e1406441b554d59ffa087381600e215a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e1406441b554d59ffa087381600e215a_JaffaCakes118
Size

88KB
MD5

e1406441b554d59ffa087381600e215a
SHA1

6fb2dfc25a0362f3e1ae08a017c620687019bdd7
SHA256

91fa498ed744acf70268bdec4e24d19e7253a560c5056aed6d7a255813ddce1a
SHA512

6a4411bfccf61c75e1ed65138e47640eb8a91f10e711befebc417ed9dcca2cb705a9b24bb20246dddb8e05cbe53530ecbbae497402444453ff3c67504d0f7eb0
SSDEEP

1536:QPCXR3JFAhl5ErRCFgN1zDJ3okFph/CPTK:Q6lAzuGCvJ3oLT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1406441b554d59ffa087381600e215a_JaffaCakes118

Files

e1406441b554d59ffa087381600e215a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c1d533ebefb2bfc5721aac00fcd9664a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

PDB Paths

muisetup.pdb

Imports

msvcrt

wcscmp
swprintf
memmove
wcstok
_wsplitpath
sprintf
strrchr
_c_exit
_exit
_XcptFilter
_cexit
wcstol
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
wcslen
_wcsicmp
exit
_wtoi64
wcscpy
wcschr
wcscat
wcsncpy

advapi32

RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegDeleteValueW

kernel32

GetTickCount
QueryPerformanceCounter
GetFileSize
ReadFile
CreateFileA
DosDateTimeToFileTime
LocalFileTimeToFileTime
TerminateProcess
SetFileAttributesA
_lcreat
_llseek
GetCurrentThreadId
_lwrite
_lread
_lopen
GetVersionExW
MoveFileExW
VerifyVersionInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoA
_lclose
GetSystemTimeAsFileTime
MultiByteToWideChar
RemoveDirectoryW
GetSystemDirectoryW
CreateDirectoryW
SetFileTime
VerSetConditionMask
GetWindowsDirectoryW
GetProcAddress
lstrcpyW
GetLocaleInfoW
GetLastError
CreateMutexW
GetCurrentProcessId
GetPrivateProfileStringW
GetVolumeInformationW
GetModuleFileNameW
CloseHandle
FreeLibrary
LocalFree
GetPrivateProfileIntW
GetSystemDefaultUILanguage
SetFileAttributesW
GetFileAttributesW
DeleteFileW
WaitForSingleObject
CreateProcessW
lstrcatW
WriteFile
CreateFileW
SetFilePointer
FormatMessageW
lstrlenW
LocalAlloc
GetCurrentProcess
ExitProcess
DeviceIoControl
LoadLibraryW
GetModuleHandleW
GetSystemInfo
lstrcmpW
GetUserDefaultUILanguage
GetDiskFreeSpaceExW
OutputDebugStringW
GetSystemDefaultLangID
GlobalFree
GetCommandLineW
FindClose
FindNextFileW
FindFirstFileW
lstrcmpiW
CopyFileW
WideCharToMultiByte

user32

LoadCursorW
wsprintfW
MessageBoxW
LoadStringW
SetForegroundWindow
ShowWindow
IsIconic
IsWindow
FindWindowW
SendMessageW
GetDlgItem
EndDialog
GetSystemMetrics
GetClientRect
SetWindowTextW
CreateDialogParamW
ExitWindowsEx
PostMessageW
SetWindowLongW
GetSysColor
DestroyWindow
EnableWindow
CheckDlgButton
IsDlgButtonChecked
SetCursor
SetDlgItemTextA
IsWindowVisible
GetDesktopWindow
CharLowerW
WinHelpW
LoadIconW
SetFocus
DialogBoxParamW
MessageBoxA
LoadStringA
DispatchMessageW
TranslateMessage
PeekMessageW

comctl32

ord17

setupapi

SetupCloseInfFile
SetupFindFirstLineW
SetupOpenInfFileW
SetupFindNextLine
SetupGetStringFieldW
SetupGetIntField

shlwapi

StrCatW
StrStrIW
StrRChrIW
PathCombineW
PathAppendW
PathFileExistsW

shell32

ord680
CommandLineToArgvW
ShellExecuteExW

lz32

LZClose
LZCopy
LZOpenFileW
GetExpandedNameW

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c1d533ebefb2bfc5721aac00fcd9664a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

user32

comctl32

setupapi

shlwapi

shell32

lz32

Sections

.text Size: 42KB - Virtual size: 42KB

.data Size: 512B - Virtual size: 27KB

.rsrc Size: 45KB - Virtual size: 65KB

.text
Size: 42KB - Virtual size: 42KB

.data
Size: 512B - Virtual size: 27KB

.rsrc
Size: 45KB - Virtual size: 65KB