637dfcdafad3fc47927ed92584661ac3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

637dfcdafad3fc47927ed92584661ac3_JaffaCakes118
Size

216KB
MD5

637dfcdafad3fc47927ed92584661ac3
SHA1

48c9d660210a5c531ac69eb7dfdad8d3640f65af
SHA256

33282098bc9e893745ab1e44cf3e7222fef0384d2e975a6f9ae48970fbec23a0
SHA512

0a508ee6a0b4ab1910e709db72bd661e6970ed7a4c321198375b1f632755af699f74a530e210669c17a09a72142a2a833d2e10087cb852be757f66a06b5cb592
SSDEEP

3072:d5guSwzctxcd2Ps3GbBFocOVH3e8B2j+4EpXNjGPXS4vakUxpE9WYuswTous044q:d2bPmsPs3GbB1O9e8FBGPXjoh7hvC1n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
637dfcdafad3fc47927ed92584661ac3_JaffaCakes118

Files

637dfcdafad3fc47927ed92584661ac3_JaffaCakes118
.dll windows:5 windows x86 arch:x86

b016fbd4814e21694e5016f1ae9b9e0b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

ocmanage.pdb

Imports

msvcrt

vsprintf
_wcsicmp
wcsrchr
wcscpy
wcstoul
free
_wcsdup
wcscat
wcschr
_initterm
malloc
_adjust_fdiv
vswprintf
_except_handler3

user32

MessageBoxW
LoadStringW
wsprintfW
wvsprintfW
LoadBitmapW
PostMessageW
GetParent
SendMessageW
CallWindowProcW
GetSystemMetrics
ShowWindow
GetDlgItem
InvalidateRect
DrawFocusRect
GetSysColor
SetDlgItemTextW
EnableWindow
DialogBoxParamW
ReleaseDC
GetDC
PeekMessageW
GetDlgItemTextW
SetWindowLongW
EndDialog
IsWindowEnabled
SetCursor
LoadCursorW
GetWindowLongW
EnableMenuItem
GetSystemMenu
DispatchMessageW
IsWindow
MsgWaitForMultipleObjects
SendDlgItemMessageW
SetWindowTextW

gdi32

GetBkMode
ExtTextOutW
SetBkMode
CreateCompatibleDC
GetObjectW
CreateBitmap
SelectObject
StretchBlt
GetPixel
SetBkColor
BitBlt
SetTextColor
DeleteObject
DeleteDC
GetTextExtentPoint32W

kernel32

CreateThread
InterlockedDecrement
GetDiskFreeSpaceW
VirtualAlloc
DeleteFileW
GetSystemDefaultLCID
GetLocaleInfoW
GetCurrentDirectoryW
CloseHandle
LoadLibraryExW
lstrcatW
lstrcmpiW
GetFileAttributesW
VirtualProtect
FreeLibrary
RaiseException
GetSystemDirectoryW
SetErrorMode
FindFirstFileW
FindClose
WideCharToMultiByte
FormatMessageA
lstrlenW
LocalAlloc
MultiByteToWideChar
LocalFree
lstrcpyW
InterlockedIncrement
SetCurrentDirectoryW
GetExitCodeProcess
CreateProcessW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedExchange
GetThreadLocale
lstrcpynW
GetModuleHandleA
GetLastError
GetModuleHandleW
GetProcAddress
LoadLibraryW
SetLastError
GetModuleFileNameW
OutputDebugStringA
LoadLibraryA
GetWindowsDirectoryW
FormatMessageW

advapi32

RegQueryValueExW
RegSetValueExA
RegOpenKeyW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
RegQueryValueExA
RegCreateKeyExW
RegSetValueExW

setupapi

pSetupStringTableSetExtraData
SetupOpenFileQueue
SetupInitDefaultQueueCallbackEx
SetupQueueDeleteW
SetupQueueCopyW
SetupGetStringFieldW
SetupDefaultQueueCallbackW
SetupCommitFileQueueW
SetupTermDefaultQueueCallback
SetupCloseFileQueue
pSetupRegistryDelnode
SetupCloseInfFile
SetupSetDirectoryIdW
SetupSetDirectoryIdExW
pSetupStringTableEnum
SetupFindFirstLineW
pSetupGetField
SetupGetIntField
SetupGetFieldCount
pSetupStringTableAddStringEx
SetupFindNextLine
pSetupConcatenatePaths
pSetupRealloc
pSetupMalloc
pSetupUnicodeToMultiByte
pSetupStringTableLookUpStringEx
pSetupMultiByteToUnicode
pSetupFree
pSetupStringTableGetExtraData
SetupCreateDiskSpaceListW
pSetupStringTableStringFromId
SetupQuerySpaceRequiredOnDriveW
SetupDestroyDiskSpaceList
pSetupStringTableAddString
SetupGetLineCountW
SetupOpenInfFileW
SetupAdjustDiskSpaceListW
SetupFindNextMatchLineW
SetupGetFileQueueCount
SetupScanFileQueueW
SetupDuplicateDiskSpaceListW
pSetupStringTableDuplicate
SetupDiDrawMiniIcon
pSetupAddMiniIconToList
pSetupStringTableInitializeEx
pSetupStringTableDestroy
SetupOpenAppendInfFileW
pSetupStringTableLookUpString

Exports

Exports

ServiceMain
OcCreateOcPage
OcCreateSetupPage
OcGetWizardPages
OcInitialize
OcRememberWizardDialogHandle
OcSubComponentsPresent
OcTerminate

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b016fbd4814e21694e5016f1ae9b9e0b

Headers

File Characteristics

PDB Paths

Imports

msvcrt

user32

gdi32

kernel32

advapi32

setupapi

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 51KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 160KB - Virtual size: 159KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 52KB - Virtual size: 51KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 160KB - Virtual size: 159KB

.reloc
Size: 3KB - Virtual size: 2KB