257081e318a61d610234f22dc5c28547_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

257081e318a61d610234f22dc5c28547_JaffaCakes118
Size

1.4MB
MD5

257081e318a61d610234f22dc5c28547
SHA1

ecc37d89b5b14087771df98f0639ec442e943f97
SHA256

3104813817e3f306d7c3f1d3414e053e6fc1852bc6911e836116f13cf4e131d2
SHA512

b8cacb7106588aa4eba718ceebf343d5d6f6304da04d79f8b009ba45a8a9318dd2ec304df59b4807175aba11025a731100296083430ab1e251ea870948271f39
SSDEEP

24576:3tUS8FhJyWahy4IeOgs6PRpP2Xtz+akQ0fSRP1eVJ7u4C7aU26oMv2E110hTeY4k:9b2udI1U5patz4fSqJ7I7agVv2DT+i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
257081e318a61d610234f22dc5c28547_JaffaCakes118

Files

257081e318a61d610234f22dc5c28547_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d6903c8104ba4c23d110bf554ebe5780

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tfs.vs2012\admin\windows\MAIN\Installer.Desktop.Application\ReleaseNoMFC\FreezeWrapWin.pdb

Imports

comctl32

InitCommonControlsEx
ImageList_Create
ImageList_Add

kernel32

GetFileAttributesW
FormatMessageW
LoadLibraryW
UnlockFileEx
LockFile
UnlockFile
InterlockedCompareExchange
UnmapViewOfFile
MapViewOfFile
GetTempPathW
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingA
GetDiskFreeSpaceA
GetFileAttributesExW
MultiByteToWideChar
GetPrivateProfileStringA
GetPrivateProfileIntA
CopyFileA
SystemTimeToFileTime
GetLocalTime
WritePrivateProfileStringA
WaitForSingleObject
CreateMutexA
ReleaseMutex
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
GetTickCount
GetCurrentThreadId
Sleep
GetLastError
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteFileW
AreFileApisANSI
CreateFileW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
RtlUnwind
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
WideCharToMultiByte
GetFullPathNameW
GetFileType
SetHandleCount
RaiseException
FormatMessageA
GetModuleHandleA
LocalAlloc
lstrlenA
LocalFree
BeginUpdateResourceA
HeapAlloc
GetProcessHeap
UpdateResourceA
HeapFree
EndUpdateResourceA
LoadLibraryA
EnumResourceNamesA
EnumResourceLanguagesA
FreeLibrary
LoadLibraryExA
GetUserDefaultUILanguage
GetTempPathA
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryA
GetSystemTime
GetTempFileNameA
DeleteFileA
RemoveDirectoryA
SetFileAttributesA
GetFileAttributesA
MoveFileA
GetModuleFileNameA
GetCurrentDirectoryA
GetFullPathNameA
GetLongPathNameA
CloseHandle
GetPrivateProfileSectionNamesA
CreateProcessA
OpenProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
TerminateProcess
GetExitCodeProcess
Module32First
Module32Next
GetProcAddress
GetCurrentProcessId
VirtualQuery
GetCurrentThread
GetCurrentProcess
CreateEventA
WaitForSingleObjectEx
ResetEvent
SetEvent
FileTimeToSystemTime
GetTimeZoneInformation
CreateFileA
GetFileTime
FileTimeToLocalFileTime
TzSpecificLocalTimeToSystemTime
GetFileSize
ReadFile
WriteFile
SetFilePointer
GetVersionExA
GetSystemInfo
GetWindowsDirectoryA
GetSystemDirectoryA
ExpandEnvironmentStringsA
GlobalMemoryStatus
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapReAlloc
HeapSize
GetModuleHandleW
ExitProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
ExitThread
CreateThread
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
HeapCreate
VirtualFree
VirtualAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW

user32

GetDesktopWindow
LoadCursorA
CreateWindowExA
GetClassInfoExA
RegisterClassExA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
CallWindowProcA
DefWindowProcA
LoadBitmapA
LoadImageA
SetCursor
ReleaseCapture
GetKeyboardState
CreatePopupMenu
DestroyMenu
AppendMenuA
TrackPopupMenu
WaitForInputIdle
SetDlgItemTextA
AdjustWindowRectEx
OffsetRect
SetClassLongA
GetDC
DrawIcon
ReleaseDC
GetMessagePos
FindWindowA
GetWindowTextA
GetSysColorBrush
GetSysColor
GetDlgCtrlID
EndPaint
BeginPaint
FrameRect
InflateRect
CopyRect
SendMessageW
GetDlgItem
EndDialog
CreateDialogParamA
DialogBoxParamA
GetWindowTextLengthA
SetWindowLongA
GetWindowLongA
PostMessageA
SendMessageA
LoadStringA
GetShellWindow
SystemParametersInfoA
GetSystemMetrics
EnumChildWindows
ScreenToClient
ClientToScreen
GetCursorPos
PostQuitMessage
SetWindowPos
SetTimer
GetClassNameA
FindWindowExA
LoadAcceleratorsA
DestroyWindow
MessageBoxA
MessageBoxExA
GetWindowThreadProcessId
IsWindowEnabled
EnumWindows
SetWindowTextA
ShowWindow
EnableWindow
SetForegroundWindow
UpdateWindow
LoadIconA
IsIconic
GetFocus
SetFocus
IsWindowVisible
InvalidateRgn
InvalidateRect
MoveWindow
GetClientRect
GetWindowRect
KillTimer
IsWindow

shell32

Shell_NotifyIconA
ShellExecuteExA
SHGetSpecialFolderPathA

ole32

CoInitializeEx
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoCreateGuid
StringFromGUID2
CoTaskMemFree
CoCreateInstance
OleInitialize
CoInitializeSecurity
OleUninitialize

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysStringLen
SysFreeString
SysAllocStringLen
SafeArrayDestroy

psapi

GetModuleFileNameExA
EnumProcesses

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

userenv

ExpandEnvironmentStringsForUserA

wininet

InternetReadFileExA
HttpAddRequestHeadersA
HttpSendRequestA
InternetSetOptionA
InternetErrorDlg
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetCombineUrlA
InternetGetCookieA
InternetSetCookieA
InternetCloseHandle
InternetOpenA
InternetSetStatusCallback
HttpQueryInfoA

shlwapi

PathIsDirectoryEmptyA
PathRenameExtensionA
PathStripPathA
PathRemoveFileSpecA
PathCombineA
UrlEscapeA
SHDeleteEmptyKeyA
PathFindExtensionA

urlmon

IsValidURL

gdi32

GetStockObject
PatBlt
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetBkColor
DeleteDC
BitBlt
SetWindowOrgEx
GetObjectA

advapi32

GetLengthSid
RegEnumValueA
RegEnumKeyExA
RevertToSelf
OpenProcessToken
GetTokenInformation
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
SetTokenInformation
LookupPrivilegeValueA
DuplicateTokenEx
ImpersonateLoggedOnUser
AdjustTokenPrivileges
RegOpenCurrentUser
RegOpenUserClassesRoot
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegQueryInfoKeyA

gdiplus

GdipSetCompositingMode
GdipDeleteGraphics
GdipCreateFromHDC

comdlg32

GetOpenFileNameA

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-ti
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-de
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-de
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-ti
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6903c8104ba4c23d110bf554ebe5780

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

shell32

ole32

oleaut32

psapi

version

userenv

wininet

shlwapi

urlmon

gdi32

advapi32

gdiplus

comdlg32

Sections

.text Size: 101KB - Virtual size: 100KB

.text-co Size: 7KB - Virtual size: 6KB

.text-co Size: 99KB - Virtual size: 98KB

.text-co Size: 129KB - Virtual size: 128KB

.text-co Size: 39KB - Virtual size: 38KB

.text-co Size: 58KB - Virtual size: 57KB

.text-co Size: 13KB - Virtual size: 13KB

.text-co Size: 252KB - Virtual size: 251KB

.text-co Size: 19KB - Virtual size: 19KB

.text-co Size: 13KB - Virtual size: 13KB

.text-co Size: 55KB - Virtual size: 55KB

.text-co Size: 38KB - Virtual size: 38KB

.text-co Size: 75KB - Virtual size: 75KB

.text-co Size: 12KB - Virtual size: 11KB

.text-co Size: 10KB - Virtual size: 10KB

.text-co Size: 25KB - Virtual size: 25KB

.text-ti Size: 41KB - Virtual size: 40KB

.text-co Size: 9KB - Virtual size: 9KB

.text-de Size: 86KB - Virtual size: 86KB

.rdata Size: 280KB - Virtual size: 280KB

.data Size: 14KB - Virtual size: 21KB

.data-de Size: 512B - Virtual size: 48B

.data-co Size: 512B - Virtual size: 176B

.data-co Size: 512B - Virtual size: 48B

.data-co Size: 512B - Virtual size: 48B

.data-co Size: 512B - Virtual size: 40B

.data-ti Size: 1KB - Virtual size: 1KB

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 68B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 44B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 80B

.data-co Size: 512B - Virtual size: 48B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 3KB - Virtual size: 2KB

.data-co Size: 512B - Virtual size: 12B

.rsrc Size: 215KB - Virtual size: 215KB

.text
Size: 101KB - Virtual size: 100KB

.text-co
Size: 7KB - Virtual size: 6KB

.text-co
Size: 99KB - Virtual size: 98KB

.text-co
Size: 129KB - Virtual size: 128KB

.text-co
Size: 39KB - Virtual size: 38KB

.text-co
Size: 58KB - Virtual size: 57KB

.text-co
Size: 13KB - Virtual size: 13KB

.text-co
Size: 252KB - Virtual size: 251KB

.text-co
Size: 19KB - Virtual size: 19KB

.text-co
Size: 13KB - Virtual size: 13KB

.text-co
Size: 55KB - Virtual size: 55KB

.text-co
Size: 38KB - Virtual size: 38KB

.text-co
Size: 75KB - Virtual size: 75KB

.text-co
Size: 12KB - Virtual size: 11KB

.text-co
Size: 10KB - Virtual size: 10KB

.text-co
Size: 25KB - Virtual size: 25KB

.text-ti
Size: 41KB - Virtual size: 40KB

.text-co
Size: 9KB - Virtual size: 9KB

.text-de
Size: 86KB - Virtual size: 86KB

.rdata
Size: 280KB - Virtual size: 280KB

.data
Size: 14KB - Virtual size: 21KB

.data-de
Size: 512B - Virtual size: 48B

.data-co
Size: 512B - Virtual size: 176B

.data-co
Size: 512B - Virtual size: 48B

.data-co
Size: 512B - Virtual size: 48B

.data-co
Size: 512B - Virtual size: 40B

.data-ti
Size: 1KB - Virtual size: 1KB

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 68B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 44B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 80B

.data-co
Size: 512B - Virtual size: 48B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 3KB - Virtual size: 2KB

.data-co
Size: 512B - Virtual size: 12B

.rsrc
Size: 215KB - Virtual size: 215KB