94a17c41037961a0ea3679b5f3801087_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

94a17c41037961a0ea3679b5f3801087_JaffaCakes118
Size

591KB
MD5

94a17c41037961a0ea3679b5f3801087
SHA1

4d5d36dd4c1efbfd836c8048d3602966d302eedc
SHA256

13f7117fab626b663d2132e691315ec0e32cd13e24608fb49ba9e0133515482d
SHA512

64a7aa55c4e50c6a2849ac6a277171d48fe7532b8002e3fbf54593637becb842cd6ebf14c5c4a88790ab1681207d56fdc692b9ddc608f33935e2440311a2fc77
SSDEEP

12288:wFuxwGWg64AZaSvLGXf1xzTbyLlQxfoM9LEtkgxogkNP6Z:aQwGWSALCdx0lQxfoMotxax6Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94a17c41037961a0ea3679b5f3801087_JaffaCakes118

Files

94a17c41037961a0ea3679b5f3801087_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3fecab65be208cdce8f21dba9bc627fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Projects\LightInstaller\branch\SI\Release\LightInstaller.pdb

Imports

ws2_32

WSAStartup
WSAGetLastError
closesocket
listen
bind
htons
gethostbyname
socket
gethostname
connect
accept
send
recv

wininet

HttpQueryInfoA
FtpCommandA
FtpFindFirstFileA
FtpSetCurrentDirectoryA
InternetCreateUrlA
InternetCanonicalizeUrlA
InternetCrackUrlA
HttpEndRequestA
HttpSendRequestExA
InternetGetLastResponseInfoA
InternetQueryOptionA
InternetAutodial
InternetCloseHandle
InternetWriteFile
InternetSetOptionA
InternetGetCookieA
InternetReadFile
HttpSendRequestA
InternetOpenA
InternetConnectA
HttpOpenRequestA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

gdiplus

GdipCloneImage
GdipLoadImageFromFile
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectI
GdipGetImageWidth
GdipGetImageHeight

kernel32

DeleteCriticalSection
GetTempPathA
GetFileAttributesA
DeleteFileA
RemoveDirectoryA
Sleep
GetFileSizeEx
CreateProcessA
WaitForSingleObject
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
FindResourceA
LoadResource
SizeofResource
LockResource
GetModuleFileNameA
lstrcatA
CreateFileA
GetCurrentProcessId
TerminateProcess
GetLocalTime
SystemTimeToFileTime
FileTimeToDosDateTime
FreeLibrary
lstrlenA
lstrcmpiA
IsDBCSLeadByte
lstrlenW
LoadLibraryExA
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
LocalFree
CreateDirectoryA
CopyFileA
GetFileAttributesW
SetFilePointer
SetEndOfFile
FindFirstFileA
FindNextFileA
FormatMessageA
CreateFileW
ReadFile
WriteFile
GetModuleFileNameW
GetFileSize
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
InitializeCriticalSection
GetCurrentDirectoryA
CompareStringA
SetFileAttributesA
SetFileTime
MoveFileA
CreateThread
GetFileTime
GetExitCodeThread
TerminateThread
GetTickCount
CreateMutexA
ReleaseMutex
QueryPerformanceCounter
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
EncodePointer
DecodePointer
VirtualProtect
GetModuleHandleW
GetSystemInfo
VirtualQuery
ExitThread
GetCommandLineA
HeapSetInformation
GetModuleHandleA
FlushInstructionCache
GetCurrentProcess
SetLastError
RaiseException
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
GetLastError
MulDiv
GetStartupInfoW
RtlUnwind
UnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
HeapSize
ExitProcess
HeapCreate
GetStdHandle
GetCPInfo
GetACP
GetProcAddress
LoadLibraryA
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
LoadLibraryW
SetStdHandle
WriteConsoleW
FlushFileBuffers
InterlockedPushEntrySList
lstrcpyA
InterlockedCompareExchange

user32

IsRectEmpty
IntersectRect
RegisterWindowMessageA
KillTimer
SetTimer
UpdateWindow
CharNextA
InvalidateRect
InflateRect
wsprintfA
CopyRect
DestroyWindow
GetActiveWindow
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
CallWindowProcA
IsWindowEnabled
GetWindow
GetKeyState
ReleaseCapture
GetCapture
SetCapture
SetFocus
GetWindowLongA
DrawFocusRect
CharLowerA
DispatchMessageA
PeekMessageA
TranslateMessage
DialogBoxParamA
GetFocus
GetSysColorBrush
FillRect
GetSysColor
SetCursor
PtInRect
GetCursorPos
DefWindowProcA
SetRectEmpty
SetDlgItemTextA
EndDialog
LoadIconA
SendDlgItemMessageA
SetWindowLongA
CreateWindowExA
LoadCursorA
GetClassInfoExA
RegisterClassExA
SetWindowPos
DrawTextA
GetWindowDC
GetClientRect
BeginPaint
IsWindow
EnableWindow
MoveWindow
PostMessageA
MessageBoxA
ReleaseDC
GetDC
GetWindowTextA
GetParent
ScreenToClient
GetWindowRect
SetWindowTextA
ShowWindow
SendMessageA
GetDlgItem
UnregisterClassA
EndPaint

gdi32

BitBlt
CreateDCA
GetPixel
CreateCompatibleBitmap
LineTo
MoveToEx
CreatePen
GetTextMetricsA
GetObjectA
CreateCompatibleDC
CreateSolidBrush
SetBkColor
GetTextExtentPoint32A
GetDeviceCaps
DeleteDC
CreateFontIndirectA
SelectObject
SetTextColor
GetStockObject
SetBkMode
DeleteObject

advapi32

AllocateAndInitializeSid
RegQueryValueExA
RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyW
RegDeleteKeyA
CheckTokenMembership
FreeSid
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

shell32

Shell_NotifyIconA
SHGetFolderPathA
ShellExecuteExA
ShellExecuteA

ole32

CoUninitialize
CoCreateGuid
StringFromCLSID
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CLSIDFromProgID
CoGetClassObject
CoGetMalloc
OleRun
CoInitialize

oleaut32

VarUI4FromStr

comctl32

PropertySheetA
CreatePropertySheetPageA
DestroyPropertySheetPage

Sections

.text
Size: 355KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3fecab65be208cdce8f21dba9bc627fe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wininet

version

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

Sections

.text Size: 355KB - Virtual size: 355KB

.rdata Size: 80KB - Virtual size: 80KB

.data Size: 11KB - Virtual size: 19KB

.rsrc Size: 111KB - Virtual size: 111KB

.reloc Size: 27KB - Virtual size: 26KB

.text
Size: 355KB - Virtual size: 355KB

.rdata
Size: 80KB - Virtual size: 80KB

.data
Size: 11KB - Virtual size: 19KB

.rsrc
Size: 111KB - Virtual size: 111KB

.reloc
Size: 27KB - Virtual size: 26KB