44c7e92991f4207153a81ff676cb8ae1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

44c7e92991f4207153a81ff676cb8ae1_JaffaCakes118
Size

1.8MB
MD5

44c7e92991f4207153a81ff676cb8ae1
SHA1

6737fdd946ef667c5aebeb3f0fd41ff610fa6080
SHA256

a6ffd94be1524d88e4d36e04c6401985b585c2701353f98dafcb60b21ec4f435
SHA512

b9df808b806a7aa898a414293ca7e3211b6530110431849ced42f71ff77af2b11a0bdc619e17cad8c25d98a78e1dc222c815dc685ba5125739ca054056e53cec
SSDEEP

24576:xirq8vaOKG6V3w+mMlvCIXd99QUKi1imjMwtrceHW1NXXTvITcEm126QlogTTvbw:yqCT+3zfowYTvIh45gTTvA02Bn4g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44c7e92991f4207153a81ff676cb8ae1_JaffaCakes118

Files

44c7e92991f4207153a81ff676cb8ae1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4f55fdb3d473a8e1a9655d271a6a88ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Work\Bandoo\g10\Client\rbin\BndCore.pdb

Imports

kernel32

GetProcessHeap
HeapFree
WaitForSingleObject
CreateThread
CreateEventW
Sleep
GetCommandLineW
GetCurrentThreadId
LoadLibraryW
WideCharToMultiByte
LocalFree
DeleteFileW
GetSystemTimeAsFileTime
InitializeCriticalSection
lstrlenA
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
lstrlenW
FreeLibrary
CloseHandle
SetEvent
CreateEventA
SetEndOfFile
SetEnvironmentVariableW
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetCurrentDirectoryA
PeekNamedPipe
GetFileInformationByHandle
GetTimeZoneInformation
GetStringTypeA
GetModuleHandleA
DebugBreak
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
GetStdHandle
ExitProcess
GetFullPathNameA
DosDateTimeToFileTime
CreateFileA
SetFileTime
WriteFile
GetFileAttributesA
CreateDirectoryA
GetFileTime
LocalFileTimeToFileTime
OutputDebugStringW
CreateFileW
GetLocalTime
GetPrivateProfileIntW
CreateDirectoryW
FindFirstFileW
FindClose
FindNextFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
LockResource
ReadFile
GetFileSize
FindResourceExW
QueueUserWorkItem
GetTempPathW
GetTempFileNameW
GetTickCount
SetLastError
GetCurrentProcess
FlushInstructionCache
lstrcmpW
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
InterlockedExchange
CreateSemaphoreA
DuplicateHandle
ReleaseSemaphore
HeapAlloc
InterlockedCompareExchange
SetThreadPriority
GetCurrentThread
RemoveDirectoryW
SetFilePointer
GetDriveTypeW
GetFileSizeEx
MoveFileExW
CopyFileW
GetFileAttributesW
GetFullPathNameW
GetLongPathNameW
GetShortPathNameW
QueryDosDeviceW
GetLogicalDriveStringsW
GetSystemDirectoryW
GetVersionExW
VerifyVersionInfoW
VerSetConditionMask
GetSystemTime
GetLocaleInfoW
GetSystemDefaultLCID
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
GetSystemInfo
CreateProcessW
FormatMessageW
WTSGetActiveConsoleSessionId
SleepEx
TerminateThread
GetExitCodeThread
WaitForMultipleObjects
CreateMutexA
ReleaseMutex
ExpandEnvironmentStringsA
FormatMessageA
HeapDestroy
HeapReAlloc
HeapSize
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetLocaleInfoA
TlsAlloc
TlsFree
TlsGetValue
GetCurrentProcessId
ResetEvent
TlsSetValue
ResumeThread
SystemTimeToFileTime
SetWaitableTimer
CreateWaitableTimerA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualProtect
VirtualQuery
GetStartupInfoW
RtlUnwind
GetCPInfo
GetDriveTypeA
FindFirstFileA
ExitThread
LCMapStringA
LCMapStringW
GetStringTypeW
GetTimeFormatA
GetDateFormatA
CompareStringA
CompareStringW
HeapCreate

user32

GetWindowLongW
SetWindowLongW
SetLayeredWindowAttributes
GetWindowRect
MoveWindow
RedrawWindow
PostMessageW
ShowWindow
LoadImageW
GetLastInputInfo
SystemParametersInfoW
GetForegroundWindow
GetClientRect
GetClassNameW
DefWindowProcW
DestroyWindow
SetTimer
KillTimer
RegisterClassExW
SetWindowPos
LoadCursorW
CreateWindowExW
CallWindowProcW
SendMessageW
GetKeyState
IsWindowVisible
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
GetSysColor
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
SetCapture
IsChild
GetDlgItem
ReleaseCapture
FillRect
EndPaint
BeginPaint
GetDesktopWindow
DestroyAcceleratorTable
SetFocus
GetFocus
IsWindow
CreateAcceleratorTableW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
RemovePropW
SetPropW
EqualRect
AnimateWindow
EnumChildWindows
GetPropW
GetGUIThreadInfo
UnregisterClassA
GetSystemMetrics
DispatchMessageW
TranslateMessage
GetMessageW
CharUpperW
PostThreadMessageW
CharNextW
GetClassInfoExW

advapi32

SaferCreateLevel
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
InitializeSid
GetSidLengthRequired
GetLengthSid
CopySid
ConvertSidToStringSidW
LookupAccountNameW
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptEncrypt
CryptDecrypt
CryptGetHashParam
CryptDestroyHash
CryptDestroyKey
RegEnumValueW
GetUserNameW
GetSidSubAuthority
GetSidSubAuthorityCount
IsValidSid
GetTokenInformation
OpenProcessToken
CreateProcessAsUserW
SetTokenInformation
SaferCloseLevel
SaferComputeTokenFromLevel
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
ShellExecuteExW
SHFileOperationW

ole32

CoCreateFreeThreadedMarshaler
CoCreateInstance
OleRun
CoInitialize
CoUninitialize
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CoTaskMemAlloc
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
ProgIDFromCLSID
StringFromIID
CoCreateGuid
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemRealloc
CLSIDFromString
CoTaskMemFree

oleaut32

LoadTypeLi
GetErrorInfo
OleCreateFontIndirect
DispCallFunc
VariantCopy
LoadRegTypeLi
SafeArrayCreate
SafeArrayPutElement
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VariantChangeType
RegisterTypeLi
SysStringLen
VariantClear
SysFreeString
VarUI4FromStr
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
VariantInit
UnRegisterTypeLi

shlwapi

PathFileExistsW

ws2_32

getsockopt
socket
WSAStartup
recv
setsockopt
getsockname
bind
closesocket
WSACleanup
ioctlsocket
select
__WSAFDIsSet
WSASetLastError
gethostbyname
send
WSAIoctl
ntohs
htons
WSAGetLastError
connect

wininet

InternetGetConnectedState

sensapi

IsNetworkAlive

gdi32

GetStockObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 160KB - Virtual size: 420KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4f55fdb3d473a8e1a9655d271a6a88ff

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

wininet

sensapi

gdi32

wtsapi32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 278KB - Virtual size: 278KB

.data Size: 63KB - Virtual size: 82KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 17KB - Virtual size: 16KB

.vmp0 Size: 160KB - Virtual size: 420KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 278KB - Virtual size: 278KB

.data
Size: 63KB - Virtual size: 82KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 17KB - Virtual size: 16KB

.vmp0
Size: 160KB - Virtual size: 420KB