389a1e2a720ffd68cc81af10ef5f946f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

389a1e2a720ffd68cc81af10ef5f946f_JaffaCakes118
Size

132KB
MD5

389a1e2a720ffd68cc81af10ef5f946f
SHA1

2c345bee5a2457f048c748e3fcb19071630f7e61
SHA256

e0738e82b338778f1bb0e53291ab661a99b7a4659fb68b7941fb3d4fa64a298d
SHA512

38cf8d8b83df5084420dd034bb06b587aa0d46af76416ad2f1ee511c1c5d268943a3def34df63a97faa27fae6041d770516015869c9d96bad638bf01b1a7df97
SSDEEP

1536:V6qc9ezG6EpfWTYRp66oWU30U90tL1PB9DyT5wKxSrOql38Q7L0u8KvwjgUnfRvw:Vm90GJwYbaaL1GT5YH7z4PJv4JtJlXZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
389a1e2a720ffd68cc81af10ef5f946f_JaffaCakes118

Files

389a1e2a720ffd68cc81af10ef5f946f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3a6f2c7d0b9e0353d1bd7baabce98c9b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\K\DirectRevenue\DrClients\Thinstaller\Release\Thinstaller.pdb

Imports

wininet

HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetConnectA
InternetOpenA
InternetReadFile
InternetQueryDataAvailable
InternetOpenUrlA
InternetGetConnectedState
InternetGetCookieA
InternetCloseHandle

setupapi

SetupIterateCabinetA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InterlockedIncrement
GetProcAddress
GetModuleHandleA
InterlockedDecrement
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
LocalAlloc
lstrlenA
FormatMessageA
CloseHandle
WriteFile
SetFilePointer
GetLastError
CreateFileA
CreateProcessA
WaitForSingleObject
lstrcpyA
lstrcatA
CreateDirectoryA
GetTempFileNameA
GetTempPathA
GetEnvironmentStringsW
WritePrivateProfileSectionA
RemoveDirectoryA
WritePrivateProfileStringA
GetShortPathNameA
DeleteFileA
LoadLibraryA
TerminateProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
LocalFree
GetModuleFileNameA
GetCurrentProcess
GetCurrentThread
LockResource
LoadResource
SizeofResource
FindResourceA
Sleep
MultiByteToWideChar
WideCharToMultiByte
UnhandledExceptionFilter
GetStdHandle
SetUnhandledExceptionFilter
GetSystemInfo
SetHandleCount
GetFileType
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
SetEnvironmentVariableA
SetEndOfFile
ReadFile
CompareStringA
CompareStringW
GetTickCount
VirtualProtect
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
HeapSize
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
VirtualQuery
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
HeapReAlloc
HeapAlloc
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
GetDateFormatA
GetTimeFormatA
HeapFree
ExitProcess
RtlUnwind
GetComputerNameA

user32

GetActiveWindow
wsprintfA

advapi32

FreeSid
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
RegEnumValueA
RegEnumKeyA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA

shell32

FindExecutableA

ole32

CoCreateGuid
StringFromGUID2
CoInitialize
OleRun
CoCreateInstance
CreateStreamOnHGlobal
CoUninitialize

oleaut32

GetErrorInfo
VariantClear
VariantChangeType
VariantCopy
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString
SysStringLen

netapi32

Netbios

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a6f2c7d0b9e0353d1bd7baabce98c9b

Headers

File Characteristics

PDB Paths

Imports

wininet

setupapi

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

netapi32

Sections

.text Size: 92KB - Virtual size: 88KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 92KB - Virtual size: 88KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 1KB