0f0322be828129ca7676faf8d6a819cc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0f0322be828129ca7676faf8d6a819cc_JaffaCakes118
Size

673KB
MD5

0f0322be828129ca7676faf8d6a819cc
SHA1

9e162b048929b816633fa142c14824eeb9d1d4b9
SHA256

d54adc1e8e3bacde0b53cd25dee9b0e17f8dc253e952d259e8bcaf5be9806782
SHA512

da81f828c16836878338b577617965eeb0f9633853d44f4672d4918d9632d1875e959d2334d873bbe39acfc148fbd87d23fb0f877e07b0bbb7347d64812a7328
SSDEEP

12288:5EdVoNmGkayLJY0bspZBX6zOY0+EyCVsiTbgcEgvS04UruWSSyuap6:AoNmGnyLyPpZBX6zOY0+EyCqina6i+uq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f0322be828129ca7676faf8d6a819cc_JaffaCakes118

Files

0f0322be828129ca7676faf8d6a819cc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7f303ccd367afc91147fb3f4d68e9fd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\mxdev\m5\trunk\mxnitro\deploy\builder\MTInstall_NSIS\install_data\Install.pdb

Imports

kernel32

InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
WritePrivateProfileStringW
CreateMutexA
DecodePointer
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
lstrlenW
lstrlenA
GetVersionExW
GetFullPathNameW
lstrcpynW
GetFileAttributesW
LockResource
UnmapViewOfFile
OutputDebugStringW
GetCommandLineW
WideCharToMultiByte
AllocConsole
CreateFileW
GetFileSize
ReadFile
LoadLibraryW
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
GetCurrentProcess
FlushInstructionCache
SetLastError
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
lstrcpyW
CreateDirectoryW
GetDiskFreeSpaceExW
OpenProcess
WaitForMultipleObjects
TerminateProcess
CreateProcessW
WaitForSingleObject
Sleep
GetCurrentProcessId
lstrcatW
GetUserDefaultUILanguage
GetLocaleInfoW
GetProcessHeap
HeapFree
HeapAlloc
IsDebuggerPresent
InterlockedPopEntrySList
InterlockedPushEntrySList
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LocalFree
SetEndOfFile
ReadConsoleW
WriteConsoleW
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileType
HeapReAlloc
GetStdHandle
HeapSize
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
OutputDebugStringA
LoadResource
SizeofResource
MultiByteToWideChar
EnterCriticalSection
RaiseException
LeaveCriticalSection
lstrcmpiW
GetModuleHandleW
GetProcAddress
FreeLibrary
GetPrivateProfileIntW
GetPrivateProfileStringW
GetLastError
CloseHandle
VirtualAlloc
VirtualFree
EncodePointer
GetStringTypeW
SetFilePointerEx
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
GetSystemTimeAsFileTime
WriteFile
InitializeCriticalSection
CreateThread
IsProcessorFeaturePresent
InitializeSListHead

user32

GetWindowRect
PeekMessageW
DefWindowProcW
DestroyWindow
PostMessageW
RegisterWindowMessageA
wsprintfW
MessageBoxW
CharNextW
ShowWindow
SetForegroundWindow
DispatchMessageW
TranslateMessage
CharLowerW
GetWindowThreadProcessId
FindWindowW
IsWindow
CallWindowProcW
SetWindowLongW
LoadCursorW
GetClassInfoExW
RegisterClassExW
IsZoomed
InflateRect
ScreenToClient
CreateWindowExW
LoadStringW
SystemParametersInfoW
MonitorFromRect
GetWindowPlacement
MapWindowPoints
GetClientRect
GetMonitorInfoW
MonitorFromWindow
RegisterWindowMessageW
GetWindow
GetParent
KillTimer
SetTimer
SetWindowPos
OffsetRect
AdjustWindowRectEx
GetWindowLongW
LoadImageW
SendMessageW
SetWindowTextW
PostQuitMessage
UnregisterClassW
GetMessageW

advapi32

RegDeleteKeyW
RegQueryValueExA
RegQueryValueExW
RegOpenKeyW
RegCreateKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExA

shell32

SHFileOperationW
ShellExecuteW
SHAppBarMessage
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VarUI4FromStr
VariantClear

shlwapi

PathUnquoteSpacesW
StrStrIW
PathCreateFromUrlW
PathRemoveBackslashW
PathRemoveFileSpecW
PathAddBackslashW
PathCombineW
PathFileExistsW
PathIsDirectoryW

comctl32

InitCommonControlsEx

wininet

InternetSetOptionA
InternetCombineUrlW
InternetCanonicalizeUrlW
InternetCrackUrlA
InternetCanonicalizeUrlA
HttpQueryInfoA
InternetCloseHandle
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA

mxui

HTMLayoutSetupDebugOutput
HTMLayoutWindowAttachEventHandler
HTMLayoutSetMediaType
HTMLayoutDataReady
HTMLayoutLoadFile
HTMLayoutLoadHtml
HTMLayoutLoadHtmlEx
HTMLayoutClassNameW
HTMLayoutGetElementState
HTMLayoutGetElementLocation
HTMLayoutProcND
ValueCompare
HTMLayoutControlGetValue
HTMLayoutCombineURL
HTMLayoutSetCallback
HTMLayoutDeleteElement
HTMLayout_UnuseElement
HTMLayout_UseElement
HTMLayoutVisitElements
HTMLayoutSetElementState
HTMLayoutSendEvent
HTMLayoutUpdateElementEx
HTMLayoutGetParentElement
HTMLayoutGetAttributeByName
HTMLayoutFindElement
HTMLayoutGetElementType
HTMLayoutSetAttributeByName
HTMLayoutSetElementInnerText16
HTMLayoutSelectElements
HTMLayoutGetRootElement
HTMLayoutControlGetType
ValueClear
ValueCopy
ValueInit
HTMLayoutCallBehaviorMethod
ValueIntDataSet
ValueIntData
HTMLayoutUpdateElement
HTMLayoutIsElementEnabled
HTMLayoutGetMinHeight
HTMLayoutGetMinWidth
HTMLayoutGetElementInnerTextCB
HTMLayoutControlSetValue
HTMLayoutSetStyleAttribute

psapi

EnumProcessModules
GetModuleFileNameExW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

rpcrt4

UuidFromStringA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdA
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA

Sections

.text
Size: 283KB - Virtual size: 283KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f303ccd367afc91147fb3f4d68e9fd7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

wininet

mxui

psapi

version

rpcrt4

setupapi

Sections

.text Size: 283KB - Virtual size: 283KB

.rdata Size: 64KB - Virtual size: 64KB

.data Size: 10KB - Virtual size: 20KB

.rsrc Size: 296KB - Virtual size: 295KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 283KB - Virtual size: 283KB

.rdata
Size: 64KB - Virtual size: 64KB

.data
Size: 10KB - Virtual size: 20KB

.rsrc
Size: 296KB - Virtual size: 295KB

.reloc
Size: 18KB - Virtual size: 17KB