2467dbeff5d9096a311a7304331da3ae_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2467dbeff5d9096a311a7304331da3ae_JaffaCakes118
Size

415KB
MD5

2467dbeff5d9096a311a7304331da3ae
SHA1

1b6284f34b593724a98a9f4281406d22328a9914
SHA256

e783473cd2a2486ccf5345e1f322a4c36d1e5140d6a710886bb5a931b327b729
SHA512

d6590fc4b8fe20d83c86f0be19479f13f6f66b24b42ee8e09eb842b495b764ab84d8c9faea23eb0499a6ef7ea724ef35fb6788ee2cd10d8baf516f48004d3277
SSDEEP

6144:LPwNgvHb3PcnKtwWVBj3QcaG9hxegADB6iDZJb0pVyGUA9az3Q0j0SNUN:LINngwUBbQcjxAl2/ZUA2lNQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2467dbeff5d9096a311a7304331da3ae_JaffaCakes118

Files

2467dbeff5d9096a311a7304331da3ae_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ecef0ad6cbef3b0bfe8cf32da2f80912

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\limeqfe\plus_r1.5qfe\target\retail\i386\MPA\ProductActivation.PDB

Imports

msvcr70

__security_error_handler
free
memset
??_U@YAPAXI@Z
_wtoi
wcsrchr
strchr
strncpy
__CxxFrameHandler
memmove
wcslen
_CxxThrowException
_controlfp
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
exit
_cexit
_XcptFilter
_exit
??2@YAPAXI@Z
wcstok
_ftol
_c_exit
??_V@YAXPAX@Z
??3@YAXPAX@Z

atl70

ord18
ord61
ord23
ord64
ord22
ord20
ord17

kernel32

DeleteCriticalSection
Sleep
CreateThread
CreateEventW
GetCurrentThreadId
InterlockedIncrement
SetEvent
InterlockedDecrement
GetCommandLineW
GetModuleHandleA
GetStartupInfoW
DeviceIoControl
GetLocalTime
GetDiskFreeSpaceA
GetComputerNameA
LocalFree
LocalAlloc
GetVolumeInformationW
GetVolumeInformationA
CompareStringA
CompareStringW
GetUserDefaultLCID
IsDBCSLeadByte
InitializeCriticalSection
GetExitCodeThread
ResumeThread
SetThreadAffinityMask
GetProcessAffinityMask
GetCurrentProcess
GetSystemInfo
OutputDebugStringA
WaitForSingleObject
CloseHandle
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
LoadLibraryA
GetLogicalDriveStringsA
GetDriveTypeA
GlobalMemoryStatus
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
FreeLibrary
GetProcAddress
LoadLibraryW
GetLastError
CreateDirectoryA
HeapFree
GetProcessHeap
HeapAlloc
MultiByteToWideChar
RemoveDirectoryW
DeleteFileW
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapReAlloc
HeapSize
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
IsBadReadPtr
SetFilePointer
ReadFile
GetFileSize
lstrlenA
lstrcpyA
SetLastError
WideCharToMultiByte
CreateFileA
WriteFile
DeleteFileA
IsValidCodePage
GetModuleHandleW
RtlUnwind
InitializeCriticalSectionAndSpinCount
CreateSemaphoreA
VirtualAlloc
CreateEventA
GetSystemTime
VirtualFree
ReleaseSemaphore
VirtualProtect
FlushInstructionCache

user32

wvsprintfA
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
CharNextW
CharUpperW
BroadcastSystemMessageA
wsprintfA
MessageBoxW
GetSystemMetrics

ole32

CoUninitialize
CoCreateInstance
CLSIDFromProgID
StringFromGUID2
CoInitialize
CoCreateGuid

advapi32

CryptImportKey
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
GetCurrentHwProfileA
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExW
GetUserNameA
RegDeleteValueW

shell32

SHGetFolderPathA
SHGetFolderPathW

crypt32

CryptExportPublicKeyInfo
CertOpenStore
CertComparePublicKeyInfo
CertFreeCertificateContext
CertCloseStore
CertVerifySubjectCertificateContext
CertGetIssuerCertificateFromStore
CertCreateCertificateContext
CertEnumCertificatesInStore
CertFindExtension
CertDuplicateCertificateContext

msi

ord92
ord32
ord8
ord159
ord160
ord120
ord70

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA

shlwapi

PathAppendA

wininet

InternetCloseHandle

Sections

.text
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ecef0ad6cbef3b0bfe8cf32da2f80912

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr70

atl70

kernel32

user32

ole32

advapi32

shell32

crypt32

msi

setupapi

shlwapi

wininet

Sections

.text Size: 226KB - Virtual size: 226KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 26KB - Virtual size: 104KB

.text
Size: 226KB - Virtual size: 226KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 26KB - Virtual size: 104KB