308ed22d19afb9954afd3826435f3a76_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

308ed22d19afb9954afd3826435f3a76_JaffaCakes118
Size

9.4MB
MD5

308ed22d19afb9954afd3826435f3a76
SHA1

35898aadc128e9376662d86e5ed3dc9846536261
SHA256

4354311862e7bdb9116f617200a7376c8962123f0c62f97b8e0725239340d7d6
SHA512

8d154a5ef3465ba4916514eb08789c970fc5b853131f34e619d9a08217ef17b1cbed0de3aff640314968acd0d09497b22fb6a5289632e82567177f96f1331423
SSDEEP

196608:QxNVuKmtL6MLHA2SQ56CiWraAj/uoEzpL2gdEM5Jno:l6MLg2PiqE1drK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/SkypeSetup.exe

Files

308ed22d19afb9954afd3826435f3a76_JaffaCakes118
.zip
SkypeSetup.zip
.zip
SkypeSetup.exe
.exe windows:4 windows x86 arch:x86

6b4c61d0923c1aecbfcddabeea5db9e6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
FreeLibrary
VirtualFree
LocalAlloc
GetModuleFileNameA
GetFileType
GetCurrentThreadId
GetCurrentProcess
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetLocaleInfoA
GetStdHandle
LoadLibraryExW
GetStringTypeA
UnhandledExceptionFilter
TerminateProcess
InterlockedIncrement
GetProcessHeap
CreateThread
CloseHandle
GetACP
LeaveCriticalSection
AddAtomW
GetCurrentProcessId
CreateEventA
GetCommandLineW
CreateEventW
HeapCreate
ExitProcess
VirtualQueryEx
_lopen
GetTickCount
GetSystemTimeAsFileTime

user32

SetFocus
SystemParametersInfoW
GetDC
IsIconic
LoadIconW
UnregisterClassA
IsWindowVisible
SetForegroundWindow
GetSystemMetrics
MapWindowPoints
UpdateWindow
CopyRect
KillTimer
PostMessageW
DialogBoxParamW
RegisterWindowMessageW
GetDlgCtrlID
CreateWindowExA
EqualRect
DrawFocusRect
DestroyMenu

gdi32

GetTextColor
Escape
CreateMetaFileA
CreatePalette
GetCurrentPositionEx
SetWindowExtEx
GetCurrentObject
SetMapMode
GetWindowExtEx

advapi32

AllocateAndInitializeSid
CopySid
RegSetValueExA
ImpersonateLoggedOnUser
QueryServiceConfigW
GetUserNameA
LookupPrivilegeValueW
CheckTokenMembership
CryptExportKey
RegDeleteValueA
StartServiceW

msvcrt

_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_except_handler3
_controlfp
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
__setusermatherr

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 142KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b4c61d0923c1aecbfcddabeea5db9e6

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcrt

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.rdata Size: 142KB - Virtual size: 156KB

.xdata Size: 512B - Virtual size: 100B

.tls Size: 1024B - Virtual size: 3KB

.rsrc Size: 318KB - Virtual size: 317KB

.text
Size: 4.1MB - Virtual size: 4.1MB

.rdata
Size: 142KB - Virtual size: 156KB

.xdata
Size: 512B - Virtual size: 100B

.tls
Size: 1024B - Virtual size: 3KB

.rsrc
Size: 318KB - Virtual size: 317KB