60b5be4490badbcdefe43e3dbd493600_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

60b5be4490badbcdefe43e3dbd493600_JaffaCakes118
Size

526KB
MD5

60b5be4490badbcdefe43e3dbd493600
SHA1

12b07f9bf1429ea096f5b20e990d888a01e06a48
SHA256

a7377927003a84c0292856c30d9082e2df15a25fd2e40609a3f76892fe4239d0
SHA512

4f57252bf76ce4584280f2541b5c0ad18ee753c5a4fbc1e95e4611e2d7ae0dffee250cbe218ea2abf4f9d4fefbd55ea09e9f8bf8e5e6d8399d6421ed996abdb1
SSDEEP

6144:MhW6t7HsZgi6UIWi/LvOj3JEKP6MYB355M60L3KBIQH68iZRK2OApQa4l7:MhW6t7sKpUQLvUP6MYy8iWAR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
60b5be4490badbcdefe43e3dbd493600_JaffaCakes118

Files

60b5be4490badbcdefe43e3dbd493600_JaffaCakes118
.exe windows:6 windows x86 arch:x86

7c0f186a50424e927fafbda4008a76a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dxsdkunpacker_requireAdministrator.pdb

Imports

advapi32

RegCloseKey
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
RegOpenKeyExA
RegOpenKeyA
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
LookupPrivilegeValueA

kernel32

SetFileTime
VerifyVersionInfoA
VerSetConditionMask
MoveFileExA
GetVersionExA
lstrcatA
lstrcpyA
MultiByteToWideChar
GetWindowsDirectoryA
ExpandEnvironmentStringsA
SetFilePointer
CreateFileA
ReadFile
UnmapViewOfFile
MapViewOfFile
WriteFile
GetModuleFileNameA
GetTempFileNameA
CopyFileA
OutputDebugStringA
GetSystemDirectoryA
GetFileSize
SystemTimeToFileTime
GetLocalTime
InterlockedCompareExchange
lstrlenA
SetThreadLocale
GetDiskFreeSpaceExA
GetTempPathW
LoadLibraryExA
CreateEventA
GetTempPathA
CreateFileMappingA
OpenFileMappingA
CreateThread
MulDiv
IsDBCSLeadByte
GlobalFree
GlobalAlloc
CreateProcessA
FindClose
WaitForSingleObject
GetExitCodeProcess
GetCurrentProcess
FindFirstFileA
GetFileAttributesA
GetUserDefaultUILanguage
IsBadReadPtr
SetErrorMode
GetPrivateProfileStringA
GetEnvironmentVariableA
CreateFileW
GetProcessHeap
SetEndOfFile
WriteConsoleW
HeapReAlloc
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStringTypeW
LoadLibraryW
HeapSize
Sleep
LCMapStringW
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetFileAttributesA
DeleteFileA
CreateDirectoryA
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
GetCurrentThread
RemoveDirectoryA
GetProcAddress
FreeLibrary
lstrcpynA
LoadLibraryA
GetLastError
CloseHandle
FindNextFileA
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RtlUnwind
HeapAlloc
HeapFree
DecodePointer
EncodePointer
SetUnhandledExceptionFilter
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
InterlockedDecrement

gdi32

CreateFontIndirectA
CreateCompatibleDC
GetDeviceCaps
DeleteDC
GetCharABCWidthsA
SelectObject
GetTextExtentPointA
DeleteObject

user32

SetWindowTextA
LoadStringA
MessageBoxA
CharNextA
wsprintfA
EndDialog
GetDlgItem
SetDlgItemTextW
DialogBoxParamA
PostMessageA
LoadIconA
GetWindowTextA
LoadCursorA
SetCursor
SendDlgItemMessageA
LoadStringW
ExitWindowsEx
ShowWindow
PostQuitMessage
EnableWindow
SystemParametersInfoA
IsWindowEnabled
GetParent
GetWindowRect
SetWindowPos
GetWindowLongA
SetWindowLongA
GetDC
SendMessageA
GetClientRect
ReleaseDC

newdev

UpdateDriverForPlugAndPlayDevicesA

setupapi

SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
CM_Get_DevNode_Status
SetupDiSetDeviceRegistryPropertyA
SetupCopyOEMInfA

shell32

SHGetFolderPathA
ShellExecuteA
SHGetPathFromIDListA
SHGetMalloc
SHBrowseForFolderA
ShellExecuteExA

comctl32

PropertySheetA
ord17

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

PACK
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7c0f186a50424e927fafbda4008a76a2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

newdev

setupapi

shell32

comctl32

ole32

version

Sections

.text Size: 148KB - Virtual size: 148KB

.data Size: 4KB - Virtual size: 19KB

.rsrc Size: 218KB - Virtual size: 217KB

.reloc Size: 10KB - Virtual size: 9KB

PACK Size: 144KB - Virtual size: 380KB

.text
Size: 148KB - Virtual size: 148KB

.data
Size: 4KB - Virtual size: 19KB

.rsrc
Size: 218KB - Virtual size: 217KB

.reloc
Size: 10KB - Virtual size: 9KB

PACK
Size: 144KB - Virtual size: 380KB