b4e45c80a65a85ae3e726bbee63c12d3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b4e45c80a65a85ae3e726bbee63c12d3_JaffaCakes118
Size

408KB
MD5

b4e45c80a65a85ae3e726bbee63c12d3
SHA1

00b4c5ac743127b2e5057a49e1b0b16369ce6b26
SHA256

a0593da1b702d0f1ced2e8abbfd5fb9d43aea59bb3cc56a31d05989989c46ad8
SHA512

6a521eaac978c285d0efd93655b3d55f1069617668b4a09a9bafa3eb33287812cd9a3e7d462f5cd56d0b7c0d8914b79ec679f63087276c81512921e0ed71d086
SSDEEP

12288:l675bmLW4mb3VExNF3qWbdjMNwbn9y6sY:ls5CWixNF35Yw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4e45c80a65a85ae3e726bbee63c12d3_JaffaCakes118

Files

b4e45c80a65a85ae3e726bbee63c12d3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

52876360693074b75228c103511bef13

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\bftemp\PreLoad-Install\PreLoad-Install_11\preload-install\src\Release\prsetup.pdb

Imports

setupapi

SetupCopyOEMInfW

kernel32

GlobalFlags
InterlockedIncrement
LocalAlloc
LeaveCriticalSection
GlobalReAlloc
GlobalHandle
EnterCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
FileTimeToSystemTime
SetErrorMode
WritePrivateProfileStringW
FileTimeToLocalFileTime
GetFileAttributesW
GetFileTime
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
TerminateProcess
SetStdHandle
GetFileType
HeapSize
VirtualProtect
VirtualAlloc
VirtualQuery
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
SetUnhandledExceptionFilter
IsBadWritePtr
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadCodePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
WideCharToMultiByte
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetModuleHandleA
LoadLibraryA
lstrcatW
lstrcmpW
GetVersionExA
lstrcpyW
lstrlenW
GlobalAlloc
lstrcpynW
GlobalLock
GlobalUnlock
GlobalFree
GetModuleFileNameW
GetComputerNameW
GetCommandLineW
FormatMessageW
LocalFree
GetStartupInfoW
CreateProcessW
GetExitCodeProcess
Sleep
GetPrivateProfileStringW
GetProcAddress
FreeLibrary
LoadLibraryW
GetModuleHandleW
EnumResourceTypesW
EnumResourceNamesW
FreeResource
OutputDebugStringW
CreateFileW
WriteFile
SetFileTime
CloseHandle
SetFileAttributesW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetEnvironmentVariableW
GetCurrentDirectoryW
SetLastError
CreateDirectoryW
GetLastError
MultiByteToWideChar
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
FindResourceW
LoadResource
LockResource
SizeofResource
GetSystemInfo

user32

LoadCursorW
GetSysColorBrush
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
CharUpperW
PostQuitMessage
wsprintfW
SetMenuItemBitmaps
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
ShowWindow
SetWindowTextW
RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
LoadIconW
PeekMessageW
MapWindowPoints
MessageBoxW
GetKeyState
SetForegroundWindow
IsWindowVisible
GetClientRect
GetMenu
PostMessageW
GetSysColor
AdjustWindowRectEx
GetClassInfoW
RegisterClassW
UnregisterClassW
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
SetCursor
DestroyMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetActiveWindow
GetSystemMetrics
DestroyWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetParent
SendMessageW
EnableWindow

gdi32

DeleteDC
GetStockObject
ExtTextOutW
TextOutW
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetDeviceCaps
DeleteObject
SetMapMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
Escape

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegOpenKeyW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey

comctl32

ord17

shlwapi

PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

|w
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

52876360693074b75228c103511bef13

Headers

File Characteristics

PDB Paths

Imports

setupapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oleaut32

Sections

.text Size: 120KB - Virtual size: 116KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 4KB - Virtual size: 3KB

|w Size: 244KB - Virtual size: 244KB

.text
Size: 120KB - Virtual size: 116KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 4KB - Virtual size: 3KB

|w
Size: 244KB - Virtual size: 244KB