JaffaCakes118_4c6f44ec85cf651ed4ebbd4d95f349a0

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_4c6f44ec85cf651ed4ebbd4d95f349a0
Size

686KB
MD5

4c6f44ec85cf651ed4ebbd4d95f349a0
SHA1

8de301ea67d14440e3e7237cf3c008b97fa125cd
SHA256

fc5e3c08871679352bb15b18301817f6268f695460991f64a98aa666f3868ea6
SHA512

18c4631f455fa4e96fa7246102f8fbf13cbf357776657edd0a8028100542b13d1f380c599c70ca9e870eebafe1992683edafd43a0d9f5ae08f5af2a725055d4d
SSDEEP

12288:pwuaWNVuBArdkmIc8bhYdfHLbu4dVqkDnHw8rnEQsWjvD05jdeI5M6:pwLWaArd5Wir1OGndrnEQ/P05jdeo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4c6f44ec85cf651ed4ebbd4d95f349a0

Files

JaffaCakes118_4c6f44ec85cf651ed4ebbd4d95f349a0
.exe windows:5 windows x86 arch:x86

7875ef73139cd798fbc9207487760b3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

S:\rc_v9_personal_common_20150618\Build\Release\WPSOffice\wtoolex\desktoptip.pdb

Imports

kernel32

RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FlushInstructionCache
GetCurrentProcess
GetFileAttributesW
GetVersionExW
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
GetPrivateProfileIntW
SetLastError
lstrcmpW
CreateDirectoryW
Sleep
GlobalFree
GlobalHandle
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
GetCurrentDirectoryW
GetFullPathNameA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStringTypeW
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
IsProcessorFeaturePresent
GetTimeZoneInformation
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
QueryPerformanceCounter
HeapDestroy
HeapCreate
TlsFree
OpenProcess
TlsGetValue
TlsAlloc
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
ExitProcess
SetUnhandledExceptionFilter
GetDriveTypeA
ExitThread
GetFileInformationByHandle
HeapReAlloc
GetDateFormatW
GetTimeFormatW
HeapAlloc
HeapFree
DecodePointer
EncodePointer
FindNextFileW
FindFirstFileExW
FindFirstFileExA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
RtlUnwind
GetSystemTimeAsFileTime
GetStartupInfoW
HeapSetInformation
GetCommandLineW
FormatMessageA
ExpandEnvironmentStringsA
WaitForMultipleObjects
GetFileType
GetStdHandle
PeekNamedPipe
GetTickCount
InitializeCriticalSection
VerifyVersionInfoA
SleepEx
VerSetConditionMask
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
DeviceIoControl
CreateFileA
LoadLibraryA
CreateThread
SetEndOfFile
GetProcessHeap
InterlockedCompareExchange
InterlockedPushEntrySList
VirtualAllocEx
ReadProcessMemory
WriteProcessMemory
lstrcmpiA
VirtualFreeEx
ReadFile
GlobalAlloc
GlobalLock
GlobalUnlock
MultiByteToWideChar
FreeResource
GetSystemDefaultLangID
lstrcatW
WinExec
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetWindowsDirectoryW
MulDiv
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrcpyW
LoadLibraryExW
GetModuleHandleW
GetPrivateProfileStringW
WritePrivateProfileStringW
LocalFree
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
lstrlenW
WideCharToMultiByte
LoadLibraryW
GetProcAddress
FreeLibrary
SetCurrentDirectoryW
CreateMutexW
GetModuleFileNameW
WaitForSingleObject
CreateFileW
GetFileSize
WriteFile
GetCurrentThreadId
GetCurrentProcessId
lstrlenA
OutputDebugStringW
SetFilePointer
CloseHandle
ReleaseMutex
GetFileAttributesExW
DeleteFileW
TlsSetValue
GetDriveTypeW

user32

FillRect
GetDC
LoadImageW
SendMessageW
SetWindowTextW
CreateIconIndirect
GetWindowRect
GetClientRect
ScreenToClient
InvalidateRect
SetTimer
KillTimer
ReleaseDC
UnregisterClassA
GetIconInfo
MoveWindow
TranslateMessage
GetActiveWindow
CreateDialogIndirectParamW
DialogBoxIndirectParamW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
CreateAcceleratorTableW
SetWindowRgn
IsWindowVisible
GetClassInfoExW
SetFocus
DestroyAcceleratorTable
CallWindowProcW
ReleaseCapture
GetClassNameW
SetCapture
RedrawWindow
InvalidateRgn
GetFocus
EndDialog
MapDialogRect
IsWindow
IsDialogMessageW
SetWindowContextHelpId
GetDlgItem
PtInRect
SendDlgItemMessageW
CreateDialogParamW
CharNextW
PeekMessageW
GetMessageW
IsChild
DispatchMessageW
SetRect
FindWindowW
FindWindowExW
GetWindow
ClientToScreen
OffsetRect
GetWindowThreadProcessId
MessageBoxW
CreateWindowExW
DestroyWindow
GetWindowLongW
GetParent
GetWindowRgn
DefWindowProcW
RegisterClassExW
SetWindowLongW
GetSysColor
DrawTextW
GetSystemMetrics
LoadStringW
DestroyCursor
GetCursorPos
LoadCursorW
SetCursor
ShowWindow
CopyIcon
DestroyIcon
EndPaint
BeginPaint
MonitorFromRect
GetMonitorInfoW
SetWindowPos
GetDesktopWindow
EqualRect
CopyRect
LoadBitmapW
PostQuitMessage

gdi32

CreateRoundRectRgn
GetStockObject
CreateRectRgn
PtInRegion
TextOutW
SetTextJustification
GetTextExtentPoint32W
CreateCompatibleBitmap
GetDeviceCaps
CreateFontIndirectW
GetTextMetricsW
SetBkMode
SetTextColor
SetBkColor
CreateDIBSection
BitBlt
CreateHatchBrush
Rectangle
CreateSolidBrush
CreateBitmap
StretchBlt
DeleteDC
GetObjectW
CreatePen
SelectObject
MoveToEx
LineTo
DeleteObject
CreateCompatibleDC

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

OleUninitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
OleSetClipboard
OleFlushClipboard
CoInitialize
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance

oleaut32

SysAllocStringLen
SysAllocString
DispCallFunc
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VariantInit
VarUI4FromStr
SysFreeString
SysStringLen
VariantClear

advapi32

RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueW
RegQueryInfoKeyW
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptHashData

shlwapi

PathFileExistsW

comctl32

ord17
ImageList_GetImageCount
ImageList_GetIcon
_TrackMouseEvent

gdiplus

GdipAlloc
GdipDeleteGraphics
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdiplusShutdown
GdipCreateFromHDC
GdipDrawImagePointsI
GdipCloneImage
GdiplusStartup
GdipFree

ws2_32

getpeername
gethostname
getaddrinfo
freeaddrinfo
ioctlsocket
listen
accept
recvfrom
sendto
send
select
__WSAFDIsSet
WSAIoctl
connect
WSACleanup
WSAStartup
getsockopt
closesocket
WSASetLastError
socket
bind
recv
setsockopt
getsockname
ntohs
htons
WSAGetLastError

wldap32

ord200
ord46
ord211
ord301
ord27
ord33
ord79
ord30
ord60
ord26
ord41
ord143
ord50
ord22
ord35
ord32

Sections

.text
Size: 432KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 95KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7875ef73139cd798fbc9207487760b3d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

shlwapi

comctl32

gdiplus

ws2_32

wldap32

Sections

.text Size: 432KB - Virtual size: 432KB

.rdata Size: 94KB - Virtual size: 94KB

.data Size: 11KB - Virtual size: 19KB

.rsrc Size: 46KB - Virtual size: 45KB

.reloc Size: 95KB - Virtual size: 96KB

.text
Size: 432KB - Virtual size: 432KB

.rdata
Size: 94KB - Virtual size: 94KB

.data
Size: 11KB - Virtual size: 19KB

.rsrc
Size: 46KB - Virtual size: 45KB

.reloc
Size: 95KB - Virtual size: 96KB