JaffaCakes118_473b1c57d4cecd2c2b5dcf703312b4f0

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_473b1c57d4cecd2c2b5dcf703312b4f0
Size

506KB
MD5

473b1c57d4cecd2c2b5dcf703312b4f0
SHA1

a8bbaa1c6913c74c447e223b0d07910821cfda95
SHA256

d3eb5ae3f24f058946262f91ac2b456455b30fcc48c8b10d9e3d89ef4d862c5b
SHA512

9f9ad11e13f06d10af139428b712d72e5c882ec1e5afdc3b686b4848da6255b269c039b3056819480002c44695ef0aaa6c6e012c47492d595c54363f3bc42742
SSDEEP

12288:yQm7YE7l2UE3j1Xp4xHAQHLRmKxWhG/YpzFpWBaIXDkDF:yrYHlp4xHAQ9xWhGg1F04qAD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_473b1c57d4cecd2c2b5dcf703312b4f0

Files

JaffaCakes118_473b1c57d4cecd2c2b5dcf703312b4f0
.exe windows:5 windows x86 arch:x86

a59e1ef4dc47ff427090672d8d3a795a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\jenkins\workspace\暴风主干\trunk\bin\Release\webplayer\WebPlayer.pdb

Imports

kernel32

CreateMutexW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateThread
DeleteFileW
InterlockedExchange
WriteFile
lstrcpyW
CreateFileW
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalAlloc
OutputDebugStringA
CreateDirectoryW
WideCharToMultiByte
GetVersionExW
LoadLibraryA
GetPrivateProfileStringW
GetSystemDirectoryW
OutputDebugStringW
GetFileAttributesW
SystemTimeToFileTime
GetLocalTime
GetCurrentProcessId
lstrcmpiA
Sleep
CreateEventW
WaitForSingleObject
TerminateThread
OpenEventW
SetEvent
SetLastError
GetCommandLineW
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
HeapSetInformation
DecodePointer
EncodePointer
LocalFree
LocalUnlock
LocalLock
LocalAlloc
ReadFile
GetFileSize
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
FindResourceExW
LockResource
GetModuleHandleA
CloseHandle
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
lstrcpynW
FreeLibrary
GetModuleFileNameW
LoadLibraryW
lstrcmpiW
GetModuleHandleW
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
lstrlenW

user32

SystemParametersInfoW
CharNextW
GetClientRect
SetWindowLongW
GetWindowLongW
DefWindowProcW
CallWindowProcW
RegisterWindowMessageW
SendMessageTimeoutA
PostMessageW
GetDesktopWindow
ReleaseDC
ReleaseCapture
TrackMouseEvent
DrawTextW
SetCapture
GetDC
SetLayeredWindowAttributes
CharUpperW
CopyRect
SetRect
SetCursor
GetAsyncKeyState
GetKeyState
SetParent
SetForegroundWindow
GetCursorPos
TrackPopupMenu
OffsetRect
SetRectEmpty
PtInRect
IsRectEmpty
MonitorFromPoint
ShowCursor
GetDoubleClickTime
FillRect
GetWindowRect
DestroyWindow
EnumWindows
FindWindowExW
EnumChildWindows
GetClassNameA
EndPaint
ShowWindow
SetTimer
KillTimer
SendMessageW
ScreenToClient
ClientToScreen
FindWindowW
GetParent
DestroyMenu
GetWindowThreadProcessId
WaitForInputIdle
InvalidateRect
MessageBoxA
IntersectRect
UnregisterClassA
BeginPaint
IsMenu
EnableMenuItem
RemoveMenu
GetSubMenu
LoadMenuW
IsWindowVisible
SetWindowPos
GetSystemMetrics
GetMonitorInfoW
MonitorFromWindow
PostQuitMessage
IsWindow
SetClassLongW
SendMessageTimeoutW
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageW
SetFocus
MoveWindow
PeekMessageW
GetMessageW
MessageBoxW
PostThreadMessageW
wsprintfW
CreateWindowExW
RegisterClassExW
LoadCursorW
GetClassInfoExW
LoadIconA

gdi32

CreateDIBSection
CreateCompatibleDC
SetDIBColorTable
BitBlt
SetStretchBltMode
StretchBlt
GdiFlush
CreateHalftonePalette
GetPaletteEntries
DeleteObject
CreateCompatibleBitmap
SetTextColor
SetBkMode
GetBkMode
CreateDIBitmap
CreatePalette
SelectPalette
RealizePalette
EnumFontsW
CreateFontW
GetStockObject
SelectObject
DeleteDC
GetObjectW

advapi32

SetSecurityDescriptorDacl
RegOpenKeyExA
InitializeSecurityDescriptor
RegQueryValueExA
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW

shell32

DragAcceptFiles
SHGetSpecialFolderPathW
ShellExecuteExW
DragQueryFileW

ole32

CoRegisterClassObject
CoRevokeClassObject
CoInitialize
CoUninitialize
CoLoadLibrary
CoAddRefServerProcess
CoReleaseServerProcess
CoCreateGuid
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoFreeLibrary

oleaut32

SysFreeString
SysStringLen
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
VariantClear
SysAllocString
VariantInit
VarBstrCat
SysAllocStringLen
RegisterTypeLi
UnRegisterTypeLi
VarBstrCmp
VariantCopy

shlwapi

StrCpyNW
StrStrW
SHSetValueW
SHDeleteKeyW
PathFileExistsW
StrCmpNIW
StrStrIW
StrChrW
StrCmpIW
SHGetValueW
PathAppendW

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??1_Container_base12@std@@QAE@XZ

comctl32

_TrackMouseEvent

msimg32

TransparentBlt

msvcr100

_except_handler4_common
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
fopen
fread
fwrite
wcsrchr
_wtol
_mktime64
_time64
wcsnlen
_wcslwr_s
wcscpy_s
wcschr
_beginthreadex
wcsncpy
_wcsicmp
_wtoi
swprintf_s
vswprintf_s
_vscwprintf
wmemcpy_s
memmove_s
__RTDynamicCast
memcpy
fclose
_resetstkoflw
??_V@YAXPAX@Z
memmove
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
calloc
_recalloc
__CxxFrameHandler3
memset
_purecall
wcsncpy_s
_CxxThrowException
memcpy_s
free
malloc
wcsstr
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??3@YAXPAX@Z
wcscat_s
swscanf
ftell
fseek
_vscprintf
vsprintf_s
wcspbrk
iswspace

gdiplus

GdiplusStartup
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipAlloc
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToStream
GdipDisposeImage
GdipFlush
GdipDeleteGraphics
GdipFree
GdipLoadImageFromStream
GdipCreateFromHDC
GdipDrawImageRectRectI
GdipCreateBitmapFromScan0
GdiplusShutdown

Sections

.text
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 161KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a59e1ef4dc47ff427090672d8d3a795a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp100

comctl32

msimg32

msvcr100

gdiplus

Sections

.text Size: 274KB - Virtual size: 274KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 12KB - Virtual size: 15KB

.rsrc Size: 161KB - Virtual size: 164KB

.text
Size: 274KB - Virtual size: 274KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 161KB - Virtual size: 164KB