30d78ce2bead30c321751eb198a76de2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

30d78ce2bead30c321751eb198a76de2_JaffaCakes118
Size

153KB
MD5

30d78ce2bead30c321751eb198a76de2
SHA1

28394bd4e9897afc397f8a1584d92c971b5d2a0a
SHA256

6ed840e497d03f3d14e6595689976a028d91f7d22408df08d970ea447809b105
SHA512

c71442ba716f0eae2b451d3b8f400c11e56fe55a36e6ed752f7ad962c11ff120b408e24970defce0d175b49735f1508cba6b2613153052502437a3a4263a41af
SSDEEP

3072:WMCsqy7xdQXGfu+F74+MoBpXFYWfUevQei:2sqy9de1g4UBBFDceZi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30d78ce2bead30c321751eb198a76de2_JaffaCakes118

Files

30d78ce2bead30c321751eb198a76de2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

32e347ab637592d027a568d77db348e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Buildserver2\TUU2010\Setup\TUStub\Release\TUStub.pdb

Imports

msi

ord160
ord141
ord113
ord16
ord169
ord88
ord92
ord8
ord118
ord70
ord159
ord32

comctl32

ImageList_Create
ImageList_Add
ord17
InitCommonControlsEx

kernel32

GetLocaleInfoW
GetProcAddress
GetModuleHandleW
GetVersionExW
lstrcpyW
lstrlenW
GetSystemDefaultLCID
GetUserDefaultLCID
GetWindowsDirectoryW
SetCurrentDirectoryW
CreateMutexW
GetCommandLineW
GetCurrentProcess
EnumResourceNamesW
WideCharToMultiByte
FormatMessageW
CreateFileW
MultiByteToWideChar
CloseHandle
LocalFree
FindResourceExW
GetTickCount
GetTempFileNameW
SizeofResource
LockResource
DeleteFileW
SetFilePointer
GetStringTypeW
GetStringTypeA
LCMapStringA
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
GetTempPathW
SetFileAttributesW
CreateDirectoryW
GetLastError
WriteFile
Sleep
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CreateFileA
FlushFileBuffers
LoadResource
InitializeCriticalSectionAndSpinCount
LoadLibraryA
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
HeapDestroy
HeapCreate
HeapReAlloc
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc

user32

SetWindowTextW
GetDlgItem
MessageBoxW
CharLowerBuffW
LoadBitmapW
DefWindowProcW
LoadIconW
LoadCursorW
RegisterClassExW
SendMessageW
ExitWindowsEx
DestroyWindow
GetSystemMetrics
ShowWindow
LoadStringW
DialogBoxParamW
EndDialog
IsDlgButtonChecked
SetFocus
UpdateWindow
InvalidateRect
GetDC
CreateWindowExW

gdi32

CreateFontW
GetDeviceCaps
GetStockObject
SetTextColor

advapi32

QueryServiceStatusEx
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
ControlService
CloseServiceHandle
StartServiceW
OpenServiceW
OpenSCManagerW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW
ShellExecuteExW

ole32

StringFromGUID2
CoCreateInstance
CoCreateGuid
IIDFromString
CoUninitialize
CoInitialize

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19.1MB - Virtual size: 19.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32e347ab637592d027a568d77db348e1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 107KB - Virtual size: 106KB

.rdata Size: 43KB - Virtual size: 42KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 19.1MB - Virtual size: 19.1MB

.reloc Size: 58KB - Virtual size: 58KB

.text
Size: 107KB - Virtual size: 106KB

.rdata
Size: 43KB - Virtual size: 42KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 19.1MB - Virtual size: 19.1MB

.reloc
Size: 58KB - Virtual size: 58KB