271edc1379f4beba92c11c678f02e254_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

271edc1379f4beba92c11c678f02e254_JaffaCakes118
Size

1.4MB
MD5

271edc1379f4beba92c11c678f02e254
SHA1

809c352470f632dcfd827ba6c3e3b0cb142f4274
SHA256

b62ca2518a0e5e82e3cb0ed900e1dd150967b7e0cf705de574205d0c6392ebe2
SHA512

517d03882a4f826c14e2104d4a3fb4e5a50c08e7735974f89e7b8d3e5baa862d48abd63758c7afd2ee161dd8a0d8e4a275fbdceb908cc53f69a522cb9b7cf282
SSDEEP

24576:4Aa7Byyy+22GWg3cE1PkVhiMPRWUq0GGhSUgamTUPul2XJeWaUdIF:taIyyqBRLiMPRu0G6gamTcul2XJaUmF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
271edc1379f4beba92c11c678f02e254_JaffaCakes118

Files

271edc1379f4beba92c11c678f02e254_JaffaCakes118
.exe windows:5 windows x86 arch:x86

372ee6ae73c8564d9c534c52521f88ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\builds\dominica_client_hfa1\dominica_client_hfa1_build\Release\Install.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

comctl32

PropertySheetW
CreatePropertySheetPageW
_TrackMouseEvent
DestroyPropertySheetPage

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
SHCreateDirectoryExW
SHGetSpecialFolderLocation
ShellExecuteW
SHBrowseForFolderW
CommandLineToArgvW
SHGetPathFromIDListW

shlwapi

PathFileExistsW
PathFindFileNameA
PathFileExistsA
PathIsDirectoryW
PathFindFileNameW
SHDeleteValueW
SHDeleteKeyW
PathFindOnPathW
PathIsRelativeW
PathIsNetworkPathW

kernel32

RaiseException
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
VirtualProtect
LoadLibraryW
GetModuleHandleW
ExitProcess
CloseHandle
ReleaseMutex
GetCommandLineW
CopyFileW
SetCurrentDirectoryW
GetModuleFileNameW
GetLastError
CreateMutexW
CreateDirectoryW
ExpandEnvironmentStringsW
GetLocalTime
GetCurrentProcessId
SetLastError
LocalFree
FormatMessageW
Sleep
WaitForSingleObject
CreateThread
GetCurrentDirectoryW
GetProcAddress
FreeLibrary
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
FlushInstructionCache
GetCurrentProcess
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
WideCharToMultiByte
CreateDirectoryA
WriteFile
ReadFile
CreateFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
SetThreadUILanguage
SetThreadLocale
FindClose
LCMapStringA
MoveFileExW
RemoveDirectoryW
DeleteFileW
GetFileSize
GetEnvironmentVariableW
CopyFileA
ExpandEnvironmentStringsA
InterlockedExchange
CreateProcessW
GetVersionExW
MoveFileW
GetDiskFreeSpaceExW
HeapDestroy
DeleteCriticalSection
InitializeCriticalSection
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
HeapCreate
GetStringTypeA
SetHandleCount
GetStdHandle
GetFileType
HeapReAlloc
HeapSize
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
GetModuleHandleA
TlsSetValue
GetModuleFileNameA
GetACP
GetOEMCP
IsValidCodePage
SetEnvironmentVariableA
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
InterlockedIncrement
FindFirstFileW
InterlockedDecrement
LCMapStringW
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetSystemTimeAsFileTime
GetStartupInfoW
GetStringTypeW
TlsGetValue
MultiByteToWideChar
GetUserDefaultLCID
GetStringTypeExA
GetExitCodeProcess
GetStringTypeExW
CompareStringA
CompareStringW
TlsAlloc
FindNextFileW
TlsFree
SetEndOfFile

user32

CheckDlgButton
EnableWindow
GetWindowRect
MoveWindow
PostMessageW
KillTimer
SetTimer
SetWindowPos
GetDlgItem
GetParent
SetWindowTextW
GetWindowLongW
IsWindowEnabled
LoadCursorW
IsDlgButtonChecked
CloseDesktop
CreateDesktopW
ExitWindowsEx
DialogBoxParamW
CreateDialogParamW
wsprintfW
ShowWindow
UpdateWindow
SendMessageW
SetWindowLongW
DestroyWindow
LoadStringW
MessageBoxW
GetActiveWindow
GetSystemMetrics
DefWindowProcW
GetWindowTextW
SetFocus
OpenClipboard
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
SetDlgItemTextW
ScreenToClient
SetCursor
GetDlgCtrlID
MapWindowPoints
GetClientRect
GetMonitorInfoW
MonitorFromWindow
LoadStringA
EndDialog
BringWindowToTop
CallWindowProcW
UnregisterClassA
IsWindowVisible
GetWindow

gdi32

DeleteObject
GetStockObject

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenSCManagerW
OpenServiceW
StartServiceW
CloseServiceHandle
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptReleaseContext
CryptDestroyHash
OpenProcessToken

ole32

CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CreateStreamOnHGlobal
CoTaskMemFree
CoUninitialize
CoInitialize
CoInitializeEx

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

gdiplus

GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdiplusShutdown

winhttp

WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpReceiveResponse
WinHttpSetCredentials
WinHttpOpenRequest
WinHttpSendRequest
WinHttpWriteData

dbghelp

ImageNtHeader

Sections

.text
Size: 889KB - Virtual size: 888KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

372ee6ae73c8564d9c534c52521f88ba

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

comctl32

shell32

shlwapi

kernel32

user32

gdi32

advapi32

ole32

oleaut32

gdiplus

winhttp

dbghelp

Sections

.text Size: 889KB - Virtual size: 888KB

.rdata Size: 169KB - Virtual size: 168KB

.data Size: 14KB - Virtual size: 22KB

.rsrc Size: 3.3MB - Virtual size: 3.3MB

.reloc Size: 62KB - Virtual size: 61KB

.text
Size: 889KB - Virtual size: 888KB

.rdata
Size: 169KB - Virtual size: 168KB

.data
Size: 14KB - Virtual size: 22KB

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

.reloc
Size: 62KB - Virtual size: 61KB