ef969531702093f1f9343bd8c3b4f459_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ef969531702093f1f9343bd8c3b4f459_JaffaCakes118
Size

669KB
MD5

ef969531702093f1f9343bd8c3b4f459
SHA1

aa94f3cb1e461d17fbfebd5826152146ed669860
SHA256

6bea2e4c711fca8dcf44d2b199a279a6f54b5a9461f115af75f24964afbe2abf
SHA512

83e6876acf9ffb88182d136025e0bd2c08e9d290f53d26bd70768146fdf8ccad7a27a8e40b1be5d3232154bbf5bcc13479fd19bd326736946d112de32a7d06f1
SSDEEP

12288:9Pzn4MsZDERnxrU6l9LbJRNNEF8yqO4viPYyf:9PMZ4Xw6l9LbnEF8yiI/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef969531702093f1f9343bd8c3b4f459_JaffaCakes118

Files

ef969531702093f1f9343bd8c3b4f459_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a3fcacb01606c7036e622902fd84ce2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\jenkins\workspace\WinZipDownloadManagerBuild_1.0\DownloadManager\Release\WinZip.pdb

Imports

kernel32

lstrlenA
ReadConsoleW
SetEndOfFile
WriteConsoleW
SetStdHandle
OutputDebugStringW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
CreateThread
GetStdHandle
GetProcessHeap
HeapSize
GetModuleHandleExW
ExitProcess
IsDebuggerPresent
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
MoveFileW
GetProcAddress
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
LoadLibraryExW
CloseHandle
GetLastError
GetACP
FindFirstFileW
GetNativeSystemInfo
CreateProcessW
GetCurrentProcess
CreateDirectoryW
GetTickCount
GetUserGeoID
WideCharToMultiByte
GetVersionExW
GetModuleFileNameW
GetTempPathW
GetLongPathNameW
FindClose
LocalAlloc
RemoveDirectoryW
FindNextFileW
DeleteFileW
LocalFree
SetUnhandledExceptionFilter
CopyFileW
CreateFileW
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
GetSystemTime
InitializeCriticalSection
GetSystemDirectoryW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetDiskFreeSpaceExW
GetUserDefaultUILanguage
InterlockedDecrement
WriteFile
Sleep
ReadFile
DeviceIoControl
GetFileSize
SetFilePointer
MoveFileExW
SetFilePointerEx
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
GetCommandLineA
HeapFree
HeapReAlloc
RaiseException
RtlUnwind
GetCPInfo
HeapAlloc
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateMutexW

user32

GetMonitorInfoW
GetWindowRect
MonitorFromPoint
AdjustWindowRectEx
CreateWindowExW
DestroyWindow
GetWindow
MonitorFromRect
DispatchMessageW
ShowWindow
GetFocus
LoadCursorW
SetFocus
GetClassLongW
WaitMessage
GetDC
DefWindowProcW
SetWindowTextW
GetClientRect
wsprintfW
SendMessageW
SetWindowPos
GetCursorPos
TranslateMessage
RegisterClassExW
GetWindowLongW
PeekMessageW
LoadStringW
MessageBoxW
IsIconic
SetForegroundWindow
FindWindowW
SetWindowLongW
PostQuitMessage
ReleaseDC

advapi32

DuplicateTokenEx
GetSidSubAuthority
GetTokenInformation
CreateProcessAsUserW
SetTokenInformation
RegCloseKey
RegOpenKeyExW
CheckTokenMembership
GetLengthSid
FreeSid
AllocateAndInitializeSid
OpenProcessToken
ConvertStringSidToSidW
RegEnumKeyW
RegQueryValueExW

ole32

CoUninitialize
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoInitializeEx
CoCreateInstance
CoCreateGuid
CreateBindCtx
StringFromGUID2
CoTaskMemFree
CoInitialize
CoSetProxyBlanket

shlwapi

PathFindFileNameW
PathAddBackslashW
PathCombineW
PathRemoveFileSpecW
PathAppendW
PathFileExistsW

urlmon

RegisterBindStatusCallback
CreateURLMonikerEx
RevokeBindStatusCallback
URLDownloadToFileW

dbghelp

MiniDumpWriteDump

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW

crypt32

CryptUnprotectData
CryptProtectData

winhttp

WinHttpSendRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpOpenRequest
WinHttpCrackUrl

msi

ord137
ord141
ord70
ord169
ord8
ord94
ord74
ord88
ord205

comctl32

ord412
ord410
ord413

shell32

SHCreateDirectoryExW
SHGetFolderPathW

oleaut32

SysAllocString
VariantClear
VariantCopy
SysFreeString
VariantInit
SysAllocStringLen

gdi32

GetDeviceCaps

Sections

.text
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3fcacb01606c7036e622902fd84ce2d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

shlwapi

urlmon

dbghelp

setupapi

crypt32

winhttp

msi

comctl32

shell32

oleaut32

gdi32

Sections

.text Size: 197KB - Virtual size: 196KB

.rdata Size: 55KB - Virtual size: 55KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 197KB - Virtual size: 196KB

.rdata
Size: 55KB - Virtual size: 55KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 11KB - Virtual size: 10KB