d45bfd6575778e1be63a006af80de298_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d45bfd6575778e1be63a006af80de298_JaffaCakes118
Size

6.5MB
MD5

d45bfd6575778e1be63a006af80de298
SHA1

8f7f0a2d21e7f73df2559b55bba1590f7d59c3b1
SHA256

988f1defcc05b278e7ad947f1dbfc185a93cecc8cf350abb26e8ba4003f477c7
SHA512

6a036a92f08241f6a3489284f8cc4c603f5b04ce32fbd019e8b643e5c7667ba8f783c06d0f41435a5dd8521277c107b95d8b67112202f8948ca8e2e63e90aecb
SSDEEP

196608:BW5Cl1hrMOqQMXXrWBGruWAf2eepS8SNKgY7:qClXrvR+6BGCWnbSNKgY7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d45bfd6575778e1be63a006af80de298_JaffaCakes118

Files

d45bfd6575778e1be63a006af80de298_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5be323627176f6ccf6ac4fdcee341d6e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Git\shuame_pc_all\Shuame\Builder\Release\Installer\Setup\Basic\Bin\ShuamePacket.pdb

Imports

kernel32

FlushInstructionCache
DeleteCriticalSection
MapViewOfFileEx
CreateFileMappingW
UnmapViewOfFile
GlobalUnlock
GlobalLock
GlobalAlloc
MoveFileW
lstrcpynW
CopyFileW
GetTempPathW
GetLocalTime
GetDiskFreeSpaceExW
TerminateThread
FreeLibrary
lstrcmpiW
LoadLibraryExW
InterlockedDecrement
InterlockedIncrement
MapViewOfFile
WaitForMultipleObjects
GetExitCodeThread
GetSystemInfo
GetSystemTimes
GetSystemTimeAsFileTime
SetFilePointer
VirtualFree
VirtualAlloc
ReleaseSemaphore
ResetEvent
CreateSemaphoreW
GetStdHandle
WriteFile
GetFullPathNameW
SetEndOfFile
GetCPInfo
LocalAlloc
Process32FirstW
CreateToolhelp32Snapshot
QueryDosDeviceW
GetModuleHandleW
GetCurrentProcess
LoadLibraryW
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
OutputDebugStringW
CreateDirectoryW
GetModuleFileNameW
GetDriveTypeA
GetCurrentDirectoryA
GetModuleHandleA
CreateFileA
SetLastError
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
QueryPerformanceCounter
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
LCMapStringW
LCMapStringA
RtlUnwind
ExitThread
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedExchange
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
SetWaitableTimer
RaiseException
SizeofResource
FreeResource
GetCurrentThreadId
Sleep
CreateThread
SetEvent
CreateEventW
lstrlenW
ReadFile
GetFileSize
CreateFileW
GetSystemDirectoryW
RemoveDirectoryW
FindClose
FindNextFileW
GetTempFileNameW
MoveFileExW
DeleteFileW
SetFileAttributesW
GetFileAttributesW
GetProcAddress
GetDriveTypeW
GetLogicalDriveStringsW
GetVersion
lstrlenA
MultiByteToWideChar
GetLastError
GetTickCount
WideCharToMultiByte
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
FindResourceExW
FindResourceW
CreateWaitableTimerW
HeapFree
GetProcessHeap
HeapAlloc
ReleaseMutex
CreateMutexW
lstrcmpW
FindFirstFileW
Process32NextW
TerminateProcess
OpenProcess
LoadResource
LockResource
GetCurrentProcessId

user32

LoadCursorW
CopyRect
IsRectEmpty
InvalidateRect
IsWindow
IntersectRect
SendMessageW
UnregisterClassA
PtInRect
ShowWindow
DestroyWindow
GetKeyState
IsWindowEnabled
MoveWindow
GetClientRect
GetMonitorInfoW
SetRect
GetDC
InflateRect
ReleaseDC
GetDesktopWindow
SetCursor
CharLowerW
CharUpperW
DestroyIcon
CharNextW
SetActiveWindow
GetActiveWindow
GetWindow
MapWindowPoints
EnableWindow
LoadImageW
LoadBitmapW
SetFocus
SetForegroundWindow
IsIconic
EqualRect
GetCursorPos
UpdateLayeredWindow
GetClassInfoExW
RegisterClassExW
CreateWindowExW
SetRectEmpty
PostThreadMessageW
UpdateWindow
IsWindowVisible
IsDialogMessageW
MessageBoxW
KillTimer
SetTimer
LoadIconW
SetWindowPos
PostMessageW
UnionRect
OffsetRect
BeginPaint
EndPaint
SetCapture
ScreenToClient
ReleaseCapture
GetDlgCtrlID
InvalidateRgn
GetParent
GetDlgItem
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetWindowRect
MonitorFromWindow

gdi32

CombineRgn
CreateRectRgnIndirect
CreateFontIndirectW
GetStockObject
GetObjectW
DeleteDC
GetTextExtentPoint32W
GetRgnBox
CreateDIBSection
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
SelectObject
RectInRegion
DeleteObject

advapi32

InitializeSecurityDescriptor
RegDeleteValueW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetSecurityDescriptorDacl

shell32

ord680
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHFileOperationW
SHGetPathFromIDListW
SHChangeNotify
SHBrowseForFolderW
ShellExecuteW

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoInitializeEx
CoUninitialize

oleaut32

VariantCopy
VariantClear
SysAllocString
SysFreeString
VarUI4FromStr

shlwapi

StrToIntA
PathAddBackslashW
SHDeleteKeyW
PathRemoveBackslashW
PathFileExistsW

comctl32

InitCommonControlsEx
_TrackMouseEvent

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

dbghelp

MakeSureDirectoryPathExists

iphlpapi

GetPerAdapterInfo
GetAdaptersInfo

netapi32

Netbios

wininet

InternetReadFileExA
HttpQueryInfoW
HttpEndRequestW
InternetWriteFile
InternetOpenW
InternetSetOptionW
HttpOpenRequestW
InternetCloseHandle
InternetSetStatusCallbackW
InternetConnectW
InternetCrackUrlW
HttpSendRequestExW

Sections

.text
Size: 679KB - Virtual size: 679KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 328KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5be323627176f6ccf6ac4fdcee341d6e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

dbghelp

iphlpapi

netapi32

wininet

Sections

.text Size: 679KB - Virtual size: 679KB

.rdata Size: 126KB - Virtual size: 126KB

.data Size: 21KB - Virtual size: 38KB

.rsrc Size: 328KB - Virtual size: 328KB

.text
Size: 679KB - Virtual size: 679KB

.rdata
Size: 126KB - Virtual size: 126KB

.data
Size: 21KB - Virtual size: 38KB

.rsrc
Size: 328KB - Virtual size: 328KB