9ddf9b3e8bad89e77fd1227cdeba3fcd_JaffaCakes118

General

Target

9ddf9b3e8bad89e77fd1227cdeba3fcd_JaffaCakes118
Size

11.0MB
MD5

9ddf9b3e8bad89e77fd1227cdeba3fcd
SHA1

2422723ba9c463969827bac2f73d645dbcf3b3c9
SHA256

5b94091eb1c4e9933ca42225ea9b09f4220462f3dcaf7bf3d240bf5fe7eb0960
SHA512

3fdc8331334a438e3aedca4679fe1b5266b371947edebfb1602ce77f04fb929cf84aa8f7f5dfa9cc2a8f5db110e165fa4ed90c88a6cb17d126f943b488c8f2c5
SSDEEP

196608:z4QVV0ge1B5WHYrUMhIS8AbzZoicfPIsBiaCJSqlGBMtvwL6wpVETzZYVyk:MQXHW82fhMAbzZo/fNBG0xBMxqpK+VD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9ddf9b3e8bad89e77fd1227cdeba3fcd_JaffaCakes118

Files

9ddf9b3e8bad89e77fd1227cdeba3fcd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

90a9e41addb01d98a32f6d72310a2370

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\se7\src\build\Release\mini_installer.exe.pdb

Imports

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

WriteFile
CreateFileW
LockResource
LoadResource
HeapAlloc
GetProcessHeap
HeapFree
WideCharToMultiByte
MultiByteToWideChar
ReadFile
SetFilePointer
SetFileAttributesW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetProcAddress
LoadLibraryExW
ExpandEnvironmentStringsW
lstrlenW
WaitForSingleObject
CloseHandle
CreateProcessW
RemoveDirectoryW
DeleteFileW
GetCommandLineW
GetModuleFileNameW
GetCurrentProcess
GetVersionExW
lstrcmpiW
CreateDirectoryW
GetTickCount
SizeofResource
FindNextFileW
FindFirstFileW
GetLastError
CreateMutexW
MoveFileExW
EnumResourceNamesW
GetTempPathW
FindFirstFileExW
SetProcessWorkingSetSize
GetModuleHandleW
ExitProcess
LocalFree
FindResourceW
GetExitCodeProcess
FindClose

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW

user32

MessageBoxW
FindWindowW
PeekMessageW
DispatchMessageA
DispatchMessageW
TranslateMessage
GetMessageA
GetMessageW
IsWindowUnicode
MsgWaitForMultipleObjectsEx
BringWindowToTop
SetForegroundWindow
ShowWindow
IsIconic

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38.7MB - Virtual size: 38.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90a9e41addb01d98a32f6d72310a2370

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

userenv

kernel32

advapi32

shell32

user32

Sections

.text Size: 11KB - Virtual size: 10KB

.data Size: - Virtual size: 16B

.rsrc Size: 38.7MB - Virtual size: 38.7MB

.text
Size: 11KB - Virtual size: 10KB

.data
Size: - Virtual size: 16B

.rsrc
Size: 38.7MB - Virtual size: 38.7MB