33888149d44b2a78f6873352d92b8a36_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

33888149d44b2a78f6873352d92b8a36_JaffaCakes118
Size

276KB
MD5

33888149d44b2a78f6873352d92b8a36
SHA1

7bf8c9b7a2f4f1fe0fcb4429de626a9533b5c5cc
SHA256

ccc0f0d48d5b92846ce5fa4ad62cde6cd5ce33e2ac4602bf75c7d99365aece50
SHA512

0e08e4e6cc549216aeef9b98a34eccfb96156ce1b1a4a9d33411c158e1d293b43263efb8bc410b1b8e86d71686f026bdd4d22bd152785875d558e9f3c8b2b9cd
SSDEEP

3072:i265L2JDfnGqusWMgQ/wvP+FTOMo/t383T34cLR+pDTIwPblJAUF3TdO/uP86KgV:wV2tgQO+VOd/NvNTo6KgbgOG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33888149d44b2a78f6873352d92b8a36_JaffaCakes118

Files

33888149d44b2a78f6873352d92b8a36_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ab024b7bd0a09f00e35c0fd48824d647

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\cm\build\public\dnUpdater_07072009_3\downloadUpdater\Release\dnUpdater.pdb

Imports

wininet

InternetConnectW
InternetOpenW
InternetReadFileExA
InternetCloseHandle
HttpSendRequestW
HttpOpenRequestW
InternetCrackUrlW
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetCanonicalizeUrlW
HttpQueryInfoW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
lstrlenW
lstrcpyW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrcmpiW
MultiByteToWideChar
lstrcpynW
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
GetModuleFileNameW
EnterCriticalSection
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
CloseHandle
WaitForSingleObject
Sleep
CreateThread
CreateEventW
lstrcatW
GetCurrentThreadId
SetEvent
GetCommandLineW
DeleteFileW
GetTempFileNameW
GetTempPathW
GetLocalTime
FormatMessageW
GetProcAddress
LoadLibraryW
OpenProcess
GetCurrentProcessId
LoadLibraryA
FindFirstFileW
WriteFile
SetFilePointer
ReadFile
GetFileSize
CreateFileW
LockResource
LocalFree
OutputDebugStringW
WideCharToMultiByte
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
FlushFileBuffers
HeapSize
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
VirtualQuery
SetUnhandledExceptionFilter
GetModuleFileNameA
GetTickCount
QueryPerformanceCounter
IsBadWritePtr
VirtualAlloc
GetFileType
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoW
GetSystemTimeAsFileTime
TerminateProcess
GetModuleHandleA
GetFileAttributesW
HeapReAlloc
RtlUnwind
ExitProcess
GetVersionExA
GetStartupInfoA
GetStringTypeA
GetStringTypeW
VirtualProtect
GetSystemInfo
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
SetEndOfFile
GetPrivateProfileStringW
IsBadReadPtr
IsBadCodePtr
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP

user32

IsWindow
RegisterClassW
LoadBitmapW
UpdateWindow
BeginPaint
EndPaint
SystemParametersInfoW
PostQuitMessage
ShowWindow
SetWindowPos
PostMessageW
MessageBoxW
PeekMessageW
IsWindowUnicode
GetMessageA
DispatchMessageA
GetDesktopWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
wsprintfW
GetClassInfoExW
PostThreadMessageW
GetMessageW
DispatchMessageW
TranslateMessage
CharUpperW
CallWindowProcW
GetWindowLongW
DefWindowProcW
SetWindowLongW
UnregisterClassW
CharNextW
GetClientRect
MsgWaitForMultipleObjects

gdi32

CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject

advapi32

RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoInitialize
CoUninitialize
StringFromGUID2
CoCreateInstance
CLSIDFromProgID

oleaut32

SysAllocString
VarBstrCmp
SysStringByteLen
SysFreeString
SysAllocStringLen
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
SysStringLen
VariantClear
DispCallFunc
VariantInit
SysAllocStringByteLen
UnRegisterTypeLi
RegisterTypeLi

shlwapi

PathFindExtensionW

psapi

EnumProcessModules
GetModuleFileNameExW

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ab024b7bd0a09f00e35c0fd48824d647

Headers

File Characteristics

PDB Paths

Imports

wininet

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

psapi

Sections

.text Size: 108KB - Virtual size: 106KB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 116KB - Virtual size: 116KB

.text
Size: 108KB - Virtual size: 106KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 116KB - Virtual size: 116KB