fb033a5fb5a4f812f54a8b21913e1956_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fb033a5fb5a4f812f54a8b21913e1956_JaffaCakes118
Size

349KB
MD5

fb033a5fb5a4f812f54a8b21913e1956
SHA1

1486390c71bca1901018f50a6b36eab660dffda4
SHA256

bff6108f26caee38a6f557a0bd1181156729e4921bdf5b188bc84c1315a0ee91
SHA512

6607f877360f4131bdf616c80f42b42e39d10c09bd318f4a936607b3beaa349084d6d4bdd73abb8097c45a67118fdd637fcd476e8c9530f8e412f350b288dfa0
SSDEEP

6144:uixrzOTp+pbdZNSSTB8MqMftqnTgJXZr0pnyEqma5V27:VzHpbNSSTZqM1Kvpima727

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb033a5fb5a4f812f54a8b21913e1956_JaffaCakes118

Files

fb033a5fb5a4f812f54a8b21913e1956_JaffaCakes118
.exe windows:4 windows x86 arch:x86

45e000e3f6a6c1e554c3e4ea18b3b105

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\CC\platform_QQ1.45\Basic_HummerPlatform_VOB\Platform\Output\bin\bugreport.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

dbghelp

SymCleanup
SymInitialize
SymSetOptions
SymLoadModule
SymGetModuleInfo

wininet

HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetReadFile

psapi

GetModuleFileNameExA

comctl32

ImageList_Create
ImageList_ReplaceIcon
InitCommonControlsEx

kernel32

FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
FreeEnvironmentStringsW
GetEnvironmentStrings
WriteConsoleA
GetTempPathW
CreateDirectoryW
GetTickCount
DeleteFileW
CreateFileW
ReadFile
SetFilePointer
CloseHandle
GetVersionExW
VirtualQueryEx
CreateFileA
OpenThread
FindResourceW
GetProcAddress
GetModuleHandleW
ReadProcessMemory
WriteProcessMemory
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapAlloc
GetProcessHeap
WriteFile
VirtualProtect
SetEvent
HeapFree
GetCurrentProcessId
CreateProcessW
OpenProcess
GetModuleFileNameW
SetCurrentDirectoryW
GlobalFree
GetConsoleOutputCP
GlobalLock
GlobalUnlock
GetPrivateProfileSectionW
InterlockedIncrement
InterlockedDecrement
Sleep
WideCharToMultiByte
GetFileSize
LoadLibraryW
FreeLibrary
GetLastError
GetThreadSelectorEntry
GetFileAttributesW
GetCurrentThreadId
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
HeapCreate
VirtualAlloc
VirtualFree
LoadLibraryA
GetModuleFileNameA
GetStdHandle
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
GetStartupInfoW
GetSystemTimeAsFileTime
ExitProcess
GetModuleHandleA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
MultiByteToWideChar
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
WriteConsoleW
SetEndOfFile
GlobalAlloc
GetCommandLineA
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
HeapSize
HeapReAlloc
HeapDestroy

user32

GetWindowThreadProcessId
GetMenuItemCount
CreatePopupMenu
IsWindow
DestroyMenu
GetClientRect
UnregisterClassA
MapDialogRect
SendDlgItemMessageW
GetWindowRect
MapWindowPoints
TrackPopupMenu
GetWindowTextLengthW
GetDlgItem
SetWindowLongW
ClientToScreen
DrawIconEx
SetWindowTextW
GetWindow
SetDlgItemTextW
SetWindowPos
CloseClipboard
LoadImageW
SetClipboardData
SendMessageW
EmptyClipboard
LoadIconW
OpenClipboard
RegisterClipboardFormatW
GetKeyState
InvalidateRect
MessageBoxW
EndDialog
DialogBoxParamW
CallWindowProcW
GetWindowTextW
EnableWindow
ShowWindow

gdi32

GetStockObject
DeleteObject
SetTextColor

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

SHBindToParent
SHGetDesktopFolder
SHGetFileInfoW
ShellExecuteW
ord155

ole32

OleInitialize
DoDragDrop
OleUninitialize

oleaut32

SysStringLen
SysAllocStringByteLen
SysAllocString
SysStringByteLen
SysFreeString

Exports

Exports

??1CWriteBuffer@@QAE@XZ
?AddBuffer@CZipBuffers@@QAE_NPBXIPBD@Z
?AnsiToUnicode@Convert@Util@@YA_NAAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@PBDH@Z
?Clear@CZipBuffers@@QAEXXZ
?DoFormat@CFmtString@@QAEPB_WPB_W@Z
?DoFormatEx@CFmtString@@QAE?AV?$vector@UtagStringItem@@V?$allocator@UtagStringItem@@@std@@@std@@PB_W@Z
?Encode16@Encode@Util@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@PBEH@Z
?GZip@CGZipBuffer@@QAE_NPAEI@Z
?GetBuffer@CUnzipBuffers@@QAE_NIAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetZip@CZipBuffers@@QAE_NAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?Init@CUnzipBuffers@@QAE_NPBXI_N@Z
?MatchWildcard@FS@Util@@YAHPBD0@Z
?MatchWildcard@FS@Util@@YAHPB_W0@Z
?Uninit@CUnzipBuffers@@AAEXXZ
?Utf8FromWS@Convert@Util@@YA?AV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@PB_WH@Z
?Utf8FromWSLimit@Convert@Util@@YA?AV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@HPB_WH@Z
?Utf8ToWS@Convert@Util@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@PBDH@Z
strlcat
strlcpy
wcslcat
wcslcpy

Sections

.text
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45e000e3f6a6c1e554c3e4ea18b3b105

Headers

File Characteristics

PDB Paths

Imports

version

dbghelp

wininet

psapi

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 176KB - Virtual size: 172KB

.rdata Size: 44KB - Virtual size: 42KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 36KB - Virtual size: 33KB

.text
Size: 176KB - Virtual size: 172KB

.rdata
Size: 44KB - Virtual size: 42KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 36KB - Virtual size: 33KB