06578a23e370ca8bd0051a330fc9be40_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

06578a23e370ca8bd0051a330fc9be40_JaffaCakes118
Size

1.9MB
MD5

06578a23e370ca8bd0051a330fc9be40
SHA1

c98061e626680c497c2855445c7fc4d5d3dea856
SHA256

18b761921d8bf3afc3e05ef0c03ec5efceda1db14850741d9ad2b8580e84fa2d
SHA512

5f335570a8be0afd29b773491d91da1e98a3d49115c3dec18aa09868f9696fd1114df56befbd70d6f46100fcf7de1f7e231b27d8cf59902e4be81f68160883ed
SSDEEP

24576:jP8HLbzDMuryd7n8y7Q1iPjZG3awQxzk:oHPNy18y7ZrZ0awQx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06578a23e370ca8bd0051a330fc9be40_JaffaCakes118

Files

06578a23e370ca8bd0051a330fc9be40_JaffaCakes118
.exe windows:6 windows x86 arch:x86

56f39797f5965c1ce4e0b4e9f98fff1f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\jenkins\workspace\A_MB4_MBSetup\bin\Win32\Release\MBSetup.pdb

Imports

kernel32

HeapReAlloc
GetTimeZoneInformation
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
IsValidCodePage
HeapAlloc
HeapFree
WriteFile
GetStdHandle
ExitProcess
GetModuleHandleExW
ExitThread
RtlUnwind
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
HeapSize
WriteConsoleW
SetEndOfFile
LockResource
LoadResource
SizeofResource
FindResourceExW
VerifyVersionInfoW
VerSetConditionMask
OutputDebugStringW
CreateProcessW
OpenProcess
GetCurrentProcess
GetLogicalDrives
CreateEventW
GetCommandLineW
GetNativeSystemInfo
CreateMutexW
GetModuleFileNameW
WaitForSingleObject
SetEvent
CreateThread
GetProcAddress
GetModuleHandleW
CloseHandle
MulDiv
FormatMessageW
DecodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
RaiseException
LocalFree
GlobalFree
GetLastError
GetFileType
Sleep
ReleaseSemaphore
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
WideCharToMultiByte
MultiByteToWideChar
CreateDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
RemoveDirectoryW
GetTempPathW
AreFileApisANSI
SetLastError
CopyFileW
GetStringTypeW
QueryPerformanceCounter
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent

user32

SendDlgItemMessageW
ReleaseDC
EndDialog
SetDlgItemTextW
SetWindowTextW
GetDC
DialogBoxParamW
PostMessageW
IsProcessDPIAware
LoadStringW
FindWindowW
ShowWindow
GetDlgItem
FindWindowExW
MessageBoxW
GetSystemMetrics
IsDlgButtonChecked
GetWindowPlacement
GetWindowThreadProcessId
GetShellWindow
LoadImageW
LoadBitmapW
LoadIconW
KillTimer
SetTimer
InvalidateRect
GetDlgItemTextW
GetWindowTextLengthW
CheckDlgButton
SetFocus
SendMessageW
GetWindowLongW
SetWindowLongW
DrawFocusRect
InflateRect
GetFocus
DrawTextW
FillRect
GetClientRect
EnableWindow
SetWindowPos

gdi32

CreateFontIndirectW
GetObjectW
FrameRgn
CreateRectRgn
SetBkMode
SetTextColor
Rectangle
DeleteObject
LineTo
MoveToEx
SelectObject
CreatePen
GetStockObject
GetDeviceCaps
CreateSolidBrush
CreateFontW

advapi32

RegGetValueW
CloseServiceHandle
InitiateSystemShutdownExW
RevertToSelf
ImpersonateLoggedOnUser
CreateProcessWithTokenW
DuplicateTokenEx
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
StartServiceW
GetUserNameW
RegSetValueExW
RegSetKeyValueW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CreateServiceW
DeleteService
ControlServiceExA
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW

shell32

SHGetKnownFolderPath
CommandLineToArgvW
ShellExecuteW
SHChangeNotify

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpOpenRequest
WinHttpSetOption
WinHttpSetCredentials
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpGetIEProxyConfigForCurrentUser

Sections

.text
Size: 476KB - Virtual size: 475KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56f39797f5965c1ce4e0b4e9f98fff1f

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

winhttp

Sections

.text Size: 476KB - Virtual size: 475KB

.rdata Size: 119KB - Virtual size: 119KB

.data Size: 11KB - Virtual size: 20KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 31KB - Virtual size: 31KB

.text
Size: 476KB - Virtual size: 475KB

.rdata
Size: 119KB - Virtual size: 119KB

.data
Size: 11KB - Virtual size: 20KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 31KB - Virtual size: 31KB