0bc10acbc6c93446c020e19ee6e565c1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0bc10acbc6c93446c020e19ee6e565c1_JaffaCakes118
Size

2.8MB
MD5

0bc10acbc6c93446c020e19ee6e565c1
SHA1

3b549a5e0be5434c02b55fec82ff70635d0f09f0
SHA256

188f00445c3b873052df93ad29c647799b158bbe4c6fd52ddfa0d2dd5f6b0ecc
SHA512

4d0fc3c72ebc03e0d1932cb63946671562cab9fe2142fe73488cb6c7c48fa008a981b6100dc7ac05eea0e44e32eb5db4453c1f9d6fc4284588b7cdbd1cda8f9e
SSDEEP

24576:6lv9z3DCaUO+eE0C+Uv91GzVSZ7WDKGXJZVyANkf53IEaojh7PA3pIBRMjk6xSi3:UMNSCX9kz0ZO1kf53IEaoj6uwQI5J/DB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bc10acbc6c93446c020e19ee6e565c1_JaffaCakes118

Files

0bc10acbc6c93446c020e19ee6e565c1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2eb3ff660563c5c2fbd77befd3ef387d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\SpbSVN\trunk\Internal\SpbSetup\sources\SpbSetup\Release\SpbSetup.pdb

Imports

kernel32

GetUserDefaultUILanguage
SetLastError
lstrcmpiW
WideCharToMultiByte
CompareStringW
GetCurrentThreadId
EnterCriticalSection
Sleep
GetModuleHandleW
MulDiv
LeaveCriticalSection
DeleteCriticalSection
lstrlenA
InterlockedExchange
RaiseException
MultiByteToWideChar
InterlockedDecrement
LoadLibraryExW
GetModuleFileNameW
InterlockedIncrement
InitializeCriticalSection
LocalAlloc
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
FlushInstructionCache
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapCreate
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
GetModuleHandleA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
GetCurrentProcess
CreateThread
lstrcpyW
FlushFileBuffers
LockResource
LoadResource
FindResourceW
FindResourceExW
WritePrivateProfileStringW
DeleteFileW
GetLastError
GetFileSize
GetTempPathW
CreateDirectoryW
GetFileAttributesW
WaitForSingleObject
SetEndOfFile
CreateProcessW
SetFilePointer
UnmapViewOfFile
FreeLibrary
GetProcAddress
MapViewOfFile
LoadLibraryW
GetTempFileNameW
CreateFileMappingW
SizeofResource
CloseHandle
WriteFile
CreateFileW
ReadFile
lstrlenW
GetEnvironmentStringsW

user32

AppendMenuW
BeginPaint
TrackPopupMenu
GetParent
EndPaint
SendMessageW
LoadStringW
UnregisterClassA
MessageBoxW
FillRect
GetWindowLongW
CreatePopupMenu
GetDlgItemTextW
GetMonitorInfoW
SetWindowTextW
SetFocus
MonitorFromPoint
PostMessageW
LoadBitmapW
GetActiveWindow
SetRectEmpty
SetMenuItemInfoW
SystemParametersInfoW
GetWindow
PtInRect
SetCursor
ScreenToClient
InvalidateRect
DestroyMenu
SetWindowPos
ClientToScreen
MoveWindow
CreateWindowExW
UpdateWindow
MapWindowPoints
IsWindow
GetWindowRect
MessageBeep
IsDlgButtonChecked
GetClientRect
CallWindowProcW
GetWindowTextW
ReleaseDC
GetDlgItem
DefWindowProcW
GetDC
GetDlgCtrlID
LoadIconW
DrawTextW
DestroyIcon
GetSysColorBrush
RedrawWindow
EndDialog
GetWindowTextLengthW
GetSysColor
SetWindowLongW
LoadCursorW
OffsetRect
CheckDlgButton
IsWindowVisible
DialogBoxParamW
CopyRect
DrawFocusRect
IsWindowEnabled
GetClassNameW
GetFocus
GetCursorPos
CharNextW
ReleaseCapture
SetDlgItemTextW
LoadImageW
GetCapture
GetSystemMetrics
ShowWindow
EnableWindow
DestroyWindow
SetCapture

gdi32

SelectObject
SetBkMode
GetObjectW
GetCurrentObject
GetStockObject
GetTextExtentPoint32W
SetTextColor
SetBkColor
GetDeviceCaps
DPtoLP
DeleteDC
DeleteObject
CreateFontIndirectW

advapi32

RegDeleteKeyW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
ShellExecuteExW
FindExecutableW
ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize
CoCreateInstance
StringFromGUID2
CoUninitialize
CoTaskMemFree

oleaut32

VarUI4FromStr
SysFreeString

shlwapi

PathRemoveExtensionW
PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW

comctl32

CreatePropertySheetPageW
PropertySheetW
DestroyPropertySheetPage
InitCommonControlsEx
ImageList_Add
ImageList_Create
_TrackMouseEvent

wininet

InternetCloseHandle
InternetOpenW
HttpQueryInfoW
InternetReadFile
InternetCanonicalizeUrlW
InternetOpenUrlW
InternetSetFilePointer

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.drdata
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2eb3ff660563c5c2fbd77befd3ef387d

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

wininet

Sections

.text Size: 151KB - Virtual size: 151KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 10KB - Virtual size: 24KB

.rsrc Size: 2.7MB - Virtual size: 2.7MB

.drdata Size: 89KB - Virtual size: 92KB

.text
Size: 151KB - Virtual size: 151KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 10KB - Virtual size: 24KB

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

.drdata
Size: 89KB - Virtual size: 92KB