965abb313871f2f9870686d09c7857cd_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

965abb313871f2f9870686d09c7857cd_JaffaCakes118
Size

253KB
MD5

965abb313871f2f9870686d09c7857cd
SHA1

ca73a06ce83d1541f4c14a6ed0ff538b798f7836
SHA256

febcaab6acbe9703fc795b68b6d85a8f492284c22b26f097a9f6904c132f6408
SHA512

b790f19cd4941fffef9b97f9c295a4230acbaba5a93555c05f9688478fc0d467e42dfbdc6c650cd2d07d052b8830fe3fd713e9d629a86c2d37f8982cd56bcf8f
SSDEEP

3072:UUM7CFLD0Ujkib50YDQVLhp5YDgrAoTq+B5QVt7Q9+1/iOvpLPapK5i1m/DHyEMV:ZM7CTkib5FDQVuHom+/0LBLPapKAsvMV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
965abb313871f2f9870686d09c7857cd_JaffaCakes118

Files

965abb313871f2f9870686d09c7857cd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

625866542564f6be06c245363a7754bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\CMBuildDepot\LiveUpdate3.4\Products\LiveUpdate\Bin\Release\pdb\LuSetupMsi.pdb

Imports

shlwapi

PathAppendA
StrStrA

kernel32

WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetCurrentProcess
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateFileW
GetStringTypeW
GetStringTypeA
GetOEMCP
LCMapStringA
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
HeapCreate
HeapDestroy
VirtualFree
GetConsoleMode
GetConsoleCP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
IsValidCodePage
GetACP
GetSystemTimeAsFileTime
HeapSize
VirtualAlloc
HeapReAlloc
RaiseException
GetStartupInfoA
GetProcessHeap
HeapFree
GetCommandLineA
HeapAlloc
RtlUnwind
IsBadStringPtrA
GetCPInfo
GetLocaleInfoA
GlobalFlags
GetThreadLocale
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA
lstrcmpW
GetVersionExA
InterlockedIncrement
GetCurrentThreadId
FreeLibrary
InterlockedDecrement
GetModuleHandleA
GetProcAddress
TlsFree
GlobalFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalAlloc
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
GetModuleFileNameA
FindResourceA
LoadResource
LockResource
SizeofResource
CompareStringA
GetVersion
WideCharToMultiByte
InterlockedExchange
SetLastError
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
lstrcmpiA
DeleteFileA
Sleep
MoveFileExA
CreateFileA
ReadFile
lstrcpyA
ReleaseMutex
CloseHandle
CreateMutexA
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
GetLocalTime
GetDateFormatA
GetTimeFormatA
lstrcatA
lstrlenA
GetLastError
FormatMessageA
LocalFree
ExitProcess
MultiByteToWideChar
LCMapStringW

user32

PostQuitMessage
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
wsprintfA
SetWindowTextA
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
MessageBoxA
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetParent
SendMessageA
GetWindowThreadProcessId
UnhookWindowsHookEx
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
GetWindowTextA
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
SetWindowsHookExA
CallNextHookEx
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
DestroyMenu

gdi32

GetClipBox
GetStockObject
DeleteDC
GetDeviceCaps
CreateBitmap
SetTextColor
SetBkColor
DeleteObject
ExtTextOutA
SaveDC
RestoreDC
SetMapMode
PtVisible
RectVisible
TextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegEnumValueA
RegOpenKeyExA
RegCloseKey

shell32

SHGetFolderPathA

oleaut32

VariantClear
VariantChangeType
VariantInit

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.krdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

625866542564f6be06c245363a7754bf

Headers

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

oleaut32

oleacc

Sections

.text Size: 128KB - Virtual size: 126KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 8KB - Virtual size: 21KB

.rsrc Size: 4KB - Virtual size: 1KB

.krdata Size: 76KB - Virtual size: 76KB

.text
Size: 128KB - Virtual size: 126KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 4KB - Virtual size: 1KB

.krdata
Size: 76KB - Virtual size: 76KB