89e94e7f4b89041fdb72fb76eb0c8500_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

89e94e7f4b89041fdb72fb76eb0c8500_JaffaCakes118
Size

850KB
MD5

89e94e7f4b89041fdb72fb76eb0c8500
SHA1

f9651fc6d91c8e0cde175d8fba9decd24eba6543
SHA256

321d8cdbd195181e197ed390418d55593fb75e6c219499d844881d48e510e4b4
SHA512

37fd36393aec82735066a43ce82f5bd4025a8488a8af8eecf8fe0c82a122cd68f83282f04fece9379ed13f319e869975e19343673590d4bed672958a88d034fb
SSDEEP

24576:5bc8eG7CMbTXhD/IJ6BQQOTT8oZGvE1eycs/:OMbTBAGROn8JvE1eW/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89e94e7f4b89041fdb72fb76eb0c8500_JaffaCakes118

Files

89e94e7f4b89041fdb72fb76eb0c8500_JaffaCakes118
.exe windows:4 windows x86 arch:x86

20298c86476aa52f76de2dd946116a86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Prj\Tools\ManualUpdater_XYQYZ\Bin71\Release\ManualUpdater.pdb

Imports

kernel32

GetLastError
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
SetEvent
CloseHandle
CreateProcessA
MoveFileA
DeleteFileA
WaitForSingleObject
CreateDirectoryA
GetTempPathA
ResumeThread
ResetEvent
CreateEventA
OpenProcess
GetProcAddress
LoadLibraryA
TerminateProcess
GetShortPathNameA
ReadFile
GetFileSize
CreateFileA
CopyFileA
RemoveDirectoryA
GetTempFileNameA
WriteFile
Sleep
SetFilePointer
MoveFileExA
FlushFileBuffers
FileTimeToSystemTime
GetFileInformationByHandle
GetModuleFileNameA
FileTimeToLocalFileTime
SetEnvironmentVariableA
GetCurrentProcess
CompareStringA
SetEndOfFile
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
SetStdHandle
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
LCMapStringW
LCMapStringA
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
PeekNamedPipe
SetUnhandledExceptionFilter
TlsGetValue
lstrlenA
MultiByteToWideChar
GetModuleHandleA
lstrlenW
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
GetFileType
HeapAlloc
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetProcessHeap
HeapFree
DeleteCriticalSection
InitializeCriticalSection
TlsSetValue
TlsFree
SetLastError
TlsAlloc
HeapSize
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetTimeZoneInformation
GetCommandLineA
GetStartupInfoA
CreateThread
ExitThread
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
CompareStringW
RaiseException
RtlUnwind
ExitProcess

user32

SetTimer
GetWindowLongA
UnregisterClassA
EndDialog
KillTimer
LoadCursorA
BeginPaint
GetSysColor
EndPaint
LoadIconA
PostQuitMessage
EnableMenuItem
DefWindowProcA
MessageBoxA
SetDlgItemTextA
SendDlgItemMessageA
GetSystemMenu
SendMessageA
CharNextA
GetActiveWindow
DialogBoxParamA
DestroyWindow
InvalidateRect
LoadStringA
SetWindowLongA
EnableWindow
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgItem
GetParent
SetCursor

gdi32

SetBkMode
SetBkColor
TextOutA
DeleteObject
GetObjectA
CreateFontIndirectA
SetTextColor
SelectObject

advapi32

RegEnumKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetValueExA
RegDeleteKeyA
RegQueryInfoKeyA
RegCloseKey
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA

shell32

SHGetPathFromIDListA
SHFileOperationA
SHBrowseForFolderA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

oleaut32

VarUI4FromStr

shlwapi

PathRemoveFileSpecA
PathFindFileNameA
PathAppendA
PathRemoveBackslashA
PathRemoveBlanksA
PathIsDirectoryA
PathRenameExtensionA
PathFindExtensionA
PathFileExistsA

comctl32

ord17

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20298c86476aa52f76de2dd946116a86

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Sections

.text Size: 180KB - Virtual size: 179KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 8KB - Virtual size: 28KB

.rsrc Size: 112KB - Virtual size: 109KB

.reloc Size: 16KB - Virtual size: 12KB

.text
Size: 180KB - Virtual size: 179KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 8KB - Virtual size: 28KB

.rsrc
Size: 112KB - Virtual size: 109KB

.reloc
Size: 16KB - Virtual size: 12KB