimeToFileTime
GetCurrentDirectoryW
SetCurrentDirectoryW
GetTickCount
GetSystemTime
WaitForMultipleObjects
GetPrivateProfileStringW
GetPrivateProfileIntW
SetThreadPriority
GetShortPathNameW
GetSystemDirectoryW
CreateMutexW
TerminateProcess
LoadLibraryExW
lstrcmpiW
SetFilePointer
GetOEMCP
GetCPInfo
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
RtlUnwind
GetStartupInfoA
GetCommandLineA
CreateThread
ExitThread
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualProtect
HeapReAlloc
GetFileType
RemoveDirectoryW
GetFullPathNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CloseHandle
CreateFileW
DeleteFileW
SetFileAttributesW
CreateDirectoryW
CopyFileW
MoveFileExW
FindClose
FindNextFileW
FindFirstFileW
GetFileAttributesW
LoadLibraryW
FreeLibrary
lstrcmpW
GlobalLock
GlobalUnlock
GetLastError
DeleteCriticalSection
SetLastError
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
lstrlenW
GetModuleFileNameW
RaiseException
MulDiv
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
GetTempPathW
GetACP
GlobalAlloc
FlushInstructionCache
GetCurrentProcess
MultiByteToWideChar
GetConsoleCP
GetConsoleMode
GetDriveTypeA
SetEndOfFile
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetHandleCount
ReadFile
SetStdHandle
GetCurrentDirectoryA
GetModuleHandleA

user32

CreateAcceleratorTableW
ClientToScreen
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
InvalidateRgn
InvalidateRect
DestroyAcceleratorTable
GetDlgItem
CreateWindowExW
LoadCursorW
GetClassInfoExW
LockSetForegroundWindow
EnumWindows
GetForegroundWindow
AttachThreadInput
IsWindowVisible
GetCursorPos
SetCursorPos
SetWinEventHook
UnhookWinEvent
PostThreadMessageW
SendMessageTimeoutW
SendDlgItemMessageW
wsprintfW
RemoveMenu
GetSystemMenu
CharNextW
GetSysColor
GetClassNameW
GetFocus
IsChild
EndPaint
BeginPaint
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
GetWindowThreadProcessId
MessageBoxExW
EnumChildWindows
RegisterClassExW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetDesktopWindow
FindWindowW
PostQuitMessage
DestroyWindow
SetWindowTextW
SendMessageW
GetSystemMetrics
GetWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
SetForegroundWindow
ShowWindow
ReleaseDC
GetDC
PostMessageW
IsDialogMessageW
SetWindowPos
WindowFromPoint
SetFocus
GetWindowRect
RedrawWindow
LoadImageW
CharLowerBuffW
GetKeyState
FillRect
GetParent
IsWindow
GetClientRect
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
SetTimer
KillTimer
EnableWindow
IsIconic
UnregisterClassA
DialogBoxParamW
EndDialog
UnionRect

gdi32

GetCharacterPlacementW
GetObjectType
GetStockObject
SelectObject
DeleteObject
GetDeviceCaps
GetObjectW
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
CreateFontW
GetTextFaceW
GetTextMetricsW
GetTextCharset

advapi32

SetNamedSecurityInfoW
RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegEnumValueW
GetLengthSid
SetTokenInformation
DuplicateTokenEx
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
FreeSid
AllocateAndInitializeSid
OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
GetUserNameW
RegSetValueExW
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclW

shell32

SHGetFolderPathW
ShellExecuteW

ole32

StringFromGUID2
OleUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoGetMalloc
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleInitialize
CoTaskMemFree
CoInitialize
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VarBstrCmp
VarUI4FromStr
SafeArrayUnlock
SafeArrayLock
SafeArrayCreate
SafeArrayDestroy
OleCreateFontIndirect
DispCallFunc
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysAllocStringLen
SafeArrayCopy
SafeArrayGetVartype
VariantInit
SysAllocString
SysStringByteLen
SysAllocStringByteLen
SysFreeString
VariantClear
VariantCopy
VariantChangeType

shlwapi

PathIsDirectoryW
PathRemoveBackslashW
PathAddBackslashW
PathFindFileNameW
StrStrIW

psapi

GetProcessImageFileNameW
GetModuleFileNameExW
EnumProcessModules

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 442KB - Virtual size: 441KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 17KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.brdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

76a7f801fb966f75be55165742812c2c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

oleacc

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

psapi

version

Sections

.text Size: 442KB - Virtual size: 441KB

.rdata Size: 120KB - Virtual size: 120KB

.data Size: 17KB - Virtual size: 33KB

.rsrc Size: 2KB - Virtual size: 1KB

.brdata Size: 68KB - Virtual size: 68KB

.text
Size: 442KB - Virtual size: 441KB

.rdata
Size: 120KB - Virtual size: 120KB

.data
Size: 17KB - Virtual size: 33KB

.rsrc
Size: 2KB - Virtual size: 1KB

.brdata
Size: 68KB - Virtual size: 68KB