63c1ff3e50e97fde1551ac43f7968c04_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

63c1ff3e50e97fde1551ac43f7968c04_JaffaCakes118
Size

237KB
MD5

63c1ff3e50e97fde1551ac43f7968c04
SHA1

83b75b1d2613850527c73322284df36253429fdb
SHA256

2e958f308f2e92f0b8b6420379555b16b8942b0d07f88346016a77d3738d7822
SHA512

4104c944e532daf28104927c6794ff4af83623a4ecddd5b94afa2aabfb65bebf1526f48219616c3e095621f3f879aac9d5f2b3b8523bb66ea251612a03af5bf7
SSDEEP

6144:CgFWSvXaNmIf/fkZfqofFXbZIiG8XBzQ7xf:6/kxuiZXtU1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63c1ff3e50e97fde1551ac43f7968c04_JaffaCakes118

Files

63c1ff3e50e97fde1551ac43f7968c04_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0d38cbd89ac1324f9ee6514359cafb37

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Documents and Settings\Etienne\Mes documents\Visual Studio 2005\Projects\dreamnex\EdenFlashUpdater\release\EdenFLirtUpdate.pdb

Imports

psapi

GetModuleBaseNameA
EnumProcesses

kernel32

GetCurrentProcess
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
CreateFileA
InterlockedIncrement
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
GetFileTime
SetErrorMode
HeapFree
HeapAlloc
HeapReAlloc
VirtualAlloc
GetProcessHeap
GetStartupInfoA
RtlUnwind
RaiseException
ExitProcess
DuplicateHandle
CreateThread
HeapSize
SetStdHandle
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetThreadLocale
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
GlobalAddAtomA
CreateEventA
SuspendThread
SetThreadPriority
WritePrivateProfileStringA
GetCurrentThread
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
lstrcmpA
FreeLibrary
GlobalDeleteAtom
GetModuleHandleA
GetProcAddress
SetLastError
GlobalFree
FormatMessageA
LocalFree
SetEvent
ResumeThread
ResetEvent
WriteConsoleA
SetConsoleTextAttribute
GetTickCount
GetCurrentThreadId
GetLocalTime
CreateSemaphoreW
GetCommandLineA
GetVersion
CompareStringA
GetLastError
InterlockedExchange
MultiByteToWideChar
CompareStringW
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
FreeResource
lstrlenA
OpenProcess
GetFileAttributesA
Sleep
GetExitCodeThread
WaitForSingleObject
CreateProcessA
CopyFileA
DeleteFileA
CreateDirectoryA
SetCurrentDirectoryA
CloseHandle
CreateSemaphoreA
ReleaseSemaphore
OpenSemaphoreA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
ExitThread

user32

LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
ReleaseDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
RegisterClassA
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindowTextA
SetWindowPos
SetFocus
ShowWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetWindow
UnhookWindowsHookEx
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
TranslateMessage
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
DestroyMenu
UnregisterClassA
GetClassInfoA
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
DispatchMessageA
GetMessageA
CharUpperA
LoadBitmapA
MessageBoxExA
EnableWindow
PostThreadMessageA
SendMessageA
GetDC
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
PostMessageA
LoadIconA

gdi32

SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
PtVisible
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
GetObjectA
GetDeviceCaps
DeleteObject
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
RectVisible

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegOpenKeyA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture
VariantClear
VariantChangeType
VariantInit

urlmon

IsValidURL
URLDownloadToCacheFileA
URLDownloadToFileA

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d38cbd89ac1324f9ee6514359cafb37

Headers

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

urlmon

Sections

.text Size: 160KB - Virtual size: 158KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 48KB - Virtual size: 45KB

.text
Size: 160KB - Virtual size: 158KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 48KB - Virtual size: 45KB