443964fa01af47edac8610bf8f2055fe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

443964fa01af47edac8610bf8f2055fe_JaffaCakes118
Size

508KB
MD5

443964fa01af47edac8610bf8f2055fe
SHA1

01a16921b2edefe77284b3b2f31a54b304c46da3
SHA256

1390510a039908ed17311556a3d18172ca0e58a9ab2bcd626b278a2ce0ca6e01
SHA512

af35e8cc1f2c86c991324e62242a490a0e858a5018fdbbea54aa4d7e9f1082ceb632976940a51093cb5f2a3c0b2649461f8bddf95ac015c4d785aae48c40166e
SSDEEP

6144:wR8oV3zaZdzA/EMC/XZx5VvVh/0UpbkJ7VURtZdO98GF:FoVDaThpnZVh/0UpwFONda

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
443964fa01af47edac8610bf8f2055fe_JaffaCakes118

Files

443964fa01af47edac8610bf8f2055fe_JaffaCakes118
.exe windows:5 windows x86 arch:x86

47e36f5af737555dc119f68e3e035499

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\NMC\Current\WinZip\Setup\WinZip\PROD32MU\SETUP.pdb

Imports

shell32

ShellExecuteA
ord680
ShellExecuteExA
SHGetFolderPathA

user32

CharUpperA
FindWindowExW
GetWindowThreadProcessId
GetShellWindow
SetWindowPos
GetSystemMetrics
GetWindowRect
DispatchMessageA
PeekMessageA
MessageBoxA
PostMessageA
FindWindowA
LoadStringA
SetPropA
GetDC
DrawTextA
ClientToScreen
ReleaseDC
InflateRect
ScreenToClient
DrawFocusRect
RemovePropA
GetPropA
GetWindowTextLengthA
IsWindow
IsDlgButtonChecked
CheckDlgButton
LoadBitmapA
GetWindowLongA
CallWindowProcA
SetFocus
CharNextA
RegisterClassA
DefWindowProcA
GetWindowWord
SetWindowLongA
InvalidateRect
UpdateWindow
wsprintfA
BeginPaint
GetSysColor
GetClientRect
SetRect
EndPaint
LoadCursorA
SetCursor
DialogBoxParamA
SetWindowTextA
EnumWindows
GetClassNameA
IsWindowVisible
GetWindowTextA
EndDialog
LoadIconA
GetDlgItem
SendMessageA
MessageBeep

kernel32

HeapReAlloc
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
FindClose
FindFirstFileA
_lclose
_lopen
GetTickCount
WritePrivateProfileStringA
GetPrivateProfileStringA
ExitProcess
GetProfileStringA
Sleep
GetStringTypeA
GetProcAddress
GetModuleHandleA
FreeLibrary
LoadLibraryA
WaitForSingleObject
CloseHandle
CreateProcessA
GetVolumeInformationA
lstrcmpiA
lstrlenA
GetModuleFileNameA
GetExitCodeProcess
CreateEventA
lstrcatA
WriteFile
GetStdHandle
SetHandleCount
GetFileType
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
CreateFileA
FlushFileBuffers
SetFilePointer
WriteConsoleA
UnhandledExceptionFilter
TerminateProcess
RaiseException
GetStartupInfoA
GetStringTypeW
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapSize
GetPrivateProfileIntA
lstrcmpA
GetModuleHandleW
LoadLibraryW
GetFileAttributesW
GetVersionExA
GetFileSize
ReadFile
GetCommandLineA
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
LocalFree
GetCurrentProcessId
HeapAlloc
HeapFree
GetVersion
OutputDebugStringA
GetCurrentProcess
OpenProcess
GetVersionExW
GetModuleFileNameW
lstrlenW
GetLastError
GetLocalTime
SetLastError

gdi32

CreateFontIndirectA
DeleteObject
CreateBitmap
DeleteDC
CreateCompatibleDC
SelectObject
GetObjectA
BitBlt
SetBkColor
SetTextColor
SetTextAlign
GetTextExtentPointA
ExtTextOutA
GetBkColor
GetTextExtentPoint32A

advapi32

RegDeleteValueA
ConvertSidToStringSidW
CheckTokenMembership
RegOpenKeyExW
FreeSid
RevertToSelf
RegEnumValueA
AllocateAndInitializeSid
RegDeleteValueW
ImpersonateLoggedOnUser
DuplicateTokenEx
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
GetTokenInformation
OpenProcessToken
RegCreateKeyExA
RegSetValueExA
RegCreateKeyA
RegQueryValueA
RegOpenKeyExA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegSetValueExW

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

comctl32

ord17

ole32

CoUninitialize
CoCreateInstance
CoInitializeSecurity
CoInitializeEx

Exports

Exports

FFTBCompatibilityCheck
GoogleChromeCompatibilityCheck
LaunchGoogleChrome
LaunchGoogleChromeWithDimensions
_GoogleChromeCompatibilityCheck@8
_LaunchGoogleChrome@0
_LaunchGoogleChromeWithDimensions@16

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 385KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

47e36f5af737555dc119f68e3e035499

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

user32

kernel32

gdi32

advapi32

version

comctl32

ole32

Exports

Exports

Sections

.text Size: 94KB - Virtual size: 93KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 7KB - Virtual size: 18KB

.rsrc Size: 385KB - Virtual size: 388KB

.text
Size: 94KB - Virtual size: 93KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 7KB - Virtual size: 18KB

.rsrc
Size: 385KB - Virtual size: 388KB