4d8a69508abcf11150f41f310f2f9182_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4d8a69508abcf11150f41f310f2f9182_JaffaCakes118
Size

309KB
MD5

4d8a69508abcf11150f41f310f2f9182
SHA1

de5ee4f2ab2d00c84eb88f26304d3c43afb2f0b0
SHA256

ca6e57bfadd805a28089f59d83e7b097f6f9cdcee62d4d8979bff51e614ab482
SHA512

fb13434804525ef28c6f79b83525b68a99c98602e1118118373637f5be7aa333cd66269106f39e197dc245c7735233be520f11550eb6495652fbe85ea49947a6
SSDEEP

6144:8A8Kl9VFTK3rkzURG1km49Q0Kq9i8jjrCHnC7S+T:EW/K3dRG1kmSjjux+T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d8a69508abcf11150f41f310f2f9182_JaffaCakes118

Files

4d8a69508abcf11150f41f310f2f9182_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7712550b866f7b14e7c31be4b19c299e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\Corporations\MobileLeader\Code Works\LiveUpdate By Son Young Ho (No Rebooting-WITH RTL3)\LiveUpdate\Release\LiveUpdate.pdb

Imports

wininet

InternetSetFilePointer
InternetCloseHandle
InternetOpenUrlW
InternetQueryDataAvailable
InternetReadFile
InternetOpenW

kernel32

OpenProcess
SetFilePointer
ReadFile
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
CompareStringA
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
SetLastError
LocalFree
Sleep
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
ReleaseMutex
SetErrorMode
FreeLibrary
QueryPerformanceCounter
ExitProcess
DeleteCriticalSection
InitializeCriticalSection
GetExitCodeProcess
GetLastError
GetVersionExA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
WriteFile
GetTickCount
CloseHandle
TerminateProcess
WaitForSingleObject

advapi32

RegSetValueExA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegCloseKey

user32

InflateRect
UpdateWindow
DestroyMenu
DrawIcon
IsIconic
GetWindowRect
GetClientRect
GetSystemMetrics
ShowWindow
SetTimer
KillTimer
GetSysColor
GetFocus
GetWindowThreadProcessId
EnumWindows
MoveWindow
IsWindow
WaitForInputIdle

gdi32

PaintRgn
CreateSolidBrush
CreateRectRgn
CombineRgn

shell32

SHGetSpecialFolderPathW

mfc71lu

ord2260
ord1883
ord1555
ord4074
ord2648
ord265
ord4078
ord266
ord1430
ord5319
ord2897
ord5083
ord629
ord384
ord5930
ord3869
ord2261
ord577
ord723
ord3290
ord531
ord3249
ord776
ord293
ord5433
ord764
ord774
ord280
ord2460
ord3927
ord1079
ord283
ord870
ord899
ord1479
ord2895
ord6111
ord282
ord2926
ord1472
ord5398
ord2468
ord4101
ord5524
ord5484
ord3990
ord3635
ord4463
ord4461
ord3677
ord4032
ord4008
ord6272
ord3795
ord6274
ord4320
ord2054
ord2009
ord5579
ord3800
ord1007
ord5096
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord3942
ord4562
ord5226
ord5562
ord2531
ord2725
ord2829
ord4301
ord2708
ord2832
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4475
ord4255
ord3327
ord566
ord757
ord5209
ord762
ord3204
ord1925
ord3157
ord1271
ord3155
ord1058
ord3296
ord2086
ord1582
ord5911
ord1611
ord1608
ord3940
ord1393
ord4234
ord5148
ord1899
ord5067
ord6271
ord4179
ord5210
ord3397
ord4716
ord4276
ord1591
ord5956
ord5231
ord5229
ord920
ord925
ord929
ord927
ord931
ord2384
ord2404
ord2388
ord2394
ord2392
ord2390
ord2407
ord2402
ord2386
ord2409
ord2397
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord1647
ord1646
ord1590
ord5196
ord2856
ord2985
ord4480
ord3311
ord572
ord741
ord6161
ord5485
ord5558
ord6086
ord593
ord5221
ord334
ord956
ord547
ord4025
ord5971
ord1049
ord1117
ord1121
ord3824
ord5178
ord4206
ord4729
ord4884
ord2011
ord1662
ord1661
ord1542
ord5908
ord1392
ord4238
ord5199
ord4256
ord3176
ord605
ord354
ord1785
ord5803
ord6063
ord3756
ord4574
ord709
ord2066
ord5636
ord501
ord2239
ord1118
ord3639
ord3444
ord4560
ord2608
ord2615
ord6234
ord2007
ord2042
ord5152
ord5588
ord1370
ord5408
ord2736
ord5491
ord4251
ord4846
ord4733
ord1913
ord4216
ord3034
ord2762
ord1198
ord6039
ord4476
ord4258
ord368
ord616
ord4699
ord3676
ord3585
ord4438
ord4437
ord4784
ord4198
ord4775
ord4974
ord4166
ord4175
ord4585
ord4771
ord4380
ord4395
ord4393
ord4375
ord4378
ord4373
ord4858
ord4855
ord3968
ord5147
ord3338
ord1352
ord4267
ord565
ord756
ord5170
ord3642
ord3460
ord5161
ord2311
ord4100
ord4244
ord290
ord1176
ord1086
ord2237
ord1904
ord2609
ord5003
ord5006
ord4303
ord4129
ord2933
ord4898
ord940
ord5352
ord2986
ord2419
ord2418
ord4013
ord1548
ord3939
ord5144
ord5201
ord2164
ord1297
ord4271
ord4259
ord635
ord742
ord751
ord4293
ord1021
ord631
ord2271
ord386
ord896
ord562
ord553
ord395
ord3678
ord3417
ord2077
ord1536
ord4226
ord587
ord4314
ord3467
ord2081
ord1628
ord1549
ord4230
ord642
ord1894
ord3645
ord3483
ord2083
ord1632
ord1562
ord4232
ord658
ord6116
ord2788
ord6115
ord3435
ord4347
ord4743
ord4026
ord1386
ord2652
ord2651
ord6061
ord715
ord1000
ord1634
ord1572
ord3286
ord2159
ord777
ord651
ord3873
ord416
ord2876
ord5727
ord2255
ord2867
ord2361
ord2364

mslur71

exit
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__security_error_handler
__dllonexit
_onexit
?terminate@@YAXXZ
_controlfp
_cexit
_XcptFilter
_exit
_c_exit
_except_handler3
memset
malloc
free
calloc
_wmakepath
atoi
_wcsnicmp
wcsncmp
_wtoi
_wsplitpath
_wcsicmp
_itow
swprintf
_wfopen
fclose
_wunlink
fseek
ftell
fread
fwrite
wcsstr
wcscat
wprintf
wcscpy
wcslen
__CxxFrameHandler
_wcmdln

comctl32

ImageList_SetBkColor
ord17
ImageList_Draw
ImageList_ReplaceIcon

ole32

OleInitialize
OleUninitialize

xtp9601libl

??0CXTPClientRect@@QAE@PBVCWnd@@@Z

sectheme

?Theme@@YAAAVCPCSuiteTheme@@XZ

psapi

GetModuleFileNameExW
EnumProcesses
GetModuleBaseNameW
EnumProcessModules

mslup71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7712550b866f7b14e7c31be4b19c299e

Headers

File Characteristics

PDB Paths

Imports

wininet

kernel32

advapi32

user32

gdi32

shell32

mfc71lu

mslur71

comctl32

ole32

xtp9601libl

sectheme

psapi

mslup71

Sections

.text Size: 108KB - Virtual size: 105KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 208KB - Virtual size: 204KB

.text
Size: 108KB - Virtual size: 105KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 208KB - Virtual size: 204KB