d2d8234e3e693fa675df00df08af4c06_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d2d8234e3e693fa675df00df08af4c06_JaffaCakes118
Size

3.0MB
MD5

d2d8234e3e693fa675df00df08af4c06
SHA1

0111bd83d2c2fe3f3031658e0fae79f5fbb14271
SHA256

f36518bc6d6b2f0d45e0e3e285791f7a3cfed61c0d0525b9733c1272bfc267ff
SHA512

7d5c6dfa314e2dcd1eb9b29a2f82597a976f635909988b825be4e1ae7c43515284c73f680f10f550ccbe223e082f55fddebba0c537bd7db5a174273c1c0b5ad2
SSDEEP

49152:UMNSCX9kz0ZO1kf53IEaoj6uwQI5J/D1:UGbXSz0ZGkbaoj65Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2d8234e3e693fa675df00df08af4c06_JaffaCakes118

Files

d2d8234e3e693fa675df00df08af4c06_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2eb3ff660563c5c2fbd77befd3ef387d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\SpbSVN\trunk\Internal\SpbSetup\sources\SpbSetup\Release\SpbSetup.pdb

Imports

kernel32

GetUserDefaultUILanguage
SetLastError
lstrcmpiW
WideCharToMultiByte
CompareStringW
GetCurrentThreadId
EnterCriticalSection
Sleep
GetModuleHandleW
MulDiv
LeaveCriticalSection
DeleteCriticalSection
lstrlenA
InterlockedExchange
RaiseException
MultiByteToWideChar
InterlockedDecrement
LoadLibraryExW
GetModuleFileNameW
InterlockedIncrement
InitializeCriticalSection
LocalAlloc
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
FlushInstructionCache
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapCreate
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
GetModuleHandleA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
GetCurrentProcess
CreateThread
lstrcpyW
FlushFileBuffers
LockResource
LoadResource
FindResourceW
FindResourceExW
WritePrivateProfileStringW
DeleteFileW
GetLastError
GetFileSize
GetTempPathW
CreateDirectoryW
GetFileAttributesW
WaitForSingleObject
SetEndOfFile
CreateProcessW
SetFilePointer
UnmapViewOfFile
FreeLibrary
GetProcAddress
MapViewOfFile
LoadLibraryW
GetTempFileNameW
CreateFileMappingW
SizeofResource
CloseHandle
WriteFile
CreateFileW
ReadFile
lstrlenW
GetEnvironmentStringsW

user32

AppendMenuW
BeginPaint
TrackPopupMenu
GetParent
EndPaint
SendMessageW
LoadStringW
UnregisterClassA
MessageBoxW
FillRect
GetWindowLongW
CreatePopupMenu
GetDlgItemTextW
GetMonitorInfoW
SetWindowTextW
SetFocus
MonitorFromPoint
PostMessageW
LoadBitmapW
GetActiveWindow
SetRectEmpty
SetMenuItemInfoW
SystemParametersInfoW
GetWindow
PtInRect
SetCursor
ScreenToClient
InvalidateRect
DestroyMenu
SetWindowPos
ClientToScreen
MoveWindow
CreateWindowExW
UpdateWindow
MapWindowPoints
IsWindow
GetWindowRect
MessageBeep
IsDlgButtonChecked
GetClientRect
CallWindowProcW
GetWindowTextW
ReleaseDC
GetDlgItem
DefWindowProcW
GetDC
GetDlgCtrlID
LoadIconW
DrawTextW
DestroyIcon
GetSysColorBrush
RedrawWindow
EndDialog
GetWindowTextLengthW
GetSysColor
SetWindowLongW
LoadCursorW
OffsetRect
CheckDlgButton
IsWindowVisible
DialogBoxParamW
CopyRect
DrawFocusRect
IsWindowEnabled
GetClassNameW
GetFocus
GetCursorPos
CharNextW
ReleaseCapture
SetDlgItemTextW
LoadImageW
GetCapture
GetSystemMetrics
ShowWindow
EnableWindow
DestroyWindow
SetCapture

gdi32

SelectObject
SetBkMode
GetObjectW
GetCurrentObject
GetStockObject
GetTextExtentPoint32W
SetTextColor
SetBkColor
GetDeviceCaps
DPtoLP
DeleteDC
DeleteObject
CreateFontIndirectW

advapi32

RegDeleteKeyW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
ShellExecuteExW
FindExecutableW
ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize
CoCreateInstance
StringFromGUID2
CoUninitialize
CoTaskMemFree

oleaut32

VarUI4FromStr
SysFreeString

shlwapi

PathRemoveExtensionW
PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW

comctl32

CreatePropertySheetPageW
PropertySheetW
DestroyPropertySheetPage
InitCommonControlsEx
ImageList_Add
ImageList_Create
_TrackMouseEvent

wininet

InternetCloseHandle
InternetOpenW
HttpQueryInfoW
InternetReadFile
InternetCanonicalizeUrlW
InternetOpenUrlW
InternetSetFilePointer

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.drdata
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2eb3ff660563c5c2fbd77befd3ef387d

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

wininet

Sections

.text Size: 151KB - Virtual size: 151KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 10KB - Virtual size: 24KB

.rsrc Size: 2.7MB - Virtual size: 2.7MB

.drdata Size: 89KB - Virtual size: 92KB

.text
Size: 151KB - Virtual size: 151KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 10KB - Virtual size: 24KB

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

.drdata
Size: 89KB - Virtual size: 92KB