60f710fc05711775e9a94ab4a2ae3f9c_JaffaCakes118

General

Target

60f710fc05711775e9a94ab4a2ae3f9c_JaffaCakes118
Size

187KB
MD5

60f710fc05711775e9a94ab4a2ae3f9c
SHA1

e3aa2cb9a057e9190270ae254bcf8b8adb4cc4b8
SHA256

efe69931a819ad9252aae424b4a3ff7d1dda6a3ceb384fe804170c74e0850aef
SHA512

89674d2604cbc7f2a2eb5badf03202ab0c0934d26c4c46dddbf3d28dd36a63dd8924044d7bdbc1087afb84c585dbf192c751eb0bc712f0853c80483160b8212e
SSDEEP

3072:zT6uE8k36MRy/j13cpARCdTzYUD9O3CBf1tpw5xdpl3OO5rxXTOrlzBe:zT6uEzFMZcyRCdTEUDw3wf1tpWx93OQq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
60f710fc05711775e9a94ab4a2ae3f9c_JaffaCakes118

Files

60f710fc05711775e9a94ab4a2ae3f9c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

56f5b0e212c5dce0879c5f2d2be8cff7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHDeleteKeyA

msi

ord31
ord159
ord115
ord158
ord49
ord117
ord8
ord160
ord130
ord110
ord11
ord73
ord112
ord210
ord116

kernel32

CloseHandle
CreateFileA
MultiByteToWideChar
lstrcatA
lstrcpyA
lstrcmpA
lstrlenA
WideCharToMultiByte
GetACP
DeleteFileA
GetVersionExA

advapi32

RegFlushKey
RegCreateKeyA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

msvcr71

strtok
??2@YAPAXI@Z
_strlwr
strlen
atoi
_findclose
_onexit
strchr
free
malloc
_initterm
_adjust_fdiv
__CppXcptFilter
_except_handler3
__dllonexit
_findfirst
??3@YAXPAX@Z
strstr
__CxxFrameHandler
memset

Exports

Exports

AddFeature
ApplyUpdates
ApplyUpdatesEx
IsBrowserIntegrated
MaintenanceRepair
MigrateUserRegistry
MigrateUserRegistryEx
RemoveFeature
SetupUpdaterForReboot
UpdateCache
ValidateInstaller

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56f5b0e212c5dce0879c5f2d2be8cff7

Headers

File Characteristics

Imports

shlwapi

msi

kernel32

advapi32

msvcr71

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 168KB - Virtual size: 168KB

.rsrc Size: 1024B - Virtual size: 888B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 168KB - Virtual size: 168KB

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 1KB - Virtual size: 1KB