fe13da4349c2b8e6bd4f381a77739812_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fe13da4349c2b8e6bd4f381a77739812_JaffaCakes118
Size

178KB
MD5

fe13da4349c2b8e6bd4f381a77739812
SHA1

ea489a408c7c8457fe0c1c6cbd7c09c25869fc73
SHA256

2ea7ba53f55d1abcfb6e7b14c0b36ebc72ff38b4d1ec3603e1cabbcc752e86c0
SHA512

1d311ad683518f7c6af5959b43537f91232e2c4edc7d91fd014de6a3f2ace779aa24ee6e2523d84edd213044bbf13e21a1a7aae85a2bdb25368c730ec59a39ad
SSDEEP

3072:ysQT+sZMrRWYcClBt6SMe4DxbiT+vx0UqdDR2MUXgK0gUfQE4kx:lBt6SMjxbP+PDGQKNUfQE4M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe13da4349c2b8e6bd4f381a77739812_JaffaCakes118

Files

fe13da4349c2b8e6bd4f381a77739812_JaffaCakes118
.exe windows:6 windows x64 arch:x64

5b6f3786e430fff2ba433fa928fef4f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

iesetup.pdb

Imports

advapi32

RegDeleteKeyW
RegEnumValueW
RegOpenKeyExW
RegCloseKey
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
OpenProcessToken
DuplicateTokenEx
LookupPrivilegeValueW
AdjustTokenPrivileges

kernel32

GetTempFileNameW
FindFirstFileW
FindResourceExW
SetEnvironmentVariableW
CreateDirectoryW
InitializeCriticalSectionAndSpinCount
GetVersionExW
MoveFileW
FindClose
RemoveDirectoryW
FindNextFileW
GetUserDefaultUILanguage
GetWindowsDirectoryW
DeleteFileW
WaitForSingleObject
SetEvent
GetTickCount
InitializeCriticalSection
GetSystemDirectoryW
Sleep
FormatMessageW
GetExitCodeProcess
CreateEventW
WaitForMultipleObjects
CreateThread
lstrcmpiW
FreeLibrary
GetCurrentProcess
CreateProcessW
OpenProcess
LoadLibraryW
GetProcAddress
SetFilePointer
WriteFile
CreateFileW
FlushFileBuffers
SetLastError
GetLocalTime
MoveFileExW
GetTempPathW
SetProcessShutdownParameters
SetFileAttributesW
EnumResourceNamesW
LocalAlloc
GetLocaleInfoW
SizeofResource
EnumUILanguagesW
LockResource
EnumResourceLanguagesW
MulDiv
RaiseException
GetSystemDefaultLangID
GetUserDefaultLangID
GetCurrentDirectoryW
GetSystemInfo
ExpandEnvironmentStringsW
LocalFree
CloseHandle
GetModuleHandleW
DeleteCriticalSection
GetCommandLineW
CreateMutexW
GlobalMemoryStatusEx
FindResourceW
ResumeThread
CreateFileMappingW
IsWow64Process
MapViewOfFile
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
OutputDebugStringA
GetStartupInfoW
GetEnvironmentVariableW
lstrlenA
lstrcmpiA
lstrlenW
WideCharToMultiByte
GetVersionExA
GetLastError
LoadResource
EnterCriticalSection
OutputDebugStringW
LeaveCriticalSection
TerminateProcess
GetModuleFileNameW

gdi32

GetDeviceCaps
GetObjectW
SetTextColor
CreateFontIndirectW

user32

SetDlgItemTextW
GetSysColorBrush
ShowWindow
SendDlgItemMessageW
EndDialog
GetDlgItem
LoadIconW
IsDialogMessageW
TranslateMessage
KillTimer
PostMessageW
LoadImageW
PostQuitMessage
GetMessageW
SetTimer
DestroyWindow
GetWindowThreadProcessId
CopyRect
SetWindowPos
GetDesktopWindow
SystemParametersInfoW
BringWindowToTop
OffsetRect
SetForegroundWindow
GetWindowRect
CharToOemW
ExitWindowsEx
ReleaseDC
GetDC
CreateDialogParamW
SendMessageW
UpdateWindow
GetDlgCtrlID
UnregisterClassA
DispatchMessageW
CharNextW
FindWindowW
LoadStringW

msvcrt

_XcptFilter
_fileno
_read
__pioinfo
__badioinfo
wcstombs
iswctype
ferror
wctomb
_itoa
_snprintf
_iob
localeconv
isxdigit
calloc
malloc
__C_specific_handler
memset
free
_exit
_errno
_wcsicmp
_ismbblead
_cexit
exit
_acmdln
??2@YAPEAX_K@Z
_vsnwprintf
??_V@YAXPEAX@Z
??_U@YAPEAX_K@Z
iswdigit
_wtol
iswalpha
_wcsnicmp
wcschr
??3@YAXPEAX@Z
isleadbyte
__mb_cur_max
mbtowc
isdigit
_initterm
ungetc
?terminate@@YAXXZ
_isatty
_write
_lseeki64
??1type_info@@UEAA@XZ
_onexit
_lock
__dllonexit
_unlock
realloc
_CxxThrowException
memcpy
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
__getmainargs

comctl32

ord334
ord336
ord328
ord339
InitCommonControlsEx
ord332
ord329

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

ole32

CoInitializeEx
CoCreateInstance
CoSetProxyBlanket
CLSIDFromString
CoTaskMemFree
CoUninitialize

oleaut32

SysAllocString
SysStringLen
VariantClear
VariantInit
SysReAllocString
SysAllocStringLen
SysStringByteLen
SysFreeString

shell32

SHGetFolderPathW
CommandLineToArgvW
SHCreateDirectoryExW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shlwapi

PathIsRelativeW
SHDeleteKeyW
PathRemoveFileSpecW
PathIsDirectoryW
PathRemoveExtensionW
PathFindFileNameW
PathFileExistsW
PathFindExtensionW
SHRegSetUSValueW
ord388
SHGetValueW
ord158
PathStripPathW
StrChrW
SHRegGetUSValueW
SHRegGetValueW
PathIsFileSpecW
StrCmpNIW
SHSetValueW

uxtheme

IsThemeActive

crypt32

CertVerifyCertificateChainPolicy

wintrust

WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperProvDataFromStateData

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 970B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b6f3786e430fff2ba433fa928fef4f8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comctl32

ntdll

ole32

oleaut32

shell32

version

shlwapi

uxtheme

crypt32

wintrust

Sections

.text Size: 138KB - Virtual size: 138KB

.data Size: 4KB - Virtual size: 43KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 375KB - Virtual size: 375KB

.reloc Size: 1024B - Virtual size: 970B

.text
Size: 138KB - Virtual size: 138KB

.data
Size: 4KB - Virtual size: 43KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 375KB - Virtual size: 375KB

.reloc
Size: 1024B - Virtual size: 970B