838da1240f8bdf346aa6ef809c1dd5c8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

838da1240f8bdf346aa6ef809c1dd5c8_JaffaCakes118
Size

1.6MB
MD5

838da1240f8bdf346aa6ef809c1dd5c8
SHA1

6b13e98d908966be6643fc4c21e2ec028d1af88a
SHA256

4e6b8d6505dd1ee99fad515c9d1946da7f1b06df688da5cc88a1b512b366ea0f
SHA512

22e92db142e8adb557ac0f6cf0a8bb6102a0d457abcda11258943165021852e80f5448ce2fa1300a604de395ad87e772e1b3ba5e14adf668be8bf23fb38c8792
SSDEEP

49152:f+Emyj+SVJoN0CBuetbQoatZjTeBYveQ15/lV:fHmC+SM0CwetQoatZjqY2O/lV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/setup.exe

Files

838da1240f8bdf346aa6ef809c1dd5c8_JaffaCakes118
.zip
license.rtf
.rtf
readme.txt
setup.exe
.exe windows:4 windows x86 arch:x86

468ab4a6509bed9ef7d72aaace6d539f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileExA
CreateProcessA
GetCurrentProcess
OpenProcess
GetProcAddress
GetTempFileNameA
GetTempPathA
MultiByteToWideChar
WriteFile
lstrlenA
GetModuleHandleA
FindClose
FindNextFileA
FindFirstFileA
GetSystemTimeAdjustment
GetSystemTime
SetFilePointer
GetFileSize
WaitForSingleObject
CreateDirectoryA
RemoveDirectoryA
ReadFile
SetEndOfFile
FlushFileBuffers
GetModuleFileNameA
VirtualProtect
LeaveCriticalSection
EnterCriticalSection
SuspendThread
GetTickCount
SetLastError
GlobalAlloc
GlobalFree
CreateThread
ResetEvent
MoveFileA
CompareStringW
CompareStringA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
GetCurrentDirectoryA
GetFullPathNameA
SetEvent
ResumeThread
InitializeCriticalSection
Sleep
GetWindowsDirectoryA
GetCommandLineA
CreateFileA
DeleteFileA
LoadLibraryA
GetVersionExA
FreeLibrary
CreateEventA
CreateMutexA
CloseHandle
VirtualAlloc
GetLastError
VirtualFree
HeapCreate
HeapDestroy
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
GetStartupInfoA
GetVersion
ExitProcess
HeapFree
HeapAlloc
HeapReAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
InterlockedDecrement
InterlockedIncrement
GetTimeZoneInformation
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetEnvironmentVariableA

gdi32

CreateFontA
DeleteObject

user32

MessageBoxA
LoadIconA
DialogBoxParamA
IsDlgButtonChecked
EndDialog
GetWindowLongA
EnableWindow
SetWindowTextA
ExitWindowsEx
GetWindowTextA
SendDlgItemMessageA
GetDlgItemTextA
ShowWindow
SetWindowLongA
SendMessageA
SetDlgItemTextA
GetDlgItem
CheckDlgButton

advapi32

AdjustTokenPrivileges
RegQueryValueExA
AllocateAndInitializeSid
EqualSid
FreeSid
LookupAccountNameW
GetTokenInformation
OpenProcessToken
LookupPrivilegeValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA
RegCloseKey

ole32

CoCreateInstance
CoInitialize

comctl32

ord17

shell32

ShellExecuteA
SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetSpecialFolderPathA

shlwapi

SHDeleteKeyA

wsock32

WSAStartup
socket
closesocket
getsockname

Sections

.text
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

468ab4a6509bed9ef7d72aaace6d539f

Headers

File Characteristics

Imports

kernel32

gdi32

user32

advapi32

ole32

comctl32

shell32

shlwapi

wsock32

Sections

.text Size: 112KB - Virtual size: 109KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 12KB - Virtual size: 19KB

.rsrc Size: 40KB - Virtual size: 39KB

.text
Size: 112KB - Virtual size: 109KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 40KB - Virtual size: 39KB