41328614eb34a0ee33fe9d2a8dd088ec_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

41328614eb34a0ee33fe9d2a8dd088ec_JaffaCakes118
Size

1.0MB
MD5

41328614eb34a0ee33fe9d2a8dd088ec
SHA1

7b9965ad48c25e96911d657dc615354a7cb5f1e2
SHA256

a2a85303126d1e9f31a240dbe2b63c6c0d3f00afaa4e80ceccf26a1cf137add5
SHA512

11c80cb391a95a3dccd9238fa162bd4c53b943c42dc8f68fbe3333360de3c1f8a817056a9e3f0e9f99c8af5506c5574e883ccf5603f3902ff389a999bba5fd14
SSDEEP

24576:WdDZ2GxPr0Chqe3r6oHbgJ0yfN8qIRYr4:WdDgGxPAmqeb6oHUPH6N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41328614eb34a0ee33fe9d2a8dd088ec_JaffaCakes118

Files

41328614eb34a0ee33fe9d2a8dd088ec_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d8429a7a3a865edf33888967dd16fd8d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Dev.TrueSwitch.Works\cyberlinklabs\client\app\TrueWizard\Release\TrueWizard.pdb

Imports

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCrackUrlA
DeleteUrlCacheEntry

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

comctl32

ImageList_Draw
InitCommonControlsEx
ImageList_LoadImageA
_TrackMouseEvent

shlwapi

StrFormatByteSizeA

urlmon

URLDownloadToFileA

kernel32

FreeLibrary
WideCharToMultiByte
CreateThread
GetTickCount
WaitForSingleObject
GetExitCodeThread
DeleteFileA
GetCurrentThreadId
lstrcatA
CreateProcessA
GetExitCodeProcess
lstrlenW
GetSystemTime
FindResourceA
LoadResource
LockResource
SizeofResource
GetModuleFileNameA
MultiByteToWideChar
MulDiv
GetTempPathA
DuplicateHandle
GetCurrentProcess
LocalFree
FormatMessageA
GetLastError
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
MoveFileA
FileTimeToLocalFileTime
SetLastError
GetWindowsDirectoryA
GetVolumeInformationA
CreateDirectoryA
GetTempFileNameA
GetSystemInfo
GetVersionExA
GlobalMemoryStatus
GetSystemDefaultLangID
VerLanguageNameA
GetSystemDirectoryA
CompareFileTime
WinExec
SystemTimeToFileTime
CreateMutexA
lstrcpynA
CopyFileA
OutputDebugStringA
GetThreadLocale
SetThreadLocale
GetFileTime
GetFileType
GetCurrentDirectoryA
GetProcAddress
SetFileTime
GetFileInformationByHandle
GetFileSize
FileTimeToDosDateTime
UnmapViewOfFile
GetLocalTime
LCMapStringA
RtlUnwind
RaiseException
GetStartupInfoA
GetProcessHeap
GetCommandLineA
GetTimeZoneInformation
ExitProcess
GetModuleHandleA
GetSystemTimeAsFileTime
SetStdHandle
GetFullPathNameA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
HeapReAlloc
HeapFree
GetFileAttributesA
GetDateFormatA
GetTimeFormatA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
GetLocaleInfoA
GetACP
InterlockedExchange
TlsAlloc
TlsSetValue
TlsFree
HeapSize
GetOEMCP
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetStdHandle
SetHandleCount
GetConsoleCP
GetConsoleMode
GetDriveTypeA
LoadLibraryA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
ReadFile
FindClose
FindNextFileA
lstrcmpiA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FindFirstFileA
CloseHandle
CreateFileA
GetEnvironmentVariableA
FileTimeToSystemTime
lstrcpyA
lstrlenA
IsValidCodePage
GetStringTypeA
LCMapStringW
GetCPInfo
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CreateFileW
CompareStringA
CompareStringW
SetEnvironmentVariableA
DosDateTimeToFileTime
TlsGetValue

user32

UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
IsDialogMessageA
GetSysColor
InflateRect
UnionRect
SetRectEmpty
DrawTextA
GetClassNameA
InsertMenuItemA
TrackPopupMenuEx
DeleteMenu
GetSubMenu
LoadMenuA
GetCursorPos
SystemParametersInfoA
PostQuitMessage
KillTimer
LoadImageA
CreateWindowExA
SendMessageTimeoutA
LoadAcceleratorsA
DestroyIcon
LoadStringA
RegisterWindowMessageA
GetUserObjectInformationA
GetThreadDesktop
SetTimer
GetWindow
UpdateWindow
CharUpperA
SetActiveWindow
GetSystemMetrics
SetPropA
CopyIcon
ReleaseCapture
PtInRect
ClientToScreen
SetCapture
InvalidateRect
GetCapture
DrawFocusRect
CallWindowProcA
RemovePropA
GetPropA
ScreenToClient
BringWindowToTop
ReleaseDC
GetDC
RegisterClassExA
SetWindowLongA
DefWindowProcA
IsWindow
SetDlgItemTextA
GetDlgCtrlID
SetForegroundWindow
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
MessageBoxA
MoveWindow
GetWindowRect
WaitForInputIdle
SetWindowPos
EnableMenuItem
GetSystemMenu
EnumChildWindows
GetFocus
SetFocus
GetWindowLongA
IsWindowEnabled
LoadCursorA
SetCursor
EnableWindow
GetParent
SetWindowTextA
CreateDialogParamA
DialogBoxParamA
EndPaint
FillRect
BeginPaint
GetClientRect
IsIconic
GetDlgItem
LoadIconA
SendMessageA
DestroyWindow
EndDialog
ShowWindow
wsprintfA
PostMessageA
IsWindowVisible
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
FindWindowA
GetWindowTextA
OffsetRect

gdi32

DeleteObject
CreateSolidBrush
SetBkColor
GetDeviceCaps
GetTextMetricsA
RoundRect
CreatePen
SelectObject
SetBkMode
ExtTextOutA
GetTextExtentPoint32A
GetObjectA
SetTextColor
CreateFontIndirectA

advapi32

RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegFlushKey
RegQueryValueA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyA
RegEnumKeyExA
RegEnumValueA

shell32

Shell_NotifyIconA
SHAppBarMessage
ShellExecuteA

ole32

OleCreate
CoCreateGuid
StringFromGUID2
OleSetContainedObject
CoTaskMemAlloc
OleUninitialize
OleInitialize
CoTaskMemFree

oleaut32

VariantClear
SafeArrayAccessData
SafeArrayDestroy
SafeArrayCreate
VariantInit
SafeArrayUnaccessData
SysFreeString
GetErrorInfo
SysAllocString

ws2_32

shutdown
htons
inet_addr
gethostbyname
connect
socket
recv
send
closesocket

Sections

.text
Size: 548KB - Virtual size: 544KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 360KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8429a7a3a865edf33888967dd16fd8d

Headers

File Characteristics

PDB Paths

Imports

wininet

version

comctl32

shlwapi

urlmon

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

Sections

.text Size: 548KB - Virtual size: 544KB

.rdata Size: 120KB - Virtual size: 116KB

.data Size: 8KB - Virtual size: 18KB

.rsrc Size: 360KB - Virtual size: 357KB

.text
Size: 548KB - Virtual size: 544KB

.rdata
Size: 120KB - Virtual size: 116KB

.data
Size: 8KB - Virtual size: 18KB

.rsrc
Size: 360KB - Virtual size: 357KB