d32cd3b1ad867dc2968e791e33056253_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d32cd3b1ad867dc2968e791e33056253_JaffaCakes118
Size

350KB
MD5

d32cd3b1ad867dc2968e791e33056253
SHA1

921d2bd1062625e9fdb7b5d3fa76a6d6479a2a27
SHA256

279a6eb0eedebace0b04b001a4da1aa71d679e25259bf07207b1a9885504be1e
SHA512

987c7cbd1ebe162dc9d299bb87e5eff3b0f310a05da07ca417c3041acd31eeef5b0220377aa24b8612a5955e68318aadd1d70db7a451f8c1a92ff251cdd1f3e7
SSDEEP

6144:Qo3YGDK8bK/RLnbwjZ9WdB7/XvhDtzLfyAErwzHI7pI+:Qo3Y4CRLkZ9WP7/X5FHIy+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d32cd3b1ad867dc2968e791e33056253_JaffaCakes118

Files

d32cd3b1ad867dc2968e791e33056253_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a0ac44b2395708f0ead5d5c692ad000d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

s:\mars\morpheus\mars\2.8\exe\Release\hpqusgl.pdb

Imports

kernel32

FindNextFileA
FindFirstFileA
LoadLibraryA
GetProcAddress
GetSystemDirectoryA
LocalFree
CopyFileA
GetPrivateProfileIntA
GetTempFileNameA
GetEnvironmentVariableA
GetVersionExA
WritePrivateProfileStringA
GetLastError
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
RaiseException
WaitForSingleObject
InterlockedDecrement
lstrcmpiA
SetEvent
CreateThread
CreateEventA
FindClose
GetModuleHandleW
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
Sleep
GetCurrentThreadId
GetCommandLineA
ReleaseMutex
OpenMutexA
OpenEventA
GetUserDefaultLCID
GetCurrentProcessId
GetTickCount
GetFileType
SetHandleCount
GetProcessHeap
FlushFileBuffers
lstrlenA
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSection
GetTempPathA
DeleteCriticalSection
QueryPerformanceCounter
WriteFile
OutputDebugStringA
CreateFileA
SetFilePointer
GetModuleHandleA
GetModuleFileNameA
EnterCriticalSection
CloseHandle
LeaveCriticalSection
InterlockedIncrement
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
InterlockedExchange
SetConsoleCtrlHandler
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetStringTypeW
GetStringTypeA
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
GetStdHandle
IsValidLocale
EnumSystemLocalesA
GetSystemTimeAsFileTime
RtlUnwind
GetTimeFormatA
GetDateFormatA
HeapAlloc
HeapFree
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
FatalAppExitA
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
GetLocaleInfoA

user32

CharNextA
GetMessageA
PostThreadMessageA
DispatchMessageA
CharNextW
MessageBoxA

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumValueA
RegEnumKeyA
RegDeleteValueA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
GetNamedSecurityInfoA
SetNamedSecurityInfoA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
ConvertStringSecurityDescriptorToSecurityDescriptorA

shell32

SHFileOperationA

ole32

CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemAlloc
StringFromGUID2

oleaut32

LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString
SysReAllocString
SysAllocStringLen
CreateErrorInfo
VariantClear
GetErrorInfo
VariantChangeType
VariantInit
SetErrorInfo

shlwapi

SHDeleteKeyA

Sections

.text
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lrdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a0ac44b2395708f0ead5d5c692ad000d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 211KB - Virtual size: 211KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 7KB - Virtual size: 13KB

.rsrc Size: 20KB - Virtual size: 20KB

.lrdata Size: 68KB - Virtual size: 68KB

.text
Size: 211KB - Virtual size: 211KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 7KB - Virtual size: 13KB

.rsrc
Size: 20KB - Virtual size: 20KB

.lrdata
Size: 68KB - Virtual size: 68KB