4347c85c6c6d9ecfaded5dff06f77461_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4347c85c6c6d9ecfaded5dff06f77461_JaffaCakes118
Size

347KB
MD5

4347c85c6c6d9ecfaded5dff06f77461
SHA1

714b177f2ec41f4bc2900de919c512cba0279ec8
SHA256

3d0152ab5ce9ebc0c2de612cc3ab0eb7b19a01e06f9b93f85196b88ad9424cf1
SHA512

e860415bc3e60c4cf0148961fc3a5c54886d6aba337e2df1ded751a1fd63fb65c0a6f8a8caa9a1efa6f51649f6462a3f304aa60f8f73415bcdfd4deba2155013
SSDEEP

6144:8jER0VjOUV4wfGjEHCBEMMSQWRyL03IbZHPhA7MMAxSn8:8Aw/V4wfvdSQz+PoMAsn8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4347c85c6c6d9ecfaded5dff06f77461_JaffaCakes118

Files

4347c85c6c6d9ecfaded5dff06f77461_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0f70078a6170a31338109468754d16ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BranchAI\win\Release\stubs\x86a\setup.pdb

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

GetModuleFileNameA
lstrlenA
lstrcpynA
lstrcmpA
GlobalLock
GlobalUnlock
GlobalFree
GlobalAlloc
GetSystemTime
FindFirstFileA
FormatMessageA
CreateProcessA
GetExitCodeProcess
ReadFile
GetVersion
FindClose
GetStringTypeExA
GetDiskFreeSpaceA
GetModuleHandleA
CreateDirectoryA
GetEnvironmentVariableA
RemoveDirectoryA
LoadLibraryExA
EnumResourceLanguagesA
GetSystemDefaultLangID
GetUserDefaultLangID
GetTempPathA
GetTempFileNameA
FindNextFileA
GetLogicalDriveStringsA
GetDriveTypeA
GetSystemDirectoryA
GetWindowsDirectoryA
GlobalMemoryStatus
GetLocalTime
TerminateProcess
CreateNamedPipeA
ConnectNamedPipe
SearchPathA
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
lstrlenW
GetShortPathNameA
CreateMutexA
GetCommandLineA
SetCurrentDirectoryA
GetFileAttributesA
SetFileAttributesA
CopyFileA
HeapDestroy
LocalAlloc
OutputDebugStringA
GetCurrentProcessId
MulDiv
FreeLibrary
HeapSize
DebugBreak
ExitProcess
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
lstrcatA
lstrcpyA
VirtualProtect
lstrcmpiA
GetProcAddress
HeapReAlloc
LoadLibraryA
ResetEvent
FlushFileBuffers
Sleep
WriteFile
MoveFileA
DeleteFileA
GetFileSize
SetFilePointer
CreateFileA
SetEvent
CreateEventA
CreateThread
SetLastError
TerminateThread
GetExitCodeThread
WaitForSingleObject
GetLastError
CloseHandle
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
HeapAlloc
GetProcessHeap
FlushInstructionCache
GetCurrentProcess
HeapFree
InitializeCriticalSection
DeleteCriticalSection
FindResourceExA
LoadResource
LockResource
SizeofResource
FindResourceA
RaiseException
WideCharToMultiByte
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
MultiByteToWideChar
GetVersionExA
VirtualAlloc
GetSystemInfo
VirtualQuery
OpenProcess
RtlUnwind

user32

TranslateMessage
DispatchMessageA
LoadImageA
MsgWaitForMultipleObjects
ScreenToClient
GetSubMenu
LoadMenuA
TrackPopupMenu
ExitWindowsEx
GetDC
GetSystemMetrics
LoadIconA
GetScrollPos
GetScrollRange
ModifyMenuA
DefWindowProcA
CallWindowProcA
RemovePropA
SetPropA
GetDlgCtrlID
MessageBoxA
KillTimer
SetTimer
DestroyMenu
EnableMenuItem
GetSystemMenu
EnableWindow
SetForegroundWindow
CreateDialogParamA
PostMessageA
PeekMessageA
SetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
InvalidateRect
MessageBeep
ShowWindow
SetDlgItemTextA
CreateWindowExA
DestroyWindow
IsWindowVisible
GetDesktopWindow
wvsprintfA
CharNextA
LoadStringA
SetWindowLongA
EndDialog
DialogBoxParamA
GetWindowLongA
GetActiveWindow
GetPropA
PostQuitMessage
FindWindowA
GetWindowTextLengthA
GetWindowTextA
SetFocus
RedrawWindow
GetDlgItem
GetWindow
SystemParametersInfoA
GetWindowRect
GetClientRect
MapWindowPoints
CopyRect
ReleaseDC
GetWindowDC
GetForegroundWindow
SetWindowPos
IsWindow
UnregisterClassA
GetParent
SetWindowTextA
SendMessageA

gdi32

GetObjectA
CreateFontIndirectA
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetWindowExtEx
GetViewportExtEx
SetMapMode
GetMapMode
GetDeviceCaps
DeleteObject
GetStockObject
DeleteDC
SetBkMode

advapi32

RegCreateKeyA
CloseServiceHandle
UnlockServiceDatabase
StartServiceA
QueryServiceStatus
OpenServiceA
GetUserNameA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegEnumValueA
RegOpenKeyExA
RegDeleteValueA
RegQueryInfoKeyA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
LockServiceDatabase
RegEnumKeyExA
OpenSCManagerA
RegSetValueExA

shell32

SHGetSpecialFolderLocation
SHBrowseForFolderA
ShellExecuteA
ShellExecuteExA
SHGetMalloc
SHGetPathFromIDListA

ole32

CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
StgCreateDocfileOnILockBytes
CoTaskMemFree
CoUninitialize
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

VarUI4FromStr
OleLoadPicture

shlwapi

PathFileExistsA

comctl32

PropertySheetA
CreatePropertySheetPageA
DestroyPropertySheetPage

Sections

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f70078a6170a31338109468754d16ce

Headers

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Sections

.text Size: 176KB - Virtual size: 176KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 200KB - Virtual size: 199KB

.text
Size: 176KB - Virtual size: 176KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 200KB - Virtual size: 199KB