2341cfbdd5fde76a627e0a7345aeb599_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2341cfbdd5fde76a627e0a7345aeb599_JaffaCakes118
Size

500KB
MD5

2341cfbdd5fde76a627e0a7345aeb599
SHA1

4eab0e851d83a972d10eadcebedc040ac56a04d7
SHA256

2a86a1b01d7067a11eeb8ef11347c0c9eb84d28510838226f8db40685ee1d26a
SHA512

ed5cc80b244ef6064e2e0a75350b57a28cf3f9b47211eefbeff7d79c0a7c809a02e552141d7f1f7accb954529b27f4257471567c62255115bcf56d727ac28d62
SSDEEP

6144:cj4QnadR8e9HMd+FoLzC/XZx5bh/0UpbkJ7VRB6S1t:gdadR8e9sCpnbh/0UpwFBP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2341cfbdd5fde76a627e0a7345aeb599_JaffaCakes118

Files

2341cfbdd5fde76a627e0a7345aeb599_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e810405f3e5dd098759acebf745ff1d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\NMC\CURRENT210\WinZip\Setup\WinZip\PROD32MU\SETUP.pdb

Imports

shell32

ShellExecuteExA
ShellExecuteA
SHGetFolderPathA
ord680

user32

CharUpperA
FindWindowExW
GetWindowThreadProcessId
GetShellWindow
SetWindowPos
GetSystemMetrics
GetWindowRect
MessageBoxA
MessageBeep
SendMessageA
GetDlgItem
LoadIconA
EndDialog
LoadStringA
GetWindowTextA
IsWindowVisible
GetClassNameA
EnumWindows
DialogBoxParamA
MessageBoxW
SetFocus
wsprintfA
InvalidateRect
SetWindowTextA
SetPropA
GetDC
DrawTextA
ClientToScreen
ReleaseDC
InflateRect
ScreenToClient
DrawFocusRect
RemovePropA
GetPropA
GetWindowTextLengthA
IsWindow
EnableWindow
IsDlgButtonChecked
CheckDlgButton
LoadBitmapA
GetWindowLongA
BeginPaint
EndPaint
SetWindowLongA
CallWindowProcA
CharNextA
LoadStringW
FindWindowA
KillTimer
SetCursor
SetTimer
LoadCursorA

kernel32

WriteFile
ExitProcess
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
VerifyVersionInfoW
VerSetConditionMask
FindClose
FindFirstFileA
Sleep
WaitForSingleObject
GetStdHandle
GetModuleHandleA
GetFileAttributesA
CloseHandle
GetExitCodeProcess
CreateEventA
LoadLibraryA
FreeLibrary
LCMapStringA
CreateProcessA
GetModuleFileNameA
SetEvent
GetModuleFileNameW
GetUserDefaultUILanguage
lstrcatA
WideCharToMultiByte
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetProcAddress
GetSystemTimeAsFileTime
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapCreate
GetCurrentThreadId
TlsFree
LoadLibraryExW
GetStringTypeA
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
HeapFree
GetVersion
OutputDebugStringA
lstrcmpiA
GetFileAttributesW
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LoadLibraryW
GetModuleHandleW
GetStartupInfoA
GetCommandLineA
RaiseException
RtlUnwind
SetLastError
GetVersionExW
MultiByteToWideChar
GetCurrentProcess
OpenProcess
lstrlenW
GetLastError
GetLocalTime
GetCurrentProcessId
LocalFree
GetVersionExA
ReadFile
GetFileSize
CreateFileA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpA
lstrlenA
HeapAlloc

gdi32

SetTextColor
CreateFontIndirectA
DeleteObject
CreateBitmap
SetBkColor
DeleteDC
CreateCompatibleDC
SelectObject
GetObjectA
BitBlt
GetTextExtentPoint32A

advapi32

CheckTokenMembership
RegSetValueExW
ConvertSidToStringSidW
RegEnumValueA
RegCreateKeyExA
FreeSid
RevertToSelf
AllocateAndInitializeSid
RegDeleteValueW
ImpersonateLoggedOnUser
DuplicateTokenEx
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
OpenProcessToken
RegEnumValueW
RegQueryValueA
RegOpenKeyExW
RegQueryValueExW
RegSetValueExA
RegDeleteValueA
RegCreateKeyA
RegDeleteKeyA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

comctl32

ord17

msi

ord160
ord159
ord31
ord117
ord8
ord91
ord158

ole32

CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoInitializeEx

Exports

Exports

FFTBCompatibilityCheck
GoogleChromeCompatibilityCheck
LaunchGoogleChrome
LaunchGoogleChromeWithDimensions
_GoogleChromeCompatibilityCheck@8
_LaunchGoogleChrome@0
_LaunchGoogleChromeWithDimensions@16

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 354KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e810405f3e5dd098759acebf745ff1d7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

user32

kernel32

gdi32

advapi32

version

comctl32

msi

ole32

Exports

Exports

Sections

.text Size: 105KB - Virtual size: 105KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 5KB - Virtual size: 17KB

.rsrc Size: 354KB - Virtual size: 353KB

.text
Size: 105KB - Virtual size: 105KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 5KB - Virtual size: 17KB

.rsrc
Size: 354KB - Virtual size: 353KB