b61f3978e7de1b6f2c8c4b15bd449854_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b61f3978e7de1b6f2c8c4b15bd449854_JaffaCakes118
Size

560KB
MD5

b61f3978e7de1b6f2c8c4b15bd449854
SHA1

74e394432c01ffa82d4cc6f5c05150d4c870b23b
SHA256

d7e62186daf90be3e2a8aa17f43df174972b2cd3680d053f9d70f4a80c2dea21
SHA512

ccd992e6771f95f2bc502bbe6a04e137ad419f914319e6bff1d6f5b01bf435798ce27c4d6a31056b30bcccd2c93d31d7ccb24ac621749c4997b6457e29502cdb
SSDEEP

12288:Sw2rgIkPYBQ9KFxIdqHNH4H4WuXHPU0OWDOebcj0O:SkIkPYBQpdqHNH4YWu3PU0XKeb/O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b61f3978e7de1b6f2c8c4b15bd449854_JaffaCakes118

Files

b61f3978e7de1b6f2c8c4b15bd449854_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d737c956f3aa3b7339faec4d1dda7bcc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Build_Setup1\SR_Auto_Build\Build_Root\Code\Austin\GenSetup\Release\Setup.pdb

Imports

winmm

waveOutGetNumDevs
timeGetTime
waveOutGetDevCapsA
PlaySoundA

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
GetVolumeInformationA
Sleep
GetSystemDirectoryA
ResetEvent
SetEvent
GetTempPathA
GetLastError
lstrcmpiA
WaitForSingleObject
LocalFree
FormatMessageA
lstrcmpA
RemoveDirectoryA
IsDBCSLeadByte
GetFullPathNameA
lstrcpynA
GetWindowsDirectoryA
SetLastError
GetFileAttributesA
GetVersionExA
LockResource
LoadResource
FindResourceA
GetShortPathNameA
GetExitCodeProcess
GetUserDefaultLCID
GetLocaleInfoA
VerLanguageNameA
CreateProcessA
SetFileAttributesA
GetTempFileNameA
ReleaseMutex
CreateMutexA
OpenEventA
CreateEventA
GetModuleHandleA
MultiByteToWideChar
VirtualProtect
SizeofResource
FindFirstChangeNotificationA
FindCloseChangeNotification
FindNextChangeNotification
GetPrivateProfileStringA
TerminateProcess
WaitForMultipleObjects
WritePrivateProfileStringA
SetFilePointer
ExpandEnvironmentStringsA
GetDriveTypeA
_lclose
_llseek
_lopen
GetSystemTime
GetSystemDefaultLangID
FindFirstFileA
SetErrorMode
VirtualAlloc
GlobalMemoryStatus
GetSystemInfo
GetCurrentProcess
GetTickCount
DeviceIoControl
CreateDirectoryA
WriteFile
ReadFile
SetFileTime
GetFileTime
GetFileSize
GetFileType
MoveFileExA
SetEndOfFile
GetCurrentDirectoryA
CopyFileA
DeleteFileA
GetModuleFileNameA
GetDiskFreeSpaceA
SetCurrentDirectoryA
GetLogicalDrives
FindNextFileA
ResumeThread
SetPriorityClass
GetCurrentThread
SetThreadPriority
GetEnvironmentVariableA
FlushFileBuffers
CreateThread
WideCharToMultiByte
CompareFileTime
QueryPerformanceCounter
GetThreadPriority
GetPriorityClass
QueryPerformanceFrequency
ExitThread
GetExitCodeThread
SuspendThread
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
IsBadWritePtr
IsBadReadPtr
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
RtlUnwind
ExitProcess
GetStartupInfoA
GetCommandLineA
HeapFree
HeapAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
RaiseException
LCMapStringA
LCMapStringW
GetCPInfo
FindClose
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
HeapSize
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapDestroy
HeapCreate
VirtualQuery
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
GetACP
GetOEMCP
IsBadCodePtr
GetTimeZoneInformation
SetStdHandle
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
lstrcatA
CreateFileA
CloseHandle
lstrcpyA
lstrlenA
VirtualFree

user32

GetDC
EnumDisplaySettingsA
ExitWindowsEx
IsWindow
SystemParametersInfoA
GetClassNameA
CharToOemA
FindWindowExA
EnumWindows
SetCursor
LoadCursorA
DestroyCursor
IsDialogMessageA
GetMessageA
GetWindowLongA
RedrawWindow
GetUpdateRect
EndPaint
BeginPaint
CopyRect
IntersectRect
SetWindowTextA
GetWindowRect
IsWindowVisible
UnionRect
IsChild
IsRectEmpty
RemovePropA
GetWindowTextA
ReleaseCapture
GetCapture
EnableWindow
GetParent
GetNextDlgGroupItem
UnregisterClassA
OffsetRect
ReleaseDC
GetKeyState
GetNextDlgTabItem
ScreenToClient
CallWindowProcA
GetClassInfoA
ClientToScreen
PtInRect
DrawTextA
DrawTextExA
GrayStringA
SetWindowRgn
CreateDialogIndirectParamA
EndDialog
MessageBeep
MapWindowPoints
GetMessagePos
DialogBoxIndirectParamA
RegisterWindowMessageA
GetSystemMetrics
GetWindowPlacement
SetWindowLongA
PostQuitMessage
EnableMenuItem
InvalidateRect
FillRect
LoadIconA
EqualRect
GetWindowTextLengthA
GetAsyncKeyState
VkKeyScanExA
GetKeyboardLayout
MessageBoxA
LoadStringA
CharPrevA
GetKeyboardType
PeekMessageA
TranslateMessage
DispatchMessageA
CharUpperA
MsgWaitForMultipleObjects
GetDesktopWindow
WaitForInputIdle
LoadImageA
SetCapture
IsWindowEnabled
SetTimer
KillTimer
wsprintfA
SetWindowPos
IsIconic
GetFocus
FindWindowA
ShowWindow
SetRectEmpty
CreateWindowExA
SetPropA
RegisterClassA
DefWindowProcA
GetPropA
DestroyWindow
SetForegroundWindow
SetFocus
SetActiveWindow
CharNextA
SendMessageA
PostMessageA
wvsprintfA

gdi32

CreateRectRgn
SetBkColor
SetBkMode
SetTextColor
SelectObject
GetTextMetricsA
SetTextAlign
GetDeviceCaps
SelectPalette
RealizePalette
CreateDIBSection
SetDIBits
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
GetSystemPaletteEntries
GetObjectA
GetDIBColorTable
CreateFontA
CreateCompatibleDC
BitBlt
DeleteDC
CombineRgn
CreateBrushIndirect
GetStockObject
DeleteObject
AddFontResourceA
RemoveFontResourceA

advapi32

RegQueryInfoKeyA
OpenProcessToken
RegQueryValueExA
RegCloseKey
CloseServiceHandle
OpenSCManagerA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
RegOpenKeyExA
GetUserNameA
AdjustTokenPrivileges
LookupPrivilegeValueA

comctl32

ImageList_LoadImageA
ImageList_Destroy

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

imm32

ImmGetContext

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetSpecialFolderPathA
ShellExecuteExA
SHChangeNotify

ole32

CoCreateInstance
CoInitialize
OleUninitialize
OleInitialize
CoUninitialize

Exports

Exports

?DialogProc@CAppAlert@@SGHPAUHWND__@@IIJ@Z
?DialogProc@CAppMessage@@SGHPAUHWND__@@IIJ@Z
?DialogProc@CDirBrowser@@SGHPAUHWND__@@IIJ@Z
?HotsetupCallback@@YG?AW4EBURETCODE@@PAX@Z
LaunchGame

Sections

.text
Size: 440KB - Virtual size: 437KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 24KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d737c956f3aa3b7339faec4d1dda7bcc

Headers

File Characteristics

PDB Paths

Imports

winmm

kernel32

user32

gdi32

advapi32

comctl32

version

imm32

shell32

ole32

Exports

Exports

Sections

.text Size: 440KB - Virtual size: 437KB

.rdata Size: 72KB - Virtual size: 70KB

.data Size: 24KB - Virtual size: 63KB

.rsrc Size: 20KB - Virtual size: 19KB

.text
Size: 440KB - Virtual size: 437KB

.rdata
Size: 72KB - Virtual size: 70KB

.data
Size: 24KB - Virtual size: 63KB

.rsrc
Size: 20KB - Virtual size: 19KB