b1185b0be8d2abe1c72b64d2b3cd3fe0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b1185b0be8d2abe1c72b64d2b3cd3fe0_JaffaCakes118
Size

562KB
MD5

b1185b0be8d2abe1c72b64d2b3cd3fe0
SHA1

98fe15cde97408723041ca9a5a5c65b1efa5e191
SHA256

2f55aed8e7e7d9ca478b12cc51ac34a3e8104bb53f432ac22be743d275303a42
SHA512

db908fa4b7a2d81b51c449dbbf49b63321479a422e6109b508e4fc3e4d0cf1eec85dab47b3000a0a29b75d8151822c6aa4792305f8c665d99341e244d42ebae3
SSDEEP

12288:Y9GakPXliL61Xx+3G+W3j3fEPTwQ+g8M6aljM:NVliu1X4OL0T/+g8PwjM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1185b0be8d2abe1c72b64d2b3cd3fe0_JaffaCakes118

Files

b1185b0be8d2abe1c72b64d2b3cd3fe0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9e2263d4ffc3ca0d4600ef3ff8825d50

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\kisengine\kisengine\product\win32\dbginfo\klivesetup.pdb

Imports

kernel32

LoadLibraryW
GetProcAddress
GetPrivateProfileSectionNamesW
FormatMessageW
SetFilePointer
CreateDirectoryW
GetSystemDirectoryW
ResumeThread
GlobalFree
ResetEvent
SetEvent
CompareStringW
GetDriveTypeW
lstrcmpW
MulDiv
Process32NextW
TerminateProcess
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
WritePrivateProfileStringW
GetModuleHandleW
CreateMutexW
FreeLibrary
lstrcmpiW
InterlockedIncrement
GetComputerNameA
lstrlenA
GetWindowsDirectoryW
IsBadWritePtr
GetSystemTimeAdjustment
GetTempPathW
GetLocalTime
MoveFileW
FindClose
FindNextFileW
FindFirstFileW
RemoveDirectoryW
GetCurrentThreadId
SetEnvironmentVariableA
CompareStringA
SetEndOfFile
CreateFileA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetTimeZoneInformation
GetModuleFileNameA
GetStdHandle
GetConsoleMode
GetConsoleCP
HeapCreate
IsValidCodePage
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
GetStartupInfoW
GetModuleHandleA
GetSystemTimeAsFileTime
GetFileAttributesW
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
CreateEventW
LoadLibraryExW
InterlockedDecrement
FlushInstructionCache
GetCurrentProcess
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
GetDiskFreeSpaceExW
GetFileSize
GetVersionExW
ExitProcess
LoadResource
LockResource
GetPrivateProfileStringW
SizeofResource
GetModuleFileNameW
Sleep
LeaveCriticalSection
EnterCriticalSection
IsBadReadPtr
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
FindResourceW
lstrlenW
TerminateThread
ReadFile
WriteFile
CreateFileW
CloseHandle
WaitNamedPipeW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
RaiseException
CreateThread
WideCharToMultiByte
GetLastError
GetPrivateProfileIntW
CreateProcessW
DeleteFileW
CopyFileW
FindResourceExW
MultiByteToWideChar
SetFileAttributesW

user32

LoadCursorW
GetMenu
SetWindowPos
AdjustWindowRectEx
CreateWindowExW
GetDlgItem
MapWindowPoints
GetClientRect
IsWindow
GetWindow
SetWindowLongW
EndDialog
GetParent
MessageBoxW
DispatchMessageW
TranslateMessage
PeekMessageW
SendMessageW
PostMessageW
SetRect
GetUpdateRect
SetWindowRgn
SetRectEmpty
TrackPopupMenuEx
CreateDialogParamW
SetDlgItemTextW
InvalidateRgn
EnableMenuItem
IsChild
GetFocus
GetSystemMenu
SetFocus
GetDesktopWindow
GetSysColor
GetWindowTextLengthW
DestroyAcceleratorTable
CreateAcceleratorTableW
EnableWindow
RedrawWindow
GetWindowTextW
GetClassInfoExW
GetDC
ScreenToClient
RegisterClassExW
GetClassNameW
GetMonitorInfoW
LoadStringW
DestroyMenu
DrawEdge
AppendMenuW
PostQuitMessage
TrackPopupMenu
LoadIconW
CreatePopupMenu
InflateRect
FillRect
DrawFocusRect
RegisterWindowMessageW
IsIconic
OpenIcon
GetCursorPos
DefWindowProcW
GetSystemMetrics
ClientToScreen
CallWindowProcW
GetActiveWindow
DrawTextW
CharNextW
GetWindowDC
UpdateWindow
LoadImageW
IsWindowEnabled
EndPaint
DialogBoxParamW
BeginPaint
GetDlgCtrlID
OffsetRect
ReleaseDC
ReleaseCapture
PtInRect
GetCapture
DestroyWindow
SetCapture
SetCursor
MoveWindow
KillTimer
SetTimer
ShowWindow
GetWindowRect
InvalidateRect
DestroyCursor
LoadBitmapW
SystemParametersInfoW
SetWindowTextW
GetWindowLongW
UnregisterClassA
CopyImage
ExitWindowsEx
MonitorFromPoint

gdi32

CreateFontIndirectW
DeleteObject
CreateFontW
GetObjectW
SetViewportOrgEx
CreateCompatibleBitmap
BitBlt
SetBkMode
SetTextColor
GetStockObject
TextOutW
StretchBlt
CreateSolidBrush
CreateCompatibleDC
SelectObject
SetBkColor
ExtTextOutW
GetDeviceCaps
CreateRectRgn
DeleteDC

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

shell32

ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
Shell_NotifyIconW
SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoCreateGuid
StringFromGUID2
OleLockRunning
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoInitialize
CoUninitialize
CoGetClassObject
OleUninitialize
CLSIDFromProgID
CLSIDFromString
OleInitialize
CreateStreamOnHGlobal

oleaut32

SysStringLen
OleCreateFontIndirect
SysAllocStringLen
LoadRegTypeLi
LoadTypeLi
VariantClear
SysStringByteLen
VarUI4FromStr
OleLoadPicture
SysFreeString
VariantInit
SysAllocString

shlwapi

PathUnquoteSpacesW
StrToIntW
PathRemoveFileSpecW
PathFileExistsW
StrCmpNW
PathAddBackslashW

comctl32

CreatePropertySheetPageW
ImageList_Destroy
DestroyPropertySheetPage
InitCommonControlsEx
ImageList_Draw
_TrackMouseEvent
PropertySheetW
ImageList_GetIconSize
ImageList_Add
ImageList_Create

wintrust

WinVerifyTrust

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 372KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e2263d4ffc3ca0d4600ef3ff8825d50

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

wintrust

version

Sections

.text Size: 372KB - Virtual size: 368KB

.rdata Size: 76KB - Virtual size: 74KB

.data Size: 24KB - Virtual size: 29KB

.rsrc Size: 196KB - Virtual size: 193KB

.text
Size: 372KB - Virtual size: 368KB

.rdata
Size: 76KB - Virtual size: 74KB

.data
Size: 24KB - Virtual size: 29KB

.rsrc
Size: 196KB - Virtual size: 193KB