474da6264953fb83a0c7ebf5ef12d724_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

474da6264953fb83a0c7ebf5ef12d724_JaffaCakes118
Size

2.6MB
MD5

474da6264953fb83a0c7ebf5ef12d724
SHA1

cf9a46bb6daae05eeec53116f53fc44bdf5d810d
SHA256

a9321317116649103debb8a03f5b36ee8b015fa48fc7da5c2b5eb5192dac8233
SHA512

4f4567699a93859f0b0ab36321e97c5dc05cd764f069430d65121d11287dd630433871f579c30524db03a63b791bd2431d3de0540c9f7dc6a4d17645b096fb87
SSDEEP

12288:QD4a0FisqocEgMHv4FiiEuu5VfCgWLdd7FPza6qfKwZMsudkM0D4pa7+os:hrd/WLdd7FPzkfKugdkML

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
474da6264953fb83a0c7ebf5ef12d724_JaffaCakes118

Files

474da6264953fb83a0c7ebf5ef12d724_JaffaCakes118
.exe windows:6 windows x86 arch:x86

4907c4f4190a29b951bceb7b7b6aa350

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\W7H64\Desktop\VCSamples-master\VC2010Samples\ATL\General\DispSink\DispClient\debug.pdb

Imports

kernel32

DebugBreak
DeleteFileW
DisconnectNamedPipe
DuplicateHandle
EnumSystemLocalesEx
EnumSystemLocalesW
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FreeEnvironmentStringsW
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameExW
GetConsoleCP
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetDateFormatW
GetDriveTypeW
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesW
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSetInformation
HeapSize
InitOnceExecuteOnce
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
K32GetPerformanceInfo
K32GetProcessMemoryInfo
ReadFile
ReadProcessMemory
RegisterWaitForSingleObject
ReleaseSRWLockExclusive
ReleaseSemaphore
CreateThread
ReplaceFileW
ResetEvent
ResumeThread
RtlCaptureContext
RtlCaptureStackBackTrace
RtlUnwind
SearchPathW
SetConsoleCtrlHandler
GetProcessHeap
InterlockedPopEntrySList
InterlockedPushEntrySList
CreateFileW
SetFilePointerEx
GetStringTypeW
SetStdHandle
HeapQueryInformation
SetEnvironmentVariableW
SetEnvironmentVariableA
GetOEMCP
FindNextFileA
FindFirstFileExA
WriteConsoleW
OutputDebugStringA
GetFileType
GetUserDefaultLCID
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
WriteFile
GetStdHandle
HeapValidate
GetModuleHandleExW
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LoadLibraryExW
GetModuleFileNameW
InterlockedFlushSList
VirtualQuery
GetSystemTimeAsFileTime
FlushInstructionCache
QueryPerformanceCounter
GetStartupInfoW
CreateEventW
WaitForSingleObjectEx
SetEvent
CloseHandle
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalFree
OutputDebugStringW
CreateSemaphoreW
CreateRemoteThread
CreateProcessW
CreateNamedPipeW
CreateMutexW
CreateJobObjectW
FreeConsole
SetThreadLocale
GetThreadLocale
IsDBCSLeadByte
WideCharToMultiByte
MultiByteToWideChar
FindResourceA
lstrlenA
lstrcmpiA
MulDiv
GlobalLock
GlobalUnlock
GlobalAlloc
SizeofResource
LoadResource
LoadLibraryExA
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
VirtualProtect
VirtualAlloc
GetCurrentThreadId
Sleep
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RaiseException
DecodePointer
RemoveDirectoryW
EncodePointer
VirtualFree
HeapAlloc

user32

DefWindowProcA
CallWindowProcA
UnregisterClassA
RegisterClassExA
GetClassInfoExA
CreateWindowExA
IsWindow
GetParent
IsChild
DestroyWindow
ShowWindow
SetWindowPos
CharNextA
CharNextW
SetFocus
GetFocus
GetKeyState
GetDC
ReleaseDC
UnregisterClassW
TranslateMessage
SetProcessWindowStation
SetProcessDPIAware
SendMessageTimeoutW
RegisterClassW
PostMessageW
GetWindowThreadProcessId
GetUserObjectInformationW
GetThreadDesktop
GetMessageW
LoadCursorA
GetProcessWindowStation
SetWindowLongA
GetWindowLongA
PtInRect
EqualRect
OffsetRect
UnionRect
IntersectRect
MessageBoxA
GetClientRect
InvalidateRect
SetWindowRgn
EndPaint
BeginPaint

gdi32

SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
LPtoDP
TextOutA
SetTextAlign
SetMapMode
SaveDC
RestoreDC
Rectangle
GetDeviceCaps
DeleteMetaFile
DeleteDC
CreateRectRgnIndirect
CreateMetaFileA
CreateDCA
CloseMetaFile

advapi32

EventUnregister
EventRegister
EqualSid
DuplicateTokenEx
DuplicateToken
CreateWellKnownSid
CreateRestrictedToken
CreateProcessAsUserW
CopySid
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
AccessCheck
RegSetValueExA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

ole32

ReadClassStm
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
WriteClassStm
CreateDataAdviseHolder
OleSaveToStream
CreateOleAdviseHolder
OleRegGetUserType
OleRegGetMiscStatus
OleRegEnumVerbs

oleaut32

SetErrorInfo
GetErrorInfo
CreateErrorInfo
VariantCopy
OleCreatePropertyFrame
DispCallFunc
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysAllocString
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
VariantInit
VariantClear
VariantChangeType

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 796KB - Virtual size: 795KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4907c4f4190a29b951bceb7b7b6aa350

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

version

Sections

.text Size: 796KB - Virtual size: 795KB

.rdata Size: 215KB - Virtual size: 215KB

.data Size: 1.4MB - Virtual size: 1.4MB

.idata Size: 9KB - Virtual size: 8KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 158KB - Virtual size: 158KB

.reloc Size: 34KB - Virtual size: 34KB

.text
Size: 796KB - Virtual size: 795KB

.rdata
Size: 215KB - Virtual size: 215KB

.data
Size: 1.4MB - Virtual size: 1.4MB

.idata
Size: 9KB - Virtual size: 8KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 158KB - Virtual size: 158KB

.reloc
Size: 34KB - Virtual size: 34KB