f45ef7432f54c5fa7d60e552d9d5c3d9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f45ef7432f54c5fa7d60e552d9d5c3d9_JaffaCakes118
Size

453KB
MD5

f45ef7432f54c5fa7d60e552d9d5c3d9
SHA1

39890b1970f1d220bf6a7024ae9e4e7aada0a51c
SHA256

9cf95ae6fe1c97f6af3b5c8ff39ddcb40cbb5c6ff38945c36787f24368459c83
SHA512

94856d932efdea1fa259129c395a8e3d28897ab053a3a5b58dff4a65d71841f84a41a35e9da393ca32c212c83cd68811caada6db946d6abfcb9b603b0e3d89ac
SSDEEP

12288:g/U9Y178fiyMdrcsvNaET7ASSfhzvnllKi:kU906iyMyy7LSfhDl0i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f45ef7432f54c5fa7d60e552d9d5c3d9_JaffaCakes118

Files

f45ef7432f54c5fa7d60e552d9d5c3d9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

80a85314788a1ec3b9b614372ce373c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Security\trunk\Retail\GDSetup\Release\gdsetup.pdb

Imports

kernel32

GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
VirtualAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetFileType
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
TerminateProcess
GetStartupInfoW
SetErrorMode
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
SetStdHandle
HeapSize
ExitProcess
Sleep
HeapReAlloc
RtlUnwind
RaiseException
IsDebuggerPresent
GetStringTypeW
SetUnhandledExceptionFilter
InterlockedIncrement
GlobalFlags
WritePrivateProfileStringW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
lstrlenA
GetModuleHandleA
InterlockedDecrement
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
GlobalAddAtomW
GlobalDeleteAtom
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
CompareStringA
InterlockedExchange
lstrcmpW
LocalAlloc
GetLocaleInfoW
HeapFree
LocalFree
HeapAlloc
GetCurrentThread
GetModuleHandleW
FormatMessageW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
GetFileSizeEx
lstrlenW
GlobalAlloc
FindClose
FindFirstFileW
SetLastError
WideCharToMultiByte
GetACP
MulDiv
GlobalLock
GlobalUnlock
GlobalFree
GetCurrentProcess
FreeResource
LoadLibraryW
GetProcAddress
FreeLibrary
QueryPerformanceFrequency
QueryPerformanceCounter
GetVersionExW
MultiByteToWideChar
GetFileSize
RemoveDirectoryW
GetSystemTimeAsFileTime
GetDiskFreeSpaceExW
GetModuleFileNameW
GetTickCount
CreateFileW
GetFileAttributesW
ReadFile
SetEndOfFile
SetFilePointer
WriteFile
LeaveCriticalSection
EnterCriticalSection
TerminateThread
SetEvent
DeleteFileW
CopyFileW
GetCurrentProcessId
GetLongPathNameW
GetTempPathW
WaitForMultipleObjects
CreateThread
GetCommandLineW
GetLastError
CreateMutexW
FindResourceW
LoadResource
LockResource
SizeofResource
CreateProcessW
MoveFileExW
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
WaitForSingleObject
CreateEventW
OutputDebugStringW

user32

GetMessagePos
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
GetDlgCtrlID
DefWindowProcW
PtInRect
GetMenu
SetWindowPos
SystemParametersInfoA
GetWindowThreadProcessId
GetLastActivePopup
SetWindowsHookExW
CallNextHookEx
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMessageTime
PostMessageW
MessageBoxW
GetClientRect
EnableWindow
GetSubMenu
GetMenuItemID
GetMenuState
GetMenuItemCount
GetWindowTextW
SetWindowTextW
GetFocus
SetFocus
SystemParametersInfoW
LoadImageW
GrayStringW
DrawTextExW
TabbedTextOutW
GetDC
ReleaseDC
LoadCursorW
SetCursor
DrawTextW
OffsetRect
InflateRect
CopyRect
KillTimer
GetClassNameW
SetWindowLongW
InvalidateRect
CallWindowProcW
IsWindow
GetWindowPlacement
UnhookWindowsHookEx
GetTopWindow
GetForegroundWindow
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
GetParent
GetWindow
GetClassLongW
GetCapture
WinHelpW
SendDlgItemMessageA
SendDlgItemMessageW
RegisterWindowMessageW
LoadIconW
SendMessageW
GetWindowRect
SetTimer
IsIconic
GetSystemMetrics
PostQuitMessage
DrawIcon
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
MapWindowPoints
GetWindowLongW
IsDialogMessageW
MoveWindow
ShowWindow
ClientToScreen
BeginPaint
EndPaint
UnregisterClassW
CharUpperW
GetSysColorBrush
DestroyMenu

gdi32

SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExcludeClipRect
GetWindowOrgEx
SetMapMode
RestoreDC
SaveDC
SetBkColor
GetClipBox
CreateBitmap
GetCurrentObject
StretchBlt
GetPixel
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetDeviceCaps
SetPixel
CreateFontIndirectW
SetBkMode
SetTextColor
GetStockObject
DeleteObject
CreateRectRgn
SelectClipRgn
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetWindowOrgEx
BitBlt
DeleteDC
CreateDIBSection
GetObjectW
IntersectClipRect

msimg32

AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegQueryValueW
RegOpenKeyW
RegCloseKey
RegEnumKeyW
RegDeleteKeyW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
OpenProcessToken
GetTokenInformation
CreateWellKnownSid
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW

shell32

SHFileOperationW
ord165

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
UrlUnescapeW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

ole32

CoUninitialize
CoInitializeEx

oleaut32

VariantInit
VariantChangeType
VariantClear

wininet

InternetReadFile
InternetOpenUrlW
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
HttpQueryInfoW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetQueryOptionW
InternetSetOptionExW
InternetQueryDataAvailable

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 314KB - Virtual size: 313KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80a85314788a1ec3b9b614372ce373c1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

wininet

oleacc

Sections

.text Size: 314KB - Virtual size: 313KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 12KB - Virtual size: 28KB

.rsrc Size: 320KB - Virtual size: 319KB

.reloc Size: 40KB - Virtual size: 40KB

.text
Size: 314KB - Virtual size: 313KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 320KB - Virtual size: 319KB

.reloc
Size: 40KB - Virtual size: 40KB