0dff9204ad6b438bbcd3f199f1339cb0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0dff9204ad6b438bbcd3f199f1339cb0_JaffaCakes118
Size

380KB
MD5

0dff9204ad6b438bbcd3f199f1339cb0
SHA1

a62005786cd1fb3e307963d8aa7fdad1ef130a65
SHA256

deb42dc2737b990d0d3e93241edfc1b5a3157fff7a700fef5c64af35d2be4402
SHA512

ff7a4d320ff8d7720d714bae33300973ae4467f5506681f1514a1b61c5c779888d7b43daebd0d4d2b2df109bd1c0e1c14d3e20b161cbca259282c10d61ce858d
SSDEEP

6144:WP7o0/vgabVW9iN4tPrmq+E3viZZ5Y/b7+H9UAit/luSQMbNs:8o0XlVWMqj7vIZ5YMUAK/vQyq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dff9204ad6b438bbcd3f199f1339cb0_JaffaCakes118

Files

0dff9204ad6b438bbcd3f199f1339cb0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2128d30f4f438ec73eeb6e08f5f5fc24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\BuildSystem\Node\MCINST_LI4110_6337483581497.Build\build\Win32\Release\mcinst.pdb

Imports

wintrust

WinVerifyTrust

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

CopyFileA
GetLongPathNameA
GetModuleFileNameA
GetTempPathA
SetFileAttributesA
GetFileAttributesA
WriteFile
ReadFile
GetFileSize
GetWindowsDirectoryA
WideCharToMultiByte
GetShortPathNameW
CopyFileW
GetTempFileNameW
MoveFileExW
SetFileAttributesW
GetVersionExW
RemoveDirectoryW
FindNextFileW
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
MultiByteToWideChar
GetLocalTime
OutputDebugStringA
InterlockedIncrement
InterlockedDecrement
SetThreadPriority
GetCurrentThread
LeaveCriticalSection
GetSystemDirectoryA
EnterCriticalSection
LocalAlloc
FindNextFileA
SearchPathA
lstrlenW
ResumeThread
SuspendThread
GetCurrentProcess
SetPriorityClass
GetThreadTimes
lstrcmpiA
CreateThread
DuplicateHandle
CreateEventA
LocalFree
SetEvent
GetCurrentProcessId
InterlockedExchange
FindFirstFileA
LockResource
LoadResource
FindResourceA
FindResourceExA
GetSystemInfo
GetEnvironmentVariableA
Sleep
ExpandEnvironmentStringsA
SetEnvironmentVariableA
GetTempFileNameA
CreateDirectoryA
GlobalFree
GlobalAlloc
lstrcpynA
MoveFileExA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetLastError
IsBadReadPtr
SystemTimeToFileTime
GetStringTypeW
GetStringTypeA
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
VirtualFree
HeapCreate
LCMapStringW
LCMapStringA
GetCurrentThreadId
CreateProcessA
GetExitCodeProcess
DeleteFileA
MoveFileA
GetPrivateProfileSectionNamesA
CreateMutexA
WaitForSingleObject
GetProcessHeap
HeapAlloc
GetPrivateProfileSectionA
WritePrivateProfileStringA
lstrlenA
HeapFree
ReleaseMutex
RemoveDirectoryA
GetShortPathNameA
CreateFileA
SetFilePointer
FlushFileBuffers
CloseHandle
FindFirstFileW
GetLastError
FindClose
GetFileAttributesW
LoadLibraryA
GetProcAddress
GetThreadLocale
GetLocaleInfoA
GetACP
FreeLibrary
DeleteCriticalSection
GetVersionExA
InitializeCriticalSection
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SizeofResource
TlsFree
TlsSetValue
GetConsoleMode
GetConsoleCP
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetCPInfo
GetStartupInfoA
GetCommandLineA
RaiseException
HeapDestroy
HeapReAlloc
HeapSize
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetModuleHandleA
ExitProcess
VirtualAlloc

user32

LoadStringA
PostThreadMessageA
RegisterClassA
CreateWindowExA
SetWindowRgn
ShowWindow
GetMessageA
UnregisterClassA
DispatchMessageA
DefWindowProcA
CharNextA
wsprintfA
TranslateMessage

advapi32

RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyA
RegQueryInfoKeyA
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
LockServiceDatabase
ChangeServiceConfigA
UnlockServiceDatabase
ControlService
QueryServiceStatus
QueryServiceConfig2A
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
ChangeServiceConfig2A
RegEnumKeyExA
GetSecurityDescriptorControl
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegDeleteValueA
OpenSCManagerA
EnumServicesStatusExA
CloseServiceHandle
OpenServiceA
QueryServiceConfigA
DeleteService
CreateServiceA
RegEnumValueA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExW

shell32

SHGetFolderPathA

ole32

CoUninitialize
CoCreateGuid
CoInitialize
CoTaskMemFree
StringFromCLSID

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString

shlwapi

PathAppendA
PathRemoveFileSpecA
SHDeleteValueA

Sections

.text
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2128d30f4f438ec73eeb6e08f5f5fc24

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wintrust

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 206KB - Virtual size: 205KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 27KB - Virtual size: 26KB

.trdata Size: 72KB - Virtual size: 72KB

.text
Size: 206KB - Virtual size: 205KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 27KB - Virtual size: 26KB

.trdata
Size: 72KB - Virtual size: 72KB