f79187e35db4ca3e1ac4511768a4234c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f79187e35db4ca3e1ac4511768a4234c_JaffaCakes118
Size

1.3MB
MD5

f79187e35db4ca3e1ac4511768a4234c
SHA1

b0847bb87e5b44a6045330736ed53eb2756d2f27
SHA256

595a814b07357769ab57bc0c4c5ce2321afaff3547f2a67dbadbfecf8b881feb
SHA512

6ba328a883de0c8603524fe056bed7543d103732b341ef817ea5a7586ab6f0de792223232c1e266e76afc5073a218603940ac58a305dedb82a25e76adf306de8
SSDEEP

24576:7IxdQx5pJqCTH86qHL8GXgxK08S5k9upWnTi0jCDgkgCrwsWmF93bS6S4oZn4u0u:7IxcpJqooATxK0tk9upoTi0l4oh4u0u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f79187e35db4ca3e1ac4511768a4234c_JaffaCakes118

Files

f79187e35db4ca3e1ac4511768a4234c_JaffaCakes118
.dll windows:5 windows x86 arch:x86

71653016f0b911726dfdad38ee4d9120

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\home\nightly_build\components\euc_client_bundle\akamai\euc_client_build\win\euc_all\Release\euc_client_bundle\InstallerHelper.pdb

Imports

msi

ord103
ord121
ord17
ord125
ord8

kernel32

Sleep
MultiByteToWideChar
GetSystemTimeAsFileTime
SetEvent
WaitForSingleObject
CreateSemaphoreA
CloseHandle
CreateEventA
ReleaseSemaphore
WaitForMultipleObjects
ReadConsoleInputA
SetConsoleMode
FileTimeToSystemTime
FlushConsoleInputBuffer
GetVersionExW
GlobalMemoryStatus
GetVersion
MoveFileW
TlsGetValue
CreateProcessW
TlsSetValue
GetSystemDirectoryW
WideCharToMultiByte
GetFileAttributesW
TlsAlloc
SetFileAttributesW
FormatMessageA
GetLastError
LocalFree
GetUserDefaultUILanguage
HeapReAlloc
SetEndOfFile
InitializeCriticalSection
GetProcessHeap
HeapAlloc
GetCurrentProcess
HeapFree
LeaveCriticalSection
GetExitCodeProcess
CreateFileW
GetProcAddress
EnterCriticalSection
IsWow64Process
GetSystemInfo
GetModuleHandleA
DeleteCriticalSection
GetCurrentThreadId
GetVersionExA
GetCurrentProcessId
FindFirstFileW
MoveFileExW
CopyFileW
FindClose
RemoveDirectoryW
FindNextFileW
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTime
FreeLibrary
LoadLibraryA
CreateMutexA
ReleaseMutex
VirtualQuery
SetUnhandledExceptionFilter
GetModuleHandleW
InterlockedDecrement
LoadLibraryW
InterlockedIncrement
ResetEvent
WriteFile
EncodePointer
DecodePointer
GetCommandLineA
CreateDirectoryW
GetDriveTypeA
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileExW
SetConsoleCtrlHandler
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
ExitProcess
GetFullPathNameW
DeleteFileW
FindFirstFileExA
IsProcessorFeaturePresent
GetFileAttributesA
HeapSize
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
RaiseException
TlsFree
SetLastError
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
ReadFile
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryW
GetConsoleCP
GetConsoleMode
InterlockedExchange
CreateFileA
SetStdHandle
SetFilePointer
GetFullPathNameA
FlushFileBuffers
GetTimeZoneInformation
LCMapStringW
CreateProcessA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
CompareStringW
SetEnvironmentVariableA

shell32

ord680
SHGetSpecialFolderPathW

ws2_32

shutdown
ioctlsocket
inet_addr
select
WSAGetLastError
getsockopt
connect
WSAStartup
htons
WSACleanup
recv
socket
closesocket
gethostbyname
send
WSASetLastError

wtsapi32

WTSEnumerateProcessesA
WTSFreeMemory

wininet

HttpQueryInfoA
InternetOpenUrlA
InternetReadFile
InternetOpenA
InternetErrorDlg
InternetCloseHandle

shlwapi

SHDeleteKeyW

user32

MessageBoxW
GetDesktopWindow
GetUserObjectInformationW
GetProcessWindowStation

advapi32

RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
GetUserNameW
LookupAccountSidW

ole32

CoCreateGuid

Exports

Exports

ak_acceptEULA
ak_cleanAttributes
ak_cleanFileAttributes
ak_deleteFile
ak_downloadFile
ak_errorToString
ak_fileStatusToString
ak_getAttributes
ak_getFileAttributes
ak_getLastError
ak_initialize
ak_install
ak_pauseFile
ak_setUploadState
ak_uninitialize
initializePingProgress
postInstallSteps
preInstallCheck
registerControlPanelWin7
registerControlPanelXP
rollback
startClient

Sections

.text
Size: 752KB - Virtual size: 752KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 461KB - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71653016f0b911726dfdad38ee4d9120

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

kernel32

shell32

ws2_32

wtsapi32

wininet

shlwapi

user32

advapi32

ole32

Exports

Exports

Sections

.text Size: 752KB - Virtual size: 752KB

.rdata Size: 461KB - Virtual size: 460KB

.data Size: 73KB - Virtual size: 99KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 512B - Virtual size: 448B

.reloc Size: 87KB - Virtual size: 86KB

.text
Size: 752KB - Virtual size: 752KB

.rdata
Size: 461KB - Virtual size: 460KB

.data
Size: 73KB - Virtual size: 99KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 512B - Virtual size: 448B

.reloc
Size: 87KB - Virtual size: 86KB