JaffaCakes118_e276e4389ef5e36faff5e5147001d52d

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_e276e4389ef5e36faff5e5147001d52d
Size

1022KB
MD5

e276e4389ef5e36faff5e5147001d52d
SHA1

ec665c6b461060275ca89d362bde5515eade8f42
SHA256

4cd5a71ba48c2df10263c2de549b5006fe7c8ad9e286792743187af41d899cd2
SHA512

7fe134fe2ab6f87ffb8b40a0b468ff63aa0e27175e4d28199b6991273a62d4c24dab1ba28da2ccbda1a5b6800bb4598adc6ab36898e99bbccbbb10dd83c67efe
SSDEEP

12288:MEyPOaa4J4SduASxdfBNVOvboPrWZUIpgb8pfO+za/KovlrWMvV:M3Oa3GSdEPcMjKpgWfO+WCoNrWA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_e276e4389ef5e36faff5e5147001d52d

Files

JaffaCakes118_e276e4389ef5e36faff5e5147001d52d
.exe windows:4 windows x86 arch:x86

982105d8ac4b86517ac849b8e5295c05

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\build\sources\npdownv\release\npdownv.pdb

Imports

shlwapi

PathRemoveExtensionA
PathFindFileNameA
PathStripToRootA
PathFileExistsA
UrlUnescapeA
PathIsUNCA
PathFindExtensionA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wininet

FtpCommandA
HttpSendRequestExA
HttpEndRequestA
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
GopherFindFirstFileA
InternetFindNextFileA
HttpQueryInfoA
HttpAddRequestHeadersA
InternetErrorDlg
FtpGetFileA
FtpPutFileA
FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpRemoveDirectoryA
GopherCreateLocatorA
FtpRenameFileA
FtpDeleteFileA
InternetQueryDataAvailable
InternetGetCookieA
InternetSetCookieA
InternetSetOptionExA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
FtpOpenFileA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetSetOptionA
InternetCloseHandle
InternetReadFile
FtpFindFirstFileA
GopherOpenFileA
FtpCreateDirectoryA
InternetOpenUrlA
GopherGetAttributeA

ws2_32

WSAStartup
WSACleanup

user32

GetDC
GetClientRect
GetWindowRect
IsIconic
GetSystemMenu
SendMessageA
AppendMenuA
DrawIcon
GetClassInfoA
LockWindowUpdate
GetDCEx
PostThreadMessageA
UnionRect
SetParent
RegisterClipboardFormatA
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
SetMenu
TranslateAcceleratorA
GetDialogBaseUnits
GetWindowDC
ReleaseDC
SetTimer
KillTimer
SetForegroundWindow
EnableWindow
MessageBeep
LoadIconA
GetNextDlgGroupItem
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableA
UnregisterClassA
GetSysColorBrush
WaitMessage
ReleaseCapture
SetCapture
DeleteMenu
MapVirtualKeyA
GetKeyNameTextA
GetMenuItemInfoA
EndPaint
BeginPaint
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ScrollWindowEx
ShowWindow
MoveWindow
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
GetDesktopWindow
CreateDialogIndirectParamA
SetWindowContextHelpId
MapDialogRect
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetSystemMetrics
PostMessageA
PostQuitMessage
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
SetFocus
wsprintfA
FindWindowA
BringWindowToTop
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
CharLowerA
CharLowerW
CharUpperA
CharUpperW
EnableMenuItem
SetWindowPos
DestroyIcon
CreateIconIndirect
GetIconInfo
DrawStateA
CopyRect
InflateRect
OffsetRect
FillRect
FrameRect
DrawFocusRect
ClientToScreen
InvalidateRect
GetActiveWindow
GetNextDlgTabItem
GetParent
WindowFromPoint
GetWindowLongA
SetCursor
TrackPopupMenuEx
GetSubMenu
GetWindowTextLengthA
GetWindowTextA
GetSysColor
LoadImageA
DestroyCursor
LoadMenuA
DestroyMenu
SetRect
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetMenu
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
PtInRect
SetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
CharUpperBuffA
CharPrevA
CharNextA
OemToCharA
UpdateWindow
DispatchMessageA
TranslateMessage
PeekMessageA
GetClassNameA
LoadCursorA
MessageBoxA
DialogBoxParamA
EndDialog
SetWindowTextA
SetDlgItemTextA
EnumWindows
WaitForInputIdle
IsWindow
CheckMenuItem
GetMenuState
ModifyMenuA
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
GetKeyState
IsWindowVisible
GetMessageA
CallNextHookEx
SetWindowsHookExA
ShowOwnedPopups
IsWindowEnabled
GetLastActivePopup
RemoveMenu
GetMenuItemCount
InsertMenuA
GetMenuItemID
GetMenuStringA
UnhookWindowsHookEx
GetWindow
GetWindowPlacement
SystemParametersInfoA
IntersectRect
SetWindowLongA

kernel32

GetModuleFileNameA
GetProcAddress
GetModuleHandleA
LoadLibraryA
FreeLibrary
GetLocalTime
GetWindowsDirectoryA
GetCurrentProcess
Process32Next
OpenProcess
CreateDirectoryA
SetFileAttributesA
GetFileAttributesA
SetFilePointer
WriteFile
FlushFileBuffers
TlsAlloc
lstrcpyA
GlobalHandle
TlsSetValue
TlsFree
IsBadReadPtr
TlsGetValue
GetDriveTypeA
lstrcpynA
GlobalReAlloc
GlobalSize
lstrcatA
lstrcmpA
CopyFileA
FindClose
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindFirstFileA
IsBadStringPtrA
GetTickCount
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetVolumeInformationA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GlobalDeleteAtom
SetThreadPriority
SuspendThread
GlobalAddAtomA
SetLastError
GetCurrentProcessId
LocalFree
FormatMessageA
GetModuleFileNameW
InterlockedDecrement
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
MoveFileA
GetThreadLocale
LockFile
UnlockFile
DuplicateHandle
GetFullPathNameA
GetShortPathNameA
FileTimeToSystemTime
SystemTimeToFileTime
GetFileTime
FindNextFileA
LocalAlloc
GetPrivateProfileIntA
GlobalFlags
LocalReAlloc
InterlockedIncrement
GetAtomNameA
GetCPInfo
GetOEMCP
SetErrorMode
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
RaiseException
ExitProcess
HeapAlloc
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitThread
CreateThread
GetSystemTimeAsFileTime
GetCommandLineA
GetProcessHeap
GetStartupInfoA
SetCurrentDirectoryA
SetStdHandle
GetFileType
HeapSize
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
SetHandleCount
GetStdHandle
GetConsoleCP
GetConsoleMode
SetConsoleCtrlHandler
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
SetEnvironmentVariableA
GetVersionExA
WritePrivateProfileStringA
MoveFileExA
SetEndOfFile
FreeResource
GlobalLock
GlobalUnlock
GlobalFree
CreateEventA
ResumeThread
GlobalAlloc
SetEvent
ResetEvent
CreateFileA
GetFileSize
ReadFile
GetStringTypeExW
GetStringTypeExA
GetEnvironmentVariableW
GetEnvironmentVariableA
lstrlenA
lstrcmpiW
lstrcmpiA
CompareStringW
CompareStringA
lstrlenW
GetVersion
MultiByteToWideChar
InterlockedExchange
InitializeCriticalSection
GetSystemDirectoryA
GetCurrentDirectoryA
GetPrivateProfileStringA
MulDiv
CreateProcessA
GetSystemDefaultLangID
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
TerminateThread
DeleteCriticalSection
Sleep
CreateMutexA
GetLastError
DeleteFileA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
CloseHandle
CreateFileW
IsDBCSLeadByte

gdi32

PolyDraw
StretchDIBits
GetCharWidthA
GetTextMetricsA
GetRgnBox
GetTextColor
CombineRgn
SetRectRgn
PatBlt
CreateRectRgnIndirect
GetTextExtentPoint32A
CreateHatchBrush
ExtCreatePen
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
CreatePatternBrush
CreateDIBPatternBrushPt
ExtSelectClipRgn
PolyBezierTo
PolylineTo
StartDocA
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
GetClipBox
GetDCOrgEx
CopyMetaFileA
GetBkColor
SetBkMode
CreateSolidBrush
CreateFontIndirectA
DPtoLP
GetMapMode
SetMapMode
CreateDIBitmap
GetObjectA
CreateCompatibleBitmap
GetPixel
SetPixel
CreateBitmap
CreateCompatibleDC
SelectObject
SetBkColor
BitBlt
SetTextColor
DeleteDC
GetStockObject
DeleteObject
GetDeviceCaps
CreateDCA
CreateFontA
PtVisible

comdlg32

GetSaveFileNameA
GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

CryptImportKey
QueryServiceStatus
CloseServiceHandle
RegCreateKeyExA
RegSetValueA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
CryptGetHashParam
CryptDecrypt
CryptGenKey
CryptGetUserKey
CryptDeriveKey
CryptEncrypt
CryptExportKey
CryptVerifySignatureA
ControlService
CryptSignHashA
CryptCreateHash
CryptHashData
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextA
RegDeleteValueA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA

shell32

DragQueryFileA
DragFinish
ExtractIconA
SHGetFileInfoA
ShellExecuteExA

comctl32

_TrackMouseEvent

oledlg

ord8

ole32

CoDisconnectObject
CLSIDFromString
CLSIDFromProgID
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
StgOpenStorageOnILockBytes
OleRegGetUserType
WriteClassStg
CoCreateInstance
SetConvertStg
CoTaskMemFree
CreateStreamOnHGlobal
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
OleRun
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
StringFromGUID2
WriteFmtUserTypeStg
CoGetClassObject
OleSetClipboard
ReadFmtUserTypeStg
CoRevokeClassObject
CoRegisterClassObject

oleaut32

SafeArrayCopy
SysFreeString
SysAllocStringByteLen
SysStringByteLen
VariantClear
VariantChangeType
OleLoadPicture
LoadTypeLi
SysAllocString
OleCreateFontIndirect
VarBstrFromDate
VarCyFromStr
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarDateFromStr
SysReAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
SysStringLen

winmm

PlaySoundA

Sections

.text
Size: 716KB - Virtual size: 712KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

982105d8ac4b86517ac849b8e5295c05

Headers

File Characteristics

PDB Paths

Imports

shlwapi

version

wininet

ws2_32

user32

kernel32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

oleaut32

winmm

Sections

.text Size: 716KB - Virtual size: 712KB

.rdata Size: 144KB - Virtual size: 140KB

.data Size: 28KB - Virtual size: 40KB

.rsrc Size: 132KB - Virtual size: 128KB

.text
Size: 716KB - Virtual size: 712KB

.rdata
Size: 144KB - Virtual size: 140KB

.data
Size: 28KB - Virtual size: 40KB

.rsrc
Size: 132KB - Virtual size: 128KB