602cd93bd1e989cc6163b354b517d537_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

602cd93bd1e989cc6163b354b517d537_JaffaCakes118
Size

293KB
MD5

602cd93bd1e989cc6163b354b517d537
SHA1

5499cdf744f0d8b3624eba1ac24934d988cb2a42
SHA256

fb184006d305ed27bd48cad42695629337d455271dd26cff62d186196972b8c9
SHA512

f8ad98b34acd7fccedf4b1959668f9c9a5bad08737c307cd550c5530c4a27c8c7eba21ea97170c16efa3c134d0b3d43d3fa3355f369fb864840888dcc41e63e9
SSDEEP

3072:GO/B6FbLY4JQ46vK+fQ5cc2BbQ+WpIdt5esaEumNwr73OOutNNqTHDM9f8TrTuvL:R6xUYQ46S+f+WbMiTacNW/H7zX0GWB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
602cd93bd1e989cc6163b354b517d537_JaffaCakes118

Files

602cd93bd1e989cc6163b354b517d537_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7544adfa5d8761416f165fac8a644c92

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\acro_root_atp\acrobat\installers\fixtransforms\release\FixTransforms.pdb

Imports

msi

ord205

kernel32

lstrlenA
GetVersionExA
LoadLibraryA
GlobalFindAtomW
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
ExitProcess
RaiseException
HeapReAlloc
HeapSize
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
VirtualAlloc
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetCurrentDirectoryA
GetDriveTypeA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetFileTime
GetFileAttributesW
SetErrorMode
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetModuleHandleA
InterlockedDecrement
CompareStringW
GlobalFlags
WritePrivateProfileStringW
GetCurrentProcessId
GlobalAddAtomW
GlobalFree
GlobalUnlock
FormatMessageW
LocalFree
CreateFileW
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
FindFirstFileW
GetLastError
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
FindClose
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetModuleFileNameW
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryW
WideCharToMultiByte
CompareStringA
MultiByteToWideChar
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
lstrlenW
lstrcatW
GetUserDefaultLangID
lstrcpyW
CloseHandle
CreateProcessW
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetTickCount

user32

UnregisterClassW
ShowWindow
RegisterWindowMessageW
LoadIconW
WinHelpW
GetClassLongW
SetPropW
GetPropW
RemovePropW
IsWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
UnregisterClassA
CopyRect
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
UnhookWindowsHookEx
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
GetWindowTextW
SetWindowTextW
LoadCursorW
GetCapture
ClientToScreen
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
DestroyMenu
GetClientRect
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
SendMessageW
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CharUpperW
GetSystemMetrics
PostQuitMessage
PostMessageW
GetForegroundWindow
MessageBoxW
IsIconic

gdi32

SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetDeviceCaps
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
CreateBitmap

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetFolderPathW

shlwapi

PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFindFileNameW

oleaut32

VariantClear
VariantInit
VariantChangeType

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7544adfa5d8761416f165fac8a644c92

Headers

File Characteristics

PDB Paths

Imports

msi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oleaut32

Sections

.text Size: 144KB - Virtual size: 143KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 96KB - Virtual size: 96KB

.text
Size: 144KB - Virtual size: 143KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 96KB - Virtual size: 96KB