02b5fb8fcefb53465e797bc088fd0622_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

02b5fb8fcefb53465e797bc088fd0622_JaffaCakes118
Size

648KB
MD5

02b5fb8fcefb53465e797bc088fd0622
SHA1

08e86ecab5d1483ba29b704494800463242c97c5
SHA256

db71461ead84f94e1e3bdc0303435c4aaedb551edadc707c262f97291e756e6a
SHA512

a8ee9a8cf4e7e3fad4f076f111993bf528b3781711ffa82c6aff85ba4d9a238ca49dda5d5a84bc0c0ffeeddff6c1ede3adfacd78f939a125e8bb8acd98d32931
SSDEEP

12288:Lkg0AlRYZUR2rQ4HAqmcWZUbwGZKRrxteSWBokrGI:Lkg0AlRJR74g/ZZUbwGZyrxMtBo6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02b5fb8fcefb53465e797bc088fd0622_JaffaCakes118

Files

02b5fb8fcefb53465e797bc088fd0622_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6c8d6f16fedea7d1f409611e066c1a77

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

x:\Projects\ProductwiseToolbar\Sources\VS_Projects\Toolbar Installer\Release(PROD)\stb_installer.pdb

Imports

kernel32

CopyFileW
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
Process32NextW
CloseHandle
ExitThread
CreateThread
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
FlushInstructionCache
GetCurrentThreadId
GetLastError
lstrcmpiW
SetLastError
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
CreateMutexW
CreateDirectoryW
DeleteFileW
OpenProcess
CreateProcessW
CreateEventW
WaitForSingleObject
GetExitCodeProcess
TerminateProcess
FindFirstFileW
FindClose
OutputDebugStringW
DebugBreak
lstrlenA
InterlockedIncrement
InterlockedDecrement
Sleep
GetConsoleWindow
CreatePipe
CreateProcessA
SetHandleInformation
GetEnvironmentVariableA
CreateFileMappingA
GetOverlappedResult
GetProcessTimes
GetWindowsDirectoryA
GlobalMemoryStatus
GetThreadTimes
GetSystemTimeAdjustment
SetConsoleMode
FindFirstFileA
CreateEventA
lstrlenW
MultiByteToWideChar
FindNextFileA
ReleaseMutex
LocalAlloc
FindResourceA
GlobalAlloc
GlobalFree
GetSystemTime
GetVersionExW
LocalFree
GetLocalTime
UnmapViewOfFile
MapViewOfFile
lstrcpyW
GetFileSize
CreateFileW
ReadFile
GetTickCount
SetEvent
LoadLibraryA
GetModuleHandleA
GetTempPathW
LockResource
GetTempFileNameW
GetVersionExA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
WideCharToMultiByte
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
GetStartupInfoW
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
GetOEMCP
IsValidCodePage
HeapDestroy
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
GetTimeZoneInformation
SetEndOfFile
DeleteFileA

user32

CharNextW
wvsprintfW
LoadStringW
GetWindowLongW
SendMessageW
GetWindowTextW
SetWindowPos
InvalidateRect
ShowWindow
EnableWindow
SetWindowTextW
wsprintfW
UnregisterClassA
CopyImage
GetForegroundWindow
GetCapture
GetQueueStatus
GetClipboardOwner
SendMessageA
FindWindowA
GetDlgItem
MessageBoxW
GetActiveWindow
DialogBoxParamW
GetCursorPos
ClientToScreen
CreateWindowExW
IsMenu
GetSubMenu
SetMenuDefaultItem
TrackPopupMenu
RegisterClassExW
LoadCursorW
GetClassInfoExW
CallWindowProcW
KillTimer
SetTimer
IsWindow
DefWindowProcW
DestroyMenu
DestroyWindow
SetWindowLongW
EndPaint
BeginPaint
GetDC
EndDialog
DrawTextW
GetSystemMetrics
LoadImageW
DestroyIcon
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints

gdi32

DPtoLP
CreateBitmap
DeleteDC
GetDIBits
SetTextColor
SetBkMode
DeleteObject
GetObjectW
CreateCompatibleDC
SetBkColor
CreateCompatibleBitmap
BitBlt
SetMapMode
SelectObject
StretchBlt
GetMapMode

advapi32

CryptDestroyKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegCreateKeyExW
RegOpenKeyW
RegCloseKey
GetUserNameW
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegSetValueExA
CryptGetKeyParam
CryptDeriveKey
CryptEncrypt
CryptReleaseContext
CryptDecrypt
RegQueryValueExW
RegCreateKeyW
GetTokenInformation
RegCreateKeyA
RegQueryValueExA
RegOpenKeyA

shell32

ShellExecuteExW
Shell_NotifyIconW
SHGetFolderPathW

ole32

CreateStreamOnHGlobal
OleRun
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance

oleaut32

GetErrorInfo
SysFreeString
SysAllocString
VarUI4FromStr
OleLoadPicture
VariantClear

netapi32

NetLocalGroupGetMembers
NetApiBufferFree

shlwapi

PathSearchAndQualifyW

comctl32

InitCommonControlsEx

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExW

wininet

InternetOpenW
InternetCloseHandle
DeleteUrlCacheEntryW
InternetReadFile
InternetQueryDataAvailable
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
HttpQueryInfoW

urlmon

URLDownloadToFileW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 328KB - Virtual size: 327KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c8d6f16fedea7d1f409611e066c1a77

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

netapi32

shlwapi

comctl32

psapi

wininet

urlmon

version

Sections

.text Size: 328KB - Virtual size: 327KB

.rdata Size: 100KB - Virtual size: 98KB

.data Size: 12KB - Virtual size: 30KB

.rsrc Size: 204KB - Virtual size: 201KB

.text
Size: 328KB - Virtual size: 327KB

.rdata
Size: 100KB - Virtual size: 98KB

.data
Size: 12KB - Virtual size: 30KB

.rsrc
Size: 204KB - Virtual size: 201KB