ff3422000442fe94af6fd3e6a660a4b3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ff3422000442fe94af6fd3e6a660a4b3_JaffaCakes118
Size

115KB
MD5

ff3422000442fe94af6fd3e6a660a4b3
SHA1

6226c6d68aea2df19393f198b68ca69d187e5f6b
SHA256

2d7f013f7b2425c8fa155ffd5f480af7610de17896db8a953e2083a58a719fe2
SHA512

23204c8ea5608c455ca5d559daaec4936382cf203c7126e443913f740856806ffd7270b576ba55b1e4bfb5744191f9557d15b43fd236badaf2e9a11300499ec5
SSDEEP

3072:BPlAfVgqXW240Qub59//8esGxebqVwlQjEW:Bc/G24D09//NV1b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff3422000442fe94af6fd3e6a660a4b3_JaffaCakes118

Files

ff3422000442fe94af6fd3e6a660a4b3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7d87d810fd60416a3b11cf3bbcb2b1c6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\projects\Client\bin\release\ClientInstaller\Zango\ClientInstaller.pdb

Imports

setupapi

SetupIterateCabinetA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

GetEnvironmentVariableW
FindResourceA
lstrlenA
GetLocaleInfoA
LoadResource
InitializeCriticalSection
FindResourceExA
WideCharToMultiByte
SizeofResource
GetStringTypeExW
GetEnvironmentVariableA
CompareStringW
GetACP
MultiByteToWideChar
lstrlenW
RaiseException
GetStringTypeExA
InterlockedExchange
GetLastError
lstrcmpiA
GetThreadLocale
LockResource
lstrcmpiW
CompareStringA
DeleteCriticalSection
GetVersionExA
GetVersion
lstrcpyA
SetFileAttributesA
CreateFileA
FreeResource
FlushFileBuffers
WriteFile
CreateDirectoryA
SetLastError
CloseHandle
DeleteFileA
GlobalDeleteAtom
FreeLibrary
GlobalAddAtomA
GetProcAddress
LoadLibraryA
GetModuleFileNameA
LoadLibraryExA
GetTempPathA
GetFileSize
SetFilePointer
ReadFile
CopyFileA
GetTempFileNameA
OpenProcess
GetModuleHandleA
GetTimeZoneInformation
SetConsoleCtrlHandler
SetStdHandle
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetLocaleInfoW
SetEnvironmentVariableA
IsBadCodePtr
SetUnhandledExceptionFilter
IsBadReadPtr
GetWindowsDirectoryA
GetStringTypeW
GetStringTypeA
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapCreate
VirtualFree
FatalAppExitA
IsBadWritePtr
TerminateProcess
GetCurrentProcess
GetOEMCP
GetCPInfo
TlsAlloc
GetCurrentThreadId
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
LCMapStringA
LCMapStringW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter

user32

PostMessageA
FindWindowA
MessageBoxA
CharLowerW
CharLowerA
UnregisterClassA
CharUpperW
CharUpperA

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

oleaut32

SysAllocStringLen
SysFreeString

shlwapi

PathFileExistsA
StrToIntA

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 488KB - Virtual size: 485KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d87d810fd60416a3b11cf3bbcb2b1c6

Headers

File Characteristics

PDB Paths

Imports

setupapi

version

kernel32

user32

advapi32

oleaut32

shlwapi

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 488KB - Virtual size: 485KB

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 488KB - Virtual size: 485KB