aa7f0deeddb091f4de989701a1006b02_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aa7f0deeddb091f4de989701a1006b02_JaffaCakes118
Size

609KB
MD5

aa7f0deeddb091f4de989701a1006b02
SHA1

1737ca7a6c648c1580cf57fc3eef0c2ca5967ef5
SHA256

75d6c4aa5d2ca9361b6cbd5fc6e44f5cb2746143daa8b291e4fd60d3e1d09e76
SHA512

8d48f99bcf1191f582583f3e0a1355882a8716d37705272b27a3504493341e3602d4c630c851c8774caf08922a98917a5668a9ce79306187b457533ac2a27408
SSDEEP

12288:zk8Y2EQGYOm++RiSRI/XbbWFbkv7ONbMHh6X:zkl2POmZkSRuXbbWFkv7OVm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa7f0deeddb091f4de989701a1006b02_JaffaCakes118

Files

aa7f0deeddb091f4de989701a1006b02_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4bf79c13d13d1512660adb2d82d2e231

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\build\source\rnuninst\rel32s\r1puninst.pdb

Imports

kernel32

GetFileSize
CreateFileA
GetTempFileNameA
GetTempPathA
WideCharToMultiByte
GetDiskFreeSpaceA
GetVersionExA
GetDriveTypeA
RemoveDirectoryA
GetFileAttributesA
CreateDirectoryA
MoveFileA
GetWindowsDirectoryA
SetErrorMode
Process32Next
Process32First
CreateToolhelp32Snapshot
GetVersion
GetCurrentProcessId
InitializeCriticalSection
FlushFileBuffers
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
FindFirstFileA
GetLocaleInfoA
ReadFile
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateFileMappingA
GetModuleHandleA
GetStringTypeW
GetStringTypeA
VirtualAlloc
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
LeaveCriticalSection
EnterCriticalSection
SetStdHandle
GetSystemTimeAsFileTime
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
DeleteCriticalSection
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
FindClose
CreateProcessA
GetTickCount
GetExitCodeProcess
WaitForSingleObject
TerminateProcess
GetModuleFileNameA
RaiseException
DeleteFileA
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
Sleep
GetSystemDirectoryA
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
FindResourceExA
FindResourceA
LoadResource
LockResource
MapViewOfFile
GetLastError
UnmapViewOfFile
GetSystemInfo
GetEnvironmentVariableA
SetEnvironmentVariableA
FindNextFileA
LoadLibraryA
GetProcAddress
OpenProcess
CloseHandle
GetFullPathNameA
FreeLibrary
SizeofResource
WriteFile
ExitProcess
HeapSize
GetCurrentThreadId
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetCommandLineA
GetStartupInfoA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
GetFileType
SetEndOfFile
HeapFree
HeapAlloc
GetProcessHeap
SetFilePointer
HeapReAlloc
SetFileAttributesA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetEnvironmentVariableW

user32

CharPrevA
CharNextA
WaitForInputIdle
GetDesktopWindow
PeekMessageA
TranslateMessage
DispatchMessageA
SetWindowTextA
LoadIconA
GetSystemMenu
EnableMenuItem
SystemParametersInfoA
GetParent
SetWindowPos
DestroyWindow
CreateDialogParamA
DialogBoxIndirectParamA
ShowWindow
GetWindowRect
MoveWindow
DialogBoxParamA
SetDlgItemTextA
InvalidateRect
UpdateWindow
SendDlgItemMessageA
EndDialog
GetAsyncKeyState
GetDlgItem
GetClientRect
GetSystemMetrics
PostMessageA
GetDC
SendMessageA
ReleaseDC
GetSysColor
FillRect
LoadBitmapA
DrawTextExA
LoadStringA
MessageBoxA
IsWindow

advapi32

RegSetValueExA
RegEnumKeyA
RegCreateKeyA
RegSetValueA
RegQueryValueA
RegEnumKeyExA
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
EqualSid
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyA
RegOpenKeyA
RegQueryInfoKeyA
RegCloseKey

gdi32

GetStockObject
GetCurrentObject
CreateFontIndirectA
CreateSolidBrush
DeleteObject
GetObjectA
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
SetTextColor
SetBkColor

comctl32

ord17

shell32

ShellExecuteW

shlwapi

PathFindFileNameW
AssocQueryStringW

Sections

.text
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 366KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4bf79c13d13d1512660adb2d82d2e231

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

gdi32

comctl32

shell32

shlwapi

Sections

.text Size: 198KB - Virtual size: 197KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 366KB - Virtual size: 368KB

.text
Size: 198KB - Virtual size: 197KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 366KB - Virtual size: 368KB