JaffaCakes118_02b87639aeae61419eb07914275795c0

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_02b87639aeae61419eb07914275795c0
Size

963KB
MD5

02b87639aeae61419eb07914275795c0
SHA1

25a61571de35989b7aa7a23d0a8444af0a2c3619
SHA256

d19b8b607f6dec48979246268af98e2d189dca7758bddc40889c7fa29c444d96
SHA512

5ece218788d262b9e47b0c3a9f1d4e67afd986a383bcca3789fa9d47ffdcc95ad3d5fe2e34882a322d54071060e4ea8cc3657843475775be78d33ae04488fcf8
SSDEEP

24576:1mBSIC7TCPtr+l6xtvxcMThjG5S2mbwSTk+55DljZk3n7:wSICvCP5+l6XJdjGDmbV5Q37

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_02b87639aeae61419eb07914275795c0

Files

JaffaCakes118_02b87639aeae61419eb07914275795c0
.exe windows:5 windows x86 arch:x86

5ce49cff1f536651277614b1b0806c98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\build\360wangguanban\branches\bs_bran_free_2014021901_s3sign\360entcall\bin\360EntCall.pdb

Imports

kernel32

GlobalAlloc
OpenEventW
WideCharToMultiByte
lstrlenA
GetPrivateProfileStringW
CreateThread
GetPrivateProfileIntW
WriteFile
SetFilePointerEx
ReadFile
GetFileSize
CreateFileW
GetVersionExW
WritePrivateProfileStringW
SetFilePointer
FlushFileBuffers
SetEndOfFile
SetFileAttributesW
GetFileAttributesW
GetFileSizeEx
Process32NextW
OutputDebugStringW
Process32FirstW
CreateToolhelp32Snapshot
CopyFileW
CompareStringW
MulDiv
TerminateProcess
SetConsoleMode
ReadConsoleInputA
FreeLibrary
GetModuleFileNameW
InterlockedIncrement
LoadLibraryW
GlobalLock
FreeResource
GlobalUnlock
GlobalFree
DeleteAtom
FindAtomW
ReleaseMutex
AddAtomW
OpenThread
GetAtomNameW
GetSystemTime
LocalFree
FormatMessageW
LocalFileTimeToFileTime
SystemTimeToFileTime
FlushConsoleInputBuffer
GetVersionExA
GlobalMemoryStatus
GetVersion
SetEnvironmentVariableA
MultiByteToWideChar
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetLastError
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleHandleA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
GetModuleFileNameA
GetStdHandle
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualProtect
ExitThread
ExitProcess
DeviceIoControl
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetCurrentProcess
FlushInstructionCache
InterlockedExchange
CreateEventW
ResumeThread
TerminateThread
SetEvent
ResetEvent
WaitForMultipleObjects
Sleep
WaitForSingleObject
SetCurrentDirectoryW
FindNextFileW
FindFirstFileW
FindClose
GetTempFileNameW
GetWindowsDirectoryW
DeleteFileW
MoveFileW
MoveFileExW
GetTempPathW
CreateProcessW
GetTickCount
LoadLibraryExW
lstrcmpiW
CreateMutexW
GetLastError
GetCurrentProcessId
OpenProcess
GetModuleHandleW
GetProcAddress
CloseHandle
FindResourceExW
RaiseException
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
InterlockedDecrement
lstrlenW
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
CompareStringA

user32

MessageBoxW
GetActiveWindow
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
UnregisterClassA
DefWindowProcW
PostThreadMessageW
DestroyWindow
CharNextW
GetDesktopWindow
GetWindowLongW
SetWindowTextW
GetParent
GetDlgItem
IsDialogMessageW
SetWindowPos
MapWindowPoints
GetClientRect
GetMonitorInfoW
GetWindow
GetWindowRect
SetWindowLongW
DrawTextW
SendMessageW
IsWindow
GetPropW
IsIconic
FillRect
DrawIconEx
PtInRect
OffsetRect
CreateWindowExW
PostMessageW
ScreenToClient
GetWindowDC
ReleaseDC
InvalidateRect
GetClassInfoExW
LoadCursorW
BeginPaint
EndPaint
SetCursor
GetCursorPos
RegisterClassExW
CallWindowProcW
CreateDialogParamW
DispatchMessageW
TranslateMessage
GetMessageW
GetDialogBaseUnits
GetDC
ShowWindow
SetForegroundWindow
MonitorFromWindow
LoadBitmapW
KillTimer
InflateRect
DestroyCursor
ClientToScreen
WindowFromPoint
MessageBeep
SetDlgItemTextW
SetTimer
SetPropW
LoadIconW
GetClassNameW
DialogBoxParamW
FrameRect
GetCapture
GetSysColor
GetFocus
GetDlgCtrlID
SetFocus
IsWindowEnabled
UpdateWindow
DrawFocusRect
SetRectEmpty
RemovePropW
ReleaseCapture
FindWindowW
IsWindowVisible
SwitchToThisWindow
SetCapture
EnableWindow
MoveWindow
GetWindowTextLengthW
GetWindowTextW
SystemParametersInfoW
EndDialog
DestroyIcon

gdi32

SetBkColor
SetBkMode
GetTextMetricsW
GetTextExtentPointW
GetStockObject
StretchBlt
CreateDIBSection
CreateFontIndirectW
SetDIBColorTable
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
CreatePen
ExtTextOutW
BitBlt
LineTo
MoveToEx
SetTextColor
GetTextColor
SelectObject
DeleteObject
DeleteDC
GetDIBColorTable
GetObjectW

advapi32

RegQueryValueExW
RegisterEventSourceA
ReportEventA
LookupAccountSidW
GetTokenInformation
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
DeregisterEventSource
RegQueryValueExA

shell32

ShellExecuteExW
ShellExecuteW

ole32

CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize
CoInitializeEx
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal

oleaut32

VarUI4FromStr
VariantClear
SysAllocString
SysStringByteLen
SysAllocStringByteLen
SysFreeString
VariantInit
SysStringLen

shlwapi

PathCombineW
PathIsDirectoryW
PathAppendW
PathRemoveFileSpecW
SHGetValueW
PathFileExistsW
PathIsRelativeW

comctl32

_TrackMouseEvent
InitCommonControlsEx

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageWidth
GdiplusShutdown
GdipGetImageHeight
GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat

psapi

EnumProcesses
GetModuleFileNameExW

wininet

HttpOpenRequestW
InternetCloseHandle
HttpQueryInfoW
HttpSendRequestW
InternetConnectW
InternetSetOptionW
InternetOpenW
InternetReadFile
InternetOpenUrlW

iphlpapi

GetAdaptersInfo

ws2_32

recvfrom
WSACleanup
inet_addr
htonl
closesocket
inet_ntoa
sendto
bind
htons
setsockopt
socket
WSAStartup
ioctlsocket

Sections

.text
Size: 551KB - Virtual size: 551KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 19KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 223KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5ce49cff1f536651277614b1b0806c98

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

psapi

wininet

iphlpapi

ws2_32

Sections

.text Size: 551KB - Virtual size: 551KB

.rdata Size: 159KB - Virtual size: 159KB

.data Size: 19KB - Virtual size: 38KB

.rsrc Size: 223KB - Virtual size: 224KB

.text
Size: 551KB - Virtual size: 551KB

.rdata
Size: 159KB - Virtual size: 159KB

.data
Size: 19KB - Virtual size: 38KB

.rsrc
Size: 223KB - Virtual size: 224KB