2724652e3b6452c462752187b2e10d49_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2724652e3b6452c462752187b2e10d49_JaffaCakes118
Size

171KB
MD5

2724652e3b6452c462752187b2e10d49
SHA1

c2b2387cc6f891e77c86a1c1019bf9802ad394d3
SHA256

13f420b65fd89f29f786c8877c1960d4fb471d485238ae1874a4a010a84d195f
SHA512

d20a045a2ec5fc7d52e521f52eb52a3ab51f6f1b602158740328eb1fe6faa2ece08c7eb8a6b8567c59e1feafa8af88b66d4a56ca04f50e7b1a97cf3d8d5639b2
SSDEEP

3072:8CUkTesJMbBunMAortBDfQqf6Que2J0n47dibnWBg/gwMhfochw/MFWrJjKOMxRU:ibQqfUJ0ouDFB47UD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2724652e3b6452c462752187b2e10d49_JaffaCakes118

Files

2724652e3b6452c462752187b2e10d49_JaffaCakes118
.exe windows:6 windows x86 arch:x86

9162049698b1e1fe97141761334e7434

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

iesetup.pdb

Imports

advapi32

RegDeleteKeyW
RegEnumValueW
RegOpenKeyExW
RegCloseKey
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
OpenProcessToken
DuplicateTokenEx
LookupPrivilegeValueW
AdjustTokenPrivileges

kernel32

GetTempFileNameW
FindFirstFileW
FindResourceExW
SetEnvironmentVariableW
CreateDirectoryW
InitializeCriticalSectionAndSpinCount
GetVersionExW
MoveFileW
FindClose
RemoveDirectoryW
FindNextFileW
GetUserDefaultUILanguage
GetWindowsDirectoryW
DeleteFileW
WaitForSingleObject
SetEvent
GetTickCount
InitializeCriticalSection
GetSystemDirectoryW
Sleep
FormatMessageW
GetExitCodeProcess
CreateEventW
WaitForMultipleObjects
CreateThread
lstrcmpiW
FreeLibrary
GetCurrentProcess
CreateProcessW
OpenProcess
LoadLibraryW
GetProcAddress
SetFilePointer
WriteFile
CreateFileW
FlushFileBuffers
SetLastError
GetLocalTime
MoveFileExW
GetTempPathW
SetProcessShutdownParameters
SetFileAttributesW
EnumResourceNamesW
LoadResource
GetLocaleInfoW
LocalAlloc
EnumUILanguagesW
LockResource
EnumResourceLanguagesW
MulDiv
InterlockedDecrement
RaiseException
GetSystemDefaultLangID
GetUserDefaultLangID
GlobalMemoryStatusEx
GetCurrentDirectoryW
ExpandEnvironmentStringsW
LocalFree
CloseHandle
GetModuleHandleW
DeleteCriticalSection
GetCommandLineW
CreateMutexW
FindResourceW
OutputDebugStringW
ResumeThread
CreateFileMappingW
IsWow64Process
MapViewOfFile
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
GetStartupInfoA
InterlockedCompareExchange
GetEnvironmentVariableW
lstrlenA
lstrcmpiA
lstrlenW
WideCharToMultiByte
InterlockedExchange
GetVersionExA
GetLastError
SizeofResource
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetModuleFileNameW
GetSystemInfo

gdi32

GetDeviceCaps
GetObjectW
SetTextColor
CreateFontIndirectW

user32

GetDlgCtrlID
SendMessageW
SetDlgItemTextW
CreateDialogParamW
GetSysColorBrush
ShowWindow
SendDlgItemMessageW
EndDialog
GetDlgItem
LoadIconW
IsDialogMessageW
TranslateMessage
KillTimer
PostMessageW
LoadImageW
PostQuitMessage
GetMessageW
SetTimer
DestroyWindow
GetWindowThreadProcessId
CopyRect
SetWindowPos
GetDesktopWindow
SystemParametersInfoW
BringWindowToTop
OffsetRect
SetForegroundWindow
GetWindowRect
CharToOemW
ExitWindowsEx
ReleaseDC
GetDC
UpdateWindow
UnregisterClassA
DispatchMessageW
CharNextW
FindWindowW
LoadStringW

msvcrt

_write
_lseeki64
__getmainargs
_CxxThrowException
calloc
memset
free
_fileno
_isatty
_errno
ungetc
_amsg_exit
_initterm
_acmdln
_wcsicmp
??2@YAPAXI@Z
_vsnwprintf
??_V@YAXPAX@Z
??_U@YAPAXI@Z
iswdigit
_wtol
iswalpha
_wcsnicmp
wcschr
??3@YAXPAX@Z
_read
__pioinfo
exit
_ismbblead
__badioinfo
wcstombs
_cexit
_exit
_XcptFilter
iswctype
ferror
wctomb
_itoa
_snprintf
_iob
localeconv
isxdigit
isleadbyte
__mb_cur_max
mbtowc
isdigit
_controlfp
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
_lock
__dllonexit
_unlock
realloc
memcpy
__set_app_type
__p__fmode
__p__commode
__setusermatherr
malloc

comctl32

ord334
ord336
ord328
ord339
InitCommonControlsEx
ord332
ord329

ntdll

RtlUnwind

ole32

CoCreateInstance
CLSIDFromString
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoSetProxyBlanket

oleaut32

SysFreeString
SysAllocString
SysStringLen
VariantClear
VariantInit
SysReAllocString
SysAllocStringLen
SysStringByteLen

shell32

SHCreateDirectoryExW
CommandLineToArgvW
SHGetFolderPathW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shlwapi

PathIsDirectoryW
PathIsRelativeW
PathRemoveFileSpecW
SHGetValueW
PathRemoveExtensionW
PathFindFileNameW
PathStripPathW
PathFileExistsW
PathFindExtensionW
SHRegSetUSValueW
ord388
SHDeleteKeyW
StrChrW
SHRegGetUSValueW
SHRegGetValueW
SHSetValueW
PathIsFileSpecW
StrCmpNIW
ord158

uxtheme

IsThemeActive

crypt32

CertVerifyCertificateChainPolicy

wintrust

WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperProvDataFromStateData

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17.7MB - Virtual size: 17.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9162049698b1e1fe97141761334e7434

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comctl32

ntdll

ole32

oleaut32

shell32

version

shlwapi

uxtheme

crypt32

wintrust

Sections

.text Size: 116KB - Virtual size: 115KB

.data Size: 3KB - Virtual size: 41KB

.rsrc Size: 17.7MB - Virtual size: 17.7MB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 116KB - Virtual size: 115KB

.data
Size: 3KB - Virtual size: 41KB

.rsrc
Size: 17.7MB - Virtual size: 17.7MB

.reloc
Size: 6KB - Virtual size: 6KB