173f46d62ae7f9b2cf4bd488e8415141_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

173f46d62ae7f9b2cf4bd488e8415141_JaffaCakes118
Size

499KB
MD5

173f46d62ae7f9b2cf4bd488e8415141
SHA1

948940b209be5201a5cc845364d8778abf26b84d
SHA256

7422d788b3d3d15206c246c824b77b31d3f4b0f9e01ff9f4ff244927d5bff5ab
SHA512

52d29016c6be5775e5630c42067df0f98b1835d2be4850327aaed027c61cb9aec072a281e1b5173f062d5e3b5decea296b32a1305551d6517487eb4f535e914c
SSDEEP

6144:zbajHYYsYAklL8HJZx5Mfh/0UpbkJ7VRB6CCDtS3:irYYsYjlcnMfh/0UpwFBR3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
173f46d62ae7f9b2cf4bd488e8415141_JaffaCakes118

Files

173f46d62ae7f9b2cf4bd488e8415141_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9addcf5050b2507909a7585243e4e687

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\NMC\CURRENT\WinZip\Setup\WinZip\PROD32MU\SETUP.pdb

Imports

shell32

ShellExecuteExA
ShellExecuteA
SHGetFolderPathA
ord680

user32

CharUpperA
FindWindowExW
GetWindowThreadProcessId
GetShellWindow
SetWindowPos
GetSystemMetrics
GetWindowRect
MessageBoxA
MessageBeep
SendMessageA
GetDlgItem
LoadIconA
EndDialog
LoadStringA
GetWindowTextA
IsWindowVisible
GetClassNameA
EnumWindows
DialogBoxParamA
MessageBoxW
SetFocus
wsprintfA
InvalidateRect
SetWindowTextA
SetPropA
GetDC
DrawTextA
ClientToScreen
ReleaseDC
InflateRect
ScreenToClient
DrawFocusRect
RemovePropA
GetPropA
GetWindowTextLengthA
IsWindow
EnableWindow
IsDlgButtonChecked
CheckDlgButton
LoadBitmapA
GetWindowLongA
BeginPaint
EndPaint
SetWindowLongA
CallWindowProcA
CharNextA
LoadStringW
FindWindowA
KillTimer
SetCursor
SetTimer
LoadCursorA

kernel32

WriteFile
ExitProcess
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
FindClose
FindFirstFileA
GetVersionExA
Sleep
WaitForSingleObject
GetProcAddress
GetStdHandle
GetFileAttributesA
CloseHandle
GetExitCodeProcess
CreateEventA
LoadLibraryA
FreeLibrary
LoadLibraryExW
LCMapStringA
GetModuleFileNameA
SetEvent
GetVersionExW
GetUserDefaultUILanguage
GetModuleFileNameW
lstrcatA
WideCharToMultiByte
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetModuleHandleA
GetSystemTimeAsFileTime
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapCreate
GetCurrentThreadId
TlsFree
CreateProcessA
GetStringTypeA
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapFree
FlushFileBuffers
GetVersion
OutputDebugStringA
lstrcmpiA
GetFileAttributesW
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LoadLibraryW
GetModuleHandleW
GetStartupInfoA
GetCommandLineA
RaiseException
RtlUnwind
SetLastError
MultiByteToWideChar
GetCurrentProcess
OpenProcess
lstrlenW
GetLastError
GetLocalTime
GetCurrentProcessId
LocalFree
ReadFile
GetFileSize
CreateFileA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpA
lstrlenA
HeapAlloc

gdi32

SetTextColor
CreateFontIndirectA
DeleteObject
CreateBitmap
SetBkColor
DeleteDC
CreateCompatibleDC
SelectObject
GetObjectA
BitBlt
GetTextExtentPoint32A

advapi32

FreeSid
RegSetValueExW
ConvertSidToStringSidW
RegEnumValueA
RegCreateKeyExA
CheckTokenMembership
RevertToSelf
AllocateAndInitializeSid
RegDeleteValueW
ImpersonateLoggedOnUser
DuplicateTokenEx
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
OpenProcessToken
RegEnumValueW
RegQueryValueA
RegOpenKeyExW
RegQueryValueExW
RegSetValueExA
RegDeleteValueA
RegCreateKeyA
RegDeleteKeyA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

comctl32

ord17

msi

ord160
ord159
ord31
ord117
ord8
ord91
ord158

ole32

CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoInitializeEx

Exports

Exports

FFTBCompatibilityCheck
GoogleChromeCompatibilityCheck
LaunchGoogleChrome
LaunchGoogleChromeWithDimensions
_GoogleChromeCompatibilityCheck@8
_LaunchGoogleChrome@0
_LaunchGoogleChromeWithDimensions@16

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 354KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9addcf5050b2507909a7585243e4e687

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

user32

kernel32

gdi32

advapi32

version

comctl32

msi

ole32

Exports

Exports

Sections

.text Size: 105KB - Virtual size: 105KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 5KB - Virtual size: 17KB

.rsrc Size: 354KB - Virtual size: 353KB

.text
Size: 105KB - Virtual size: 105KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 5KB - Virtual size: 17KB

.rsrc
Size: 354KB - Virtual size: 353KB