06cb75178a3256993c534a6e7afe98fb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

06cb75178a3256993c534a6e7afe98fb_JaffaCakes118
Size

1.7MB
MD5

06cb75178a3256993c534a6e7afe98fb
SHA1

15de61e6208f5e5bda61dad92a07bafad219fd26
SHA256

58d326936a064a85262177e4e43aa5fc41fcd57d078286a6578bb5dafdd5b61d
SHA512

41c3ef5a90ff3707f53f19b79b7b0d0bdaa7827b813e26a852bf97b76d3f76fb18701716c2fec2eec524a8b99aa5136de1fe8f79fc72dbcfd4b9402d8ee666fc
SSDEEP

12288:cqkXu92XT45u8MijsMn7qddMymjxvXx+QdLCWDAHmEmhlkuQTvfTHf/P+qs9yqLU:KcFdjgfMXjxvXpCWDHEmh2umD/P+qpq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06cb75178a3256993c534a6e7afe98fb_JaffaCakes118

Files

06cb75178a3256993c534a6e7afe98fb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b5b455b4ecb0a0d31f202d82265646da

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Source\Octane\installers\NeroInstaller\redist\x86\SetupX.pdb

Imports

kernel32

TlsFree
GlobalFlags
InterlockedIncrement
GetCPInfo
GetOEMCP
SetErrorMode
GetTickCount
HeapFree
HeapAlloc
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
ExitProcess
RtlUnwind
HeapReAlloc
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
TerminateProcess
SetStdHandle
GetFileType
LocalReAlloc
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStringTypeA
GetStringTypeW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetCurrentProcessId
SetUnhandledExceptionFilter
GetTimeZoneInformation
IsBadCodePtr
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetEnvironmentVariableA
GetLocaleInfoW
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetFileSize
FileTimeToLocalFileTime
FileTimeToSystemTime
VirtualProtect
GlobalGetAtomNameA
lstrcmpW
InterlockedDecrement
WritePrivateProfileStringA
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
lstrcpynA
GetCurrentThreadId
GlobalDeleteAtom
GlobalAddAtomA
GlobalFindAtomA
GetCurrentDirectoryA
GetDriveTypeA
GetFileTime
CreateFileA
GetCurrentProcess
GetLongPathNameA
GetTempPathA
SetFileAttributesA
CreateDirectoryA
GetSystemDirectoryA
SetLastError
FindClose
GetUserDefaultLCID
GetSystemDefaultLangID
FreeResource
lstrcatA
WinExec
CreateProcessA
GetFileAttributesA
GetUserDefaultLangID
GetModuleHandleA
GetWindowsDirectoryA
lstrcpyA
IsBadReadPtr
LeaveCriticalSection
EnterCriticalSection
FormatMessageA
LocalFree
SetThreadLocale
GetModuleFileNameA
GetVersion
DeleteCriticalSection
CompareStringA
lstrcmpiA
RaiseException
lstrlenW
CompareStringW
InitializeCriticalSection
lstrlenA
MultiByteToWideChar
CopyFileA
MoveFileA
WaitForSingleObject
DeleteFileA
OutputDebugStringA
Sleep
CloseHandle
GetLastError
CreateMutexA
GetCommandLineA
FindFirstFileA
FreeLibrary
GetProcAddress
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapSize
LoadLibraryA

user32

DestroyMenu
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
IsRectEmpty
CharNextA
WindowFromPoint
MoveWindow
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
RegisterWindowMessageA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetForegroundWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetMenu
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
CallWindowProcA
IntersectRect
GetWindowPlacement
CopyRect
GetLastActivePopup
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
PeekMessageA
ValidateRect
ModifyMenuA
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowContextHelpId
SetWindowPos
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
GetDlgItem
GetNextDlgTabItem
EndDialog
DispatchMessageA
TranslateMessage
GetWindowTextLengthA
GetMessageA
UpdateWindow
ShowWindow
DefWindowProcA
PostQuitMessage
SetFocus
CreateWindowExA
GetClassInfoExA
SetForegroundWindow
BringWindowToTop
DrawIcon
IsIconic
wsprintfA
LoadIconA
ExitWindowsEx
FindWindowA
GetTopWindow
SetWindowTextA
WaitForInputIdle
GetDesktopWindow
GetDlgCtrlID
GetWindowLongA
GetClassNameA
GetWindowTextA
IsWindowEnabled
IsDialogMessageA
IsWindowVisible
MapDialogRect
GetWindow
KillTimer
GetCursorPos
SetWindowLongA
SetTimer
PostThreadMessageA
MessageBeep
CopyIcon
DrawTextA
DrawFocusRect
DestroyCursor
SetCursor
RedrawWindow
GetWindowRect
InflateRect
SetRectEmpty
PtInRect
MessageBoxA
GetKeyState
WinHelpA
GetParent
RegisterClipboardFormatA
SetMenuItemBitmaps
IsChild
GetFocus
ScreenToClient
PostMessageA
SendMessageA
GetSystemMetrics
SystemParametersInfoA
GetSysColor
EnableWindow
ReleaseCapture
GetSysColorBrush
LoadCursorA
IsWindow
DestroyWindow
SetCapture
InvalidateRect
ReleaseDC
GetDC
GetClientRect
OffsetRect
SetRect
CharUpperA
UnregisterClassA
EnableMenuItem

gdi32

GetRgnBox
GetMapMode
CreateRectRgnIndirect
GetWindowExtEx
GetViewportExtEx
GetTextColor
GetBkColor
CreateSolidBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
RectVisible
PtVisible
CreateFontIndirectA
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
DeleteObject
SelectObject
GetTextExtentPointA
SetTextJustification
TextOutA
GetStockObject
GetObjectA
GetTextExtentPoint32A
CreateFontA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegEnumKeyA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegEnumKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegCloseKey
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumValueA

shell32

ord680
SHFileOperationA
ShellExecuteA

comctl32

ord17

shlwapi

PathFileExistsA
PathIsDirectoryA
SHCopyKeyA
SHDeleteKeyA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize

oleaut32

OleCreateFontIndirect
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
SysAllocStringByteLen
SysStringLen
SystemTimeToVariantTime
VarBstrFromDate
SysAllocStringLen
SysFreeString
VariantClear
SysAllocString

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

msi

ord8
ord124
ord103
ord17

Sections

.text
Size: 340KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5b455b4ecb0a0d31f202d82265646da

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

version

msi

Sections

.text Size: 340KB - Virtual size: 336KB

.rdata Size: 88KB - Virtual size: 85KB

.data Size: 84KB - Virtual size: 97KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 340KB - Virtual size: 336KB

.rdata
Size: 88KB - Virtual size: 85KB

.data
Size: 84KB - Virtual size: 97KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB