b621a51e9a4dcdaf8dcb20c946bd91c5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b621a51e9a4dcdaf8dcb20c946bd91c5_JaffaCakes118
Size

199KB
MD5

b621a51e9a4dcdaf8dcb20c946bd91c5
SHA1

140bfc19c5fa3c2d3def513ee99de593014b20b1
SHA256

13e96048c579e8f3c6b23ca1ab4db35c0251168d0215eff6739f12182627e625
SHA512

7160b73f62c8f3cfa3a98bf5add3dfe556ead9c136326bc56f514522cb4409dba9917ebab7fdf0b81fb100b38d66d22fcb84899c4d5a826389740584be5ad372
SSDEEP

3072:db89/DY9SEtH7AJAQ/TH+654LPEh4UT6hJLocDn5pTqBc+rlugf54TuVQwv:qY9SERcFp5hhQhJvDn5pTqBcZxTunv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b621a51e9a4dcdaf8dcb20c946bd91c5_JaffaCakes118

Files

b621a51e9a4dcdaf8dcb20c946bd91c5_JaffaCakes118
.dll windows:5 windows x86 arch:x86

bbdd17db86cd223ee4199eec58a99b2f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\hudson\workspace\decisionengine\CONFIG\Release\label\vs9\obj\Release\DecisionEngine.pdb

Imports

kernel32

DeleteFileW
GetTempPathW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
ReadFile
GetProcessHeap
SetEndOfFile
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
CreateFileW
CreateFileMappingW
MapViewOfFile
GetFileSize
UnmapViewOfFile
CloseHandle
LoadLibraryW
GetProcAddress
CreateToolhelp32Snapshot
Process32FirstW
lstrcmpiW
ProcessIdToSessionId
Process32NextW
OpenProcess
CreateProcessW
FreeLibrary
lstrcpyW
lstrcatW
lstrlenW
ExpandEnvironmentStringsW
WaitForSingleObject
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
HeapAlloc
GetLastError
HeapFree
HeapReAlloc
RaiseException
RtlUnwind
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
VirtualAlloc
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
GetTimeFormatA
GetDateFormatA
HeapSize
SetFilePointer
LoadLibraryA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
SetStdHandle

shell32

ShellExecuteW
SHGetSpecialFolderPathW

msi

ord103
ord125
ord8
ord17
ord74
ord145
ord139
ord140
ord48
ord116

shlwapi

SHDeleteKeyW

wininet

InternetSetOptionW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetQueryOptionW
InternetOpenW
InternetCrackUrlW
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
InternetSetCookieW
InternetConnectW

user32

wsprintfW

advapi32

RegEnumKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
DuplicateTokenEx
OpenProcessToken

ole32

CLSIDFromProgID
StringFromCLSID
CoTaskMemFree

Exports

Exports

DEAfterDialogs
DEAfterErrorD
DEAfterInterruptedD
DEAfterLD
DEAfterLDProduct
DEAfterSD
DEBeforeDialogs
DEExecutionBegin
DEExecutionBeginUninstall
DEExecutionEnd
DEExecutionEndUninstall
DEFinalize
DEShowTerms
DEShowTermsFissa

Sections

.text
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bbdd17db86cd223ee4199eec58a99b2f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

msi

shlwapi

wininet

user32

advapi32

ole32

Exports

Exports

Sections

.text Size: 147KB - Virtual size: 146KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 147KB - Virtual size: 146KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 11KB - Virtual size: 10KB