2f2a2d6728d72d70d7828af23c470231_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2f2a2d6728d72d70d7828af23c470231_JaffaCakes118
Size

299KB
MD5

2f2a2d6728d72d70d7828af23c470231
SHA1

00e5bc4e77cdafb49e027026fc81927300c82f76
SHA256

dcf798fa26dad6e4f50a396f8cb42c9ee15af1be15fa99bb43ecbe68f4511fbb
SHA512

d58856c9ede6b9666a1d7431472a147268bce10558d43aa5be67dd09a38b38bc4c6beeb54bfb5df7b71f39b19cf47461cf8c3f52d48834ed6d4c44b6612bb172
SSDEEP

6144:7QFelTx1jqyS9B0KY5nJABPzBxTCn7cDfXX81bRjE4:sFeBrWySf0KY5nYdxOn7pC4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f2a2d6728d72d70d7828af23c470231_JaffaCakes118

Files

2f2a2d6728d72d70d7828af23c470231_JaffaCakes118
.exe windows:6 windows x86 arch:x86

5b7dfe60f07e52ec0f4b5e35c39cb777

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wusetup.pdb

Imports

kernel32

GetPrivateProfileStringW
WaitForMultipleObjects
ResetEvent
SetEvent
GetFileType
GetVolumePathNameW
GetDriveTypeW
GetSystemWindowsDirectoryW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
ExpandEnvironmentStringsW
MapViewOfFileEx
FindResourceExW
LockResource
FindResourceW
LoadResource
MultiByteToWideChar
SetFileAttributesW
GetSystemDefaultLangID
DeleteFileW
CopyFileW
MoveFileExW
FindClose
FindFirstFileW
GetSystemDefaultUILanguage
GetFileTime
SetFileTime
FindNextFileW
GetFileAttributesW
GetCurrentThread
CompareStringA
lstrlenW
HeapReAlloc
CreateEventW
LocalFree
GetVersionExW
OutputDebugStringW
WideCharToMultiByte
WriteFile
FlushFileBuffers
InterlockedIncrement
InterlockedDecrement
GetSystemTime
SetLastError
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetFilePointer
SetEndOfFile
ReleaseMutex
CreateMutexW
CloseHandle
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
EnumUILanguagesW
CreateDirectoryW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLocaleInfoW
GetExitCodeProcess
CreateProcessW
InitializeCriticalSectionAndSpinCount
GetSystemInfo
GetProcAddress
CompareStringW
GetProcessHeap
HeapFree
HeapAlloc
GetModuleHandleW
WaitForSingleObject
CreateFileW
GetLastError
GetFileSizeEx
ReadFile
CreateThread
LoadLibraryExW
GetUserDefaultUILanguage
Sleep
GetSystemDirectoryW
GetCommandLineW
GetModuleFileNameW
GlobalFree
FreeLibrary
VerSetConditionMask
RemoveDirectoryW
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
RtlUnwind
SetUnhandledExceptionFilter
GetModuleHandleA
VerifyVersionInfoW

user32

EnableWindow
CallWindowProcW
GetWindowLongW
SetWindowTextW
MessageBoxW
SendMessageW
SendMessageA
SetWindowLongW
SendDlgItemMessageA
SendDlgItemMessageW
LoadImageW
GetSystemMetrics
DestroyIcon
GetDlgItem
EnableMenuItem
IsDlgButtonChecked
GetParent
PostMessageW
ExitWindowsEx
CharNextW
GetSystemMenu

msvcrt

exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_unlock
__dllonexit
_ismbblead
_XcptFilter
_exit
_cexit
_lock
_onexit
memcpy
memmove
malloc
free
__getmainargs
?terminate@@YAXXZ
_controlfp
_wtol
wcstoul
wcsrchr
_vsnwprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
_purecall
memset
wcschr
_wtoi

shell32

CommandLineToArgvW
ShellExecuteA

shlwapi

PathRemoveFileSpecW
SHDeleteKeyW
PathIsRelativeW
PathStripToRootW
PathFindExtensionW
StrRChrW
PathIsRootW
StrChrW
PathIsUNCW

setupapi

SetupGetFieldCount
SetupGetLineTextW
SetupFindNextLine
SetupFindFirstLineW
SetupGetStringFieldW
SetupCloseInfFile
SetupOpenInfFileW
SetupGetIntField
SetupGetLineCountW
SetupOpenFileQueue
SetupInitDefaultQueueCallbackEx
SetupInstallFilesFromInfSectionW
SetupCommitFileQueueW
SetupTermDefaultQueueCallback
SetupCloseFileQueue
SetupDefaultQueueCallbackW
SetupGetTargetPathW
SetupInstallFromInfSectionW

ole32

CoInitializeEx
CoCreateGuid
CoDisconnectObject
CoCreateInstance
CoTaskMemFree

comctl32

DestroyPropertySheetPage
CreatePropertySheetPageW
InitCommonControlsEx
PropertySheetW

advapi32

ImpersonateSelf
AllocateAndInitializeSid
FreeSid
DuplicateTokenEx
CheckTokenMembership
IsValidSid
CopySid
RegSetValueExW
RegQueryValueExW
StartServiceW
ControlService
QueryServiceStatus
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RevertToSelf
InitiateSystemShutdownExW
AdjustTokenPrivileges
RegCreateKeyExW
LookupPrivilegeValueW
OpenThreadToken
OpenProcessToken
GetTokenInformation
RegCloseKey
RegOpenKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
GetUserNameW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

sfc

ord5
ord3
ord4
SfcIsFileProtected

rpcrt4

UuidToStringA
RpcStringFreeA

cabinet

ord22
ord21
ord20
ord23

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WinVerifyTrust

crypt32

CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CertGetCertificateContextProperty
CertVerifyCertificateChainPolicy
CertOpenStore
CertControlStore
CryptHashPublicKeyInfo

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

PACK
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5b7dfe60f07e52ec0f4b5e35c39cb777

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcrt

shell32

shlwapi

setupapi

ole32

comctl32

advapi32

version

sfc

rpcrt4

cabinet

wintrust

crypt32

Sections

.text Size: 119KB - Virtual size: 118KB

.data Size: 1024B - Virtual size: 3KB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 6KB - Virtual size: 6KB

PACK Size: 144KB - Virtual size: 380KB

.text
Size: 119KB - Virtual size: 118KB

.data
Size: 1024B - Virtual size: 3KB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 6KB - Virtual size: 6KB

PACK
Size: 144KB - Virtual size: 380KB