1c37d876cab223d0b6b803665d6a8f97_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1c37d876cab223d0b6b803665d6a8f97_JaffaCakes118
Size

97KB
MD5

1c37d876cab223d0b6b803665d6a8f97
SHA1

20ab5286c810b1887d6b9f1db8bb65b4144f770a
SHA256

48f37836f366ab14d8ea3f52795add1f793b9f05daeb68fe7b92940ec04c659f
SHA512

617d48a63e3cb5e9c4dc4b3cb96b22abc33d726fbf6bae5b95960b55d86988d61fc50dd2e2f169bc316007aaba37f96d01c0433becf09e2512f26ed5a8c3ca5a
SSDEEP

1536:af39jVsX0ZxugC+xYCWVaMGBYEWYt2bmHE:ojCX0KdrPwBYELt2bmk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c37d876cab223d0b6b803665d6a8f97_JaffaCakes118

Files

1c37d876cab223d0b6b803665d6a8f97_JaffaCakes118
.dll windows:4 windows x86 arch:x86

16165a38ea4fb016ae0b7e8ae8931121

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHDeleteKeyW

msi

ord211
ord49
ord115
ord158
ord116
ord131
ord14
ord74
ord92
ord32
ord159
ord160
ord118
ord113
ord8
ord16
ord111

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapSize
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
lstrcatW
lstrcpyW
lstrcmpW
lstrlenW
FindNextFileW
FindFirstFileW
CloseHandle
CreateProcessW
SetLastError
WideCharToMultiByte
DeleteFileW
GetVersionExW
GetLastError
GetCurrentProcess
GetLocaleInfoA
GetTimeZoneInformation
InitializeCriticalSection
LoadLibraryA
CompareStringA
CompareStringW
FindClose
GetCommandLineA
RtlUnwind
FileTimeToSystemTime
FileTimeToLocalFileTime
HeapFree
HeapAlloc
GetCurrentThreadId
SetEnvironmentVariableA
GetVersionExA
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter

advapi32

RegCreateKeyW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyW
RegSetValueExW
RegCreateKeyExW
RegFlushKey
RegCloseKey

Exports

Exports

AddFeature
ApplyUpdates
ApplyUpdatesEx
ApplyUpdatesExRD
IsBrowserIntegrated
MaintenanceRepair
MigrateUserRegistry
MigrateUserRegistryEx
RemoveFeature
RemoveUpdates
RemoveUpdatesEx
RemoveUpdatesExRD
SetupUpdaterForReboot
UpdateCache
ValidateInstaller

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

16165a38ea4fb016ae0b7e8ae8931121

Headers

File Characteristics

Imports

shlwapi

msi

kernel32

advapi32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 1020B

.reloc Size: 8KB - Virtual size: 6KB

rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1020B

.reloc
Size: 8KB - Virtual size: 6KB

rsrc
Size: 4KB - Virtual size: 4KB