3cd4b15d2b931dd7c41df1d7383797b5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3cd4b15d2b931dd7c41df1d7383797b5_JaffaCakes118
Size

557KB
MD5

3cd4b15d2b931dd7c41df1d7383797b5
SHA1

5792b47e91b82ec0224c1a6479b7b2bf6c2bd9d0
SHA256

2eaff6be28bbe9e169362fda6ec4e701a73a728527aec8764238140cec9c9af4
SHA512

0f9b4ef0a0429e1c344ab124da95564958d8cf86792664a831cc25cf06b623ac23cba6c31f300bd7cf35e7322b0d9c08c9322e8ed20433d66e488cb6ccd61157
SSDEEP

12288:3gSFDWhMbC2S+9ReqGCu1v0a755EUldiohq:31FDWhMbC2S+94qVu10a3Fd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3cd4b15d2b931dd7c41df1d7383797b5_JaffaCakes118

Files

3cd4b15d2b931dd7c41df1d7383797b5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

23f3395238e8fe764a467d77c65af9a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\hudson\jobs\daily-my-web-search\workspace\output\MinSizeRel\CMSetup.pdb

Imports

shlwapi

PathStripPathW
PathRemoveExtensionW
PathRemoveArgsW
PathMakePrettyW
SHGetValueW

wininet

SetUrlCacheEntryInfoW
FindNextUrlCacheEntryW
FindCloseUrlCache
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW

pdh

PdhCloseQuery
PdhLookupPerfNameByIndexA
PdhMakeCounterPathA
PdhRemoveCounter
PdhCollectQueryData
PdhAddCounterA
PdhOpenQueryW
PdhGetFormattedCounterValue

kernel32

ExitThread
GetWindowsDirectoryW
CreateProcessW
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
ResumeThread
ResetEvent
ReleaseSemaphore
IsProcessorFeaturePresent
InterlockedCompareExchange
SetEnvironmentVariableA
GetProcAddress
GetModuleHandleW
InterlockedExchangeAdd
Sleep
InterlockedIncrement
InterlockedDecrement
CompareStringA
GetLocaleInfoA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
LCMapStringW
GetLastError
CompareStringW
LCMapStringA
GetCPInfo
GetStringTypeA
GetFileInformationByHandle
GetFileSize
ReadFile
WriteFile
GetSystemInfo
CloseHandle
SetFilePointer
GetFileType
CreateFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
HeapFree
GetProcessHeap
WaitForSingleObject
CreateEventA
CreateSemaphoreA
DuplicateHandle
GetCurrentProcess
HeapAlloc
SetEvent
LocalFree
FormatMessageA
FlushInstructionCache
lstrlenA
SystemTimeToFileTime
GetSystemTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetVersionExW
RtlUnwind
GetSystemTimeAsFileTime
RaiseException
GetStartupInfoW
HeapReAlloc
SetHandleCount
GetStdHandle
GetStartupInfoA
SetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
CreateThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameA
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
HeapSize
VirtualAlloc
GetModuleHandleA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

user32

MapVirtualKeyW
VkKeyScanW
PostMessageW
IsWindow
CloseDesktop
SetThreadDesktop
GetThreadDesktop
CreateDesktopW
CallWindowProcW
SetWindowLongW
DefWindowProcW
GetWindowLongW

shell32

ord680

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysStringLen
SysAllocString
VariantInit
VariantClear
VariantChangeType

advapi32

RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW

Sections

.text
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

STLPORT_
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

23f3395238e8fe764a467d77c65af9a6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

wininet

pdh

kernel32

user32

shell32

ole32

oleaut32

advapi32

Sections

.text Size: 392KB - Virtual size: 391KB

.rdata Size: 94KB - Virtual size: 94KB

.data Size: 25KB - Virtual size: 34KB

STLPORT_ Size: 512B - Virtual size: 32B

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 43KB - Virtual size: 42KB

.text
Size: 392KB - Virtual size: 391KB

.rdata
Size: 94KB - Virtual size: 94KB

.data
Size: 25KB - Virtual size: 34KB

STLPORT_
Size: 512B - Virtual size: 32B

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 43KB - Virtual size: 42KB