af82432702ab794ff778276f20c1e920_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

af82432702ab794ff778276f20c1e920_JaffaCakes118
Size

948KB
MD5

af82432702ab794ff778276f20c1e920
SHA1

64594c82f30cb4eeaacfb62025b2064cf2567d6f
SHA256

b1c9554461ddc98130e6fa086d912d1c10b2413a41d1457e216d63b608232212
SHA512

8f42841a67ec5993a83e81b12e7f7a9b64c708ec955622c1cccad38c4cf8c89146dd6d0031c74db90dea6921c6033de15068119dfc74602529dcf3cc703a37c3
SSDEEP

24576:UGcSWPv7v7v7v7v7v7v7v7v7v7v7v7v7v7v7v:UfSCDjDjDjDjDjDjDjD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af82432702ab794ff778276f20c1e920_JaffaCakes118

Files

af82432702ab794ff778276f20c1e920_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2ceee43955dd8ea74889e05e82f34ef8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\weekly-build\Products\AdobeUpdater4.0\bin\win32\release\Bootstrapper.pdb

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
GetLastError
DeleteFileW
CloseHandle
CreateFileW
CopyFileW
GetDiskFreeSpaceExW
SetFileAttributesW
GetFileSizeEx
GetTempFileNameW
GetVolumeInformationW
CreateDirectoryW
GetCurrentThreadId
GetLongPathNameA
GetTempPathA
GetPrivateProfileStringA
WaitForSingleObject
CreateMutexA
GetVersionExA
LockResource
LoadResource
FindResourceExA
GetModuleFileNameA
SetEndOfFile
GetLocaleInfoW
ReadFile
SetStdHandle
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetOEMCP
SetFilePointer
FlushFileBuffers
WriteFile
GetLocaleInfoA
GetACP
InterlockedExchange
FreeLibrary
LoadLibraryA
GetProcAddress
ReleaseMutex
HeapSize
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsBadWritePtr
HeapReAlloc
VirtualFree
HeapCreate
HeapDestroy
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
RaiseException
RtlUnwind
GetModuleHandleA
TerminateProcess
GetCurrentProcess

user32

DrawTextA
ScreenToClient
SetWindowsHookExA
MessageBoxA
UnhookWindowsHookEx
DestroyMenu
CallNextHookEx
GetDlgItem
GetWindowTextA
SetWindowTextA
GetSystemMetrics
GetSystemMenu
EnableMenuItem
GetParent
GetDesktopWindow
GetWindowRect
MoveWindow

gdi32

CreateCompatibleDC
CreateFontIndirectA
SelectObject
DeleteObject
DeleteDC

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderPathW

shlwapi

PathStripToRootA
PathRemoveFileSpecA
PathFileExistsW
PathIsFileSpecA
PathFileExistsA
PathIsDirectoryW

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 804KB - Virtual size: 800KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ceee43955dd8ea74889e05e82f34ef8

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

shlwapi

Sections

.text Size: 108KB - Virtual size: 105KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 804KB - Virtual size: 800KB

.text
Size: 108KB - Virtual size: 105KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 804KB - Virtual size: 800KB