9d9ff33348d0a0a00b77e0893d2fb8ec_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

9d9ff33348d0a0a00b77e0893d2fb8ec_JaffaCakes118
Size

24.0MB
MD5

9d9ff33348d0a0a00b77e0893d2fb8ec
SHA1

dd78f7abda91255398b658a36e4fa102dd32bd0b
SHA256

ae1bf723adb05c049a9efeb440f62949fa710df5d149375be366a16b47083681
SHA512

7b85f3fab51a1b57042ab9158665630aba05020f06e6054500acbdadf179e9084f9915404dd092501b5616b7b62c490fd8704642f3a25f0cc09237059203c348
SSDEEP

786432:4sGpOdM6O3UFEN2a0AJ8sDGpuuhaWpRyAoq570f3aaNO:hGH3UFEV0A6q8HpRyAN7maaE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9d9ff33348d0a0a00b77e0893d2fb8ec_JaffaCakes118

Files

9d9ff33348d0a0a00b77e0893d2fb8ec_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0aac22a6dd7871bbfdcef2db98a1b2b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\svn\xmp\jenkins\jobs\XMP5.2.10Lite\workspace\trunk\Symbols\ProductReleaseLite\XmpSetup\pdb\XmpSetup.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

SetFilePointer
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
OutputDebugStringW
GetCurrentThreadId
GetCurrentProcessId
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
GetProcAddress
LoadLibraryW
GlobalLock
GlobalAlloc
FlushFileBuffers
WritePrivateProfileStringW
GetTempPathA
CreateFileW
CreateFileA
WritePrivateProfileStringA
GetPrivateProfileIntW
GetPrivateProfileStringA
GetPrivateProfileStringW
CopyFileW
MoveFileW
InitializeCriticalSection
SetEnvironmentVariableW
ReleaseMutex
GetEnvironmentVariableW
WaitForSingleObject
ExitProcess
CreateMutexW
TerminateProcess
GetCurrentProcess
TlsSetValue
FindCloseChangeNotification
FindFirstChangeNotificationW
GetLocalTime
TlsGetValue
TlsAlloc
GetSystemInfo
FreeLibrary
InterlockedDecrement
TlsFree
DeleteCriticalSection
Sleep
CreateThread
GetTickCount
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
ExpandEnvironmentStringsW
RemoveDirectoryW
SetFileAttributesW
HeapFree
CreateDirectoryA
GetCommandLineW
RaiseException
GetTempPathW
CloseHandle
GetLongPathNameW
lstrcatW
lstrcpyW
GetSystemDirectoryW
SetPriorityClass
GetDiskFreeSpaceExW
GetFileSize
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
SetEndOfFile
SetStdHandle
LoadLibraryA
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
WriteFile
ReadFile
GetModuleFileNameW
GlobalUnlock
GlobalFree
VirtualQuery
EnterCriticalSection
LeaveCriticalSection
InterlockedExchangeAdd
GetCurrentDirectoryA
GetFileType
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameW
IsValidCodePage
GetOEMCP
GetACP
GetUserDefaultLCID
HeapSize
GetStdHandle
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
GetModuleHandleA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
SetLastError
GetLastError
lstrlenW
GetFileAttributesW
CreateDirectoryW
FreeEnvironmentStringsW
GetEnvironmentStrings
SetCurrentDirectoryW
GetFileAttributesA
GetProcessHeap
InterlockedExchange
InterlockedIncrement
GetVolumeInformationA
GetSystemDirectoryA
GetModuleFileNameA
IsBadCodePtr
lstrcatA
lstrcpyA
DeviceIoControl
GetVersionExA
RtlUnwind
GetSystemTimeAsFileTime
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetCommandLineA
GetStartupInfoA
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleW
FreeEnvironmentStringsA

user32

LoadIconW
PostMessageW
DefWindowProcW
wsprintfW
CharLowerBuffW
MessageBoxW
FindWindowW
SetForegroundWindow
DispatchMessageW
LoadCursorW
RegisterClassExW
CreateWindowExW
GetMessageW
TranslateMessage
PostQuitMessage

gdi32

GetStockObject

advapi32

RegSetValueExW
RegFlushKey
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

ord680
SHGetSpecialFolderPathW
ShellExecuteW
CommandLineToArgvW
ord165
SHGetFolderPathW
SHGetSpecialFolderPathA

ole32

CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VarBstrCmp
SysAllocStringLen
SysFreeString

shlwapi

PathRemoveFileSpecW
PathAddBackslashW
PathRemoveExtensionW
PathFileExistsW
PathAppendW
PathRemoveBackslashW
PathFindFileNameW

setupapi

SetupIterateCabinetW

urlmon

URLDownloadToCacheFileW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27.8MB - Virtual size: 27.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0aac22a6dd7871bbfdcef2db98a1b2b3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

setupapi

urlmon

iphlpapi

Sections

.text Size: 230KB - Virtual size: 230KB

.rdata Size: 59KB - Virtual size: 58KB

.data Size: 11KB - Virtual size: 27KB

.rsrc Size: 27.8MB - Virtual size: 27.8MB

.text
Size: 230KB - Virtual size: 230KB

.rdata
Size: 59KB - Virtual size: 58KB

.data
Size: 11KB - Virtual size: 27KB

.rsrc
Size: 27.8MB - Virtual size: 27.8MB