97dd7d1933e0d3ddb54aed65a4c37e97_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

97dd7d1933e0d3ddb54aed65a4c37e97_JaffaCakes118
Size

3.0MB
MD5

97dd7d1933e0d3ddb54aed65a4c37e97
SHA1

2c79eef25c63c3e26d999d58c44051928cbc5b0e
SHA256

303d19dd7a3b4e97ca6896ea3d5c05a9c87733f1a3e4999c461ab969dda243b4
SHA512

a1f054162c10f80693f0947b50035bd973c7dd7e2c237a4d914b05d1cf8d5133097c9981cdff308fc7cc7c8e681a36a82f08ec23d529f87769e843aedfc4cdc7
SSDEEP

49152:S6LpMNO8v/ubvcSQw74Tk4ms3BvxiGrQN2/7JOgns+nCMdTEMgpau1xDgn:JLpQwpb8Tk4mcihN2/7/9E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97dd7d1933e0d3ddb54aed65a4c37e97_JaffaCakes118

Files

97dd7d1933e0d3ddb54aed65a4c37e97_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5d8b8ddf7c11f10c6422406b4b2ae877

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\rc_v11_i18_kpr_20190930\Build\Release\WPSOffice\office6\KPacket.pdb

Imports

kernel32

VirtualAlloc
VirtualFree
GetVersionExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
CloseHandle
WaitForSingleObject
CreateEventW
SetEvent
ResetEvent
CreateSemaphoreW
ReleaseSemaphore
InitializeCriticalSection
CreateFileW
FindClose
FindFirstFileW
GetFileAttributesW
FindNextFileW
lstrlenW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetFileSize
SetFilePointer
SetEndOfFile
SetFilePointerEx
WriteFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetSystemDirectoryW
CopyFileW
MoveFileExW
DeleteFileW
GetTickCount
CreateDirectoryW
ReadFile
GetStdHandle
WaitForMultipleObjects
MultiByteToWideChar
WideCharToMultiByte
SetFileAttributesW
RemoveDirectoryW
MoveFileW
GetWindowsDirectoryW
GetFullPathNameW
GetCurrentDirectoryW
GetTempPathW
GetTempFileNameW
GetSystemInfo
GetProcAddress
GetModuleHandleW
GetCurrentProcess
GetCurrentThread
SetLastError
InterlockedDecrement
GetVersion
LocalFree
GetDateFormatW
GetTimeFormatW
GetModuleHandleA
Process32NextW
Process32FirstW
GetCurrentProcessId
CreateToolhelp32Snapshot
ReadProcessMemory
OpenProcess
GetPrivateProfileStringW
FreeLibrary
LoadLibraryExW
QueryPerformanceCounter
QueryPerformanceFrequency
OpenMutexW
CreateMutexW
CreateProcessW
GetExitCodeProcess
Sleep
ExpandEnvironmentStringsW
LoadLibraryW
GetFileAttributesExW
TerminateProcess
GetDiskFreeSpaceExW
lstrcmpW
GetPrivateProfileIntW
WritePrivateProfileStringW
SetCurrentDirectoryW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
lstrcpynA
lstrlenA
CreateFileA
RaiseException
FlushInstructionCache
GetCurrentThreadId
FreeResource
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleFileNameW
GetCommandLineW
GetLongPathNameW
SetPriorityClass
OutputDebugStringW
QueryDosDeviceW
ProcessIdToSessionId
GetLocalTime
CreateThread
GetSystemTime
GetUserDefaultLCID
IsWow64Process
GetUserDefaultUILanguage
LocalAlloc
GetLocaleInfoW
GetUserDefaultLangID
ReleaseMutex
GetSystemWow64DirectoryW
InitializeCriticalSectionAndSpinCount
MapViewOfFileEx
InterlockedIncrement
lstrcmpiW
TerminateThread
InterlockedExchange
MulDiv
GetDateFormatA
LoadLibraryA
InterlockedCompareExchange
DeviceIoControl
HeapSetInformation
GetStartupInfoW
HeapAlloc
HeapFree
ExitThread
DecodePointer
EncodePointer
RtlUnwind
HeapReAlloc
VirtualProtect
VirtualQuery
GetSystemTimeAsFileTime
ExitProcess
SetUnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
HeapCreate
HeapDestroy
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
HeapSize
GetConsoleCP
GetConsoleMode
GetStringTypeW
GetTimeZoneInformation
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
FlushFileBuffers
WriteConsoleW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
InterlockedPushEntrySList
InterlockedPopEntrySList
GetFileSizeEx
GetCompressedFileSizeW
GetGeoInfoW
GetUserGeoID
FlushViewOfFile
OutputDebugStringA
WaitForSingleObjectEx
UnlockFileEx
UnlockFile
SystemTimeToFileTime
LockFileEx
LockFile
HeapCompact
HeapValidate
GetVersionExA
GetTempPathA
GetFullPathNameA
GetFileAttributesA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
FormatMessageW
FormatMessageA
DeleteFileA
CreateFileMappingA
AreFileApisANSI
TryEnterCriticalSection
GetTimeFormatA

msi

ord90

Exports

Exports

dc_AddKeyValue
dc_CheckABTestTagExist
dc_CloseDataHandle
dc_CreateDataHandle
dc_Init
dc_SendAppEndInfoc
dc_SendAppStartInfoc
dc_SendCommonEventInfoc
dc_SendCountEventInfoc
dc_SetInfocCallback
dc_Uninit
dc_UpdateAccountID
dc_UpdateCustomHeaders

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512KB - Virtual size: 511KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d8b8ddf7c11f10c6422406b4b2ae877

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msi

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 512KB - Virtual size: 511KB

.data Size: 47KB - Virtual size: 79KB

.rsrc Size: 164KB - Virtual size: 163KB

.reloc Size: 173KB - Virtual size: 173KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 512KB - Virtual size: 511KB

.data
Size: 47KB - Virtual size: 79KB

.rsrc
Size: 164KB - Virtual size: 163KB

.reloc
Size: 173KB - Virtual size: 173KB