c93e402a025f018f0b6e2061fa894fec_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c93e402a025f018f0b6e2061fa894fec_JaffaCakes118
Size

638KB
MD5

c93e402a025f018f0b6e2061fa894fec
SHA1

8404d399f39c9c5bb08a179c0d0b41d9c04a3083
SHA256

2b940e5b47f202986f0a75f99e60164c298199cfa219a423c873f2d815d15193
SHA512

53e46afdf8761634a24d02f5d1e6da19e1f684a9dd41f63da31f88afd28a49178dc5ff1e3ec1a0d62d12c24015d81d1a54b6f45841f606d0533071fb79beff05
SSDEEP

12288:DSRQuZQ1ROzQyo0DJ0q2X90LG4nppebW6stCJbEMMjmXqJIIRseSohv2qiA4hWzp:G7I5W61bEMMCqJ2oRhOkd2FmZp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c93e402a025f018f0b6e2061fa894fec_JaffaCakes118

Files

c93e402a025f018f0b6e2061fa894fec_JaffaCakes118
.exe windows:4 windows x86 arch:x86

df8366e0ca1ba0abb659338596c1996e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\DistributedAutoLink\Temp\CompileOutputDir\Updater.pdb

Imports

kernel32

WideCharToMultiByte
MoveFileA
lstrcmpiA
FlushFileBuffers
WriteFile
SetEndOfFile
SetFilePointer
SetFileTime
SystemTimeToFileTime
DeleteFileA
SetFileAttributesA
FileTimeToSystemTime
FindClose
FindFirstFileA
GetLocalTime
lstrcatA
GetTempPathA
GetPrivateProfileIntA
GetDriveTypeA
WritePrivateProfileStringA
GetLogicalDriveStringsA
GetSystemDirectoryA
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
HeapAlloc
GetPrivateProfileStringA
GetFileSize
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringA
GetTickCount
IsBadReadPtr
MultiByteToWideChar
Sleep
ReadFile
GetVersion
lstrlenW
lstrcmpiW
CompareStringA
CompareStringW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
GlobalUnlock
GlobalLock
InterlockedIncrement
InterlockedDecrement
MulDiv
LoadLibraryExA
IsDBCSLeadByte
GetCommandLineA
ReleaseMutex
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateMutexA
RemoveDirectoryA
FindNextFileA
GetFileAttributesA
GetDiskFreeSpaceA
lstrcpynA
FindResourceExA
SuspendThread
ResumeThread
TerminateThread
OpenProcess
CreateProcessA
GetPrivateProfileSectionA
CreateDirectoryA
GetLastError
GetTempFileNameA
lstrcmpA
LocalFree
SetEnvironmentVariableA
GetLocaleInfoW
SetStdHandle
SetConsoleCtrlHandler
IsBadCodePtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
GetStdHandle
SetHandleCount
UnhandledExceptionFilter
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
GetOEMCP
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThread
TlsAlloc
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
SetUnhandledExceptionFilter
QueryPerformanceCounter
FatalAppExitA
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoA
CreateThread
ExitThread
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetSystemTimeAsFileTime
RtlUnwind
ExitProcess
GetModuleHandleA
HeapSize
HeapReAlloc
HeapDestroy
FindResourceA
LoadResource
LockResource
SizeofResource
GetExitCodeThread
SetLastError
GetModuleFileNameA
CreateFileA
CloseHandle
DeviceIoControl
GetWindowsDirectoryA
LoadLibraryA
GetProcAddress
GlobalAlloc
GlobalFree
lstrcpyA
FreeLibrary
lstrlenA
GetProcessHeap
HeapFree
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
CopyFileA
InterlockedExchange

user32

MessageBeep
SetFocus
GetDlgItem
SetDlgItemTextA
SetWindowPos
UnregisterClassA
PostMessageA
SetWindowLongA
GetWindowTextA
GetWindowTextLengthA
RegisterWindowMessageA
wsprintfA
IsWindow
EndDialog
DestroyWindow
GetWindowLongA
SetWindowTextA
GetWindowRect
ShowWindow
IsWindowEnabled
EnableWindow
GetLastActivePopup
MessageBoxA
IsDialogMessageA
MapWindowPoints
GetClientRect
SystemParametersInfoA
GetWindow
GetParent
CharUpperA
FindWindowA
wvsprintfA
DestroyIcon
LoadIconA
SendMessageA
CreateDialogIndirectParamA
PostQuitMessage
PtInRect
GetCursorPos
DialogBoxParamA
KillTimer
GetClassNameA
GetDlgCtrlID
DefWindowProcA
CharNextA
GetDC
ReleaseDC
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
CharUpperW
CharLowerW
CharLowerA
GetActiveWindow
GetSystemMetrics
LoadImageA
SetForegroundWindow

gdi32

GetDeviceCaps
GetObjectA
GetStockObject

advapi32

CloseServiceHandle
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
InitializeAcl
AddAce
GetLengthSid
CopySid
IsValidSid
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegCreateKeyA
RegSetValueExA
RegQueryValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CreateServiceA
OpenServiceA
OpenSCManagerA
StartServiceA

shell32

Shell_NotifyIconA

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeSecurity
CoCreateInstance

oleaut32

SetErrorInfo
GetErrorInfo
CreateErrorInfo
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayDestroy
VariantChangeType
SysAllocStringLen
VarBstrCat
SysStringLen
SysAllocString
VariantInit
VariantClear
VariantCopy
SysFreeString
VarUI4FromStr

shlwapi

PathSkipRootA
PathRemoveFileSpecA
PathFileExistsA

comctl32

InitCommonControlsEx

wininet

InternetCloseHandle
InternetAttemptConnect
InternetConnectA
InternetOpenA
InternetSetOptionA
InternetCrackUrlA
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
HttpAddRequestHeadersA

wsock32

WSACleanup
WSAStartup
ioctlsocket
htons
recv
send
select
closesocket
connect
WSAGetLastError
socket
ntohs
htonl
inet_addr

rpcrt4

UuidCreate

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 440KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

df8366e0ca1ba0abb659338596c1996e

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

wininet

wsock32

rpcrt4

version

Sections

.text Size: 440KB - Virtual size: 438KB

.rdata Size: 64KB - Virtual size: 61KB

.data Size: 12KB - Virtual size: 22KB

.rsrc Size: 112KB - Virtual size: 112KB

.text
Size: 440KB - Virtual size: 438KB

.rdata
Size: 64KB - Virtual size: 61KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 112KB - Virtual size: 112KB