3dd81e3427f5a73d7fc7a9bae3a9b390_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3dd81e3427f5a73d7fc7a9bae3a9b390_JaffaCakes118
Size

196KB
MD5

3dd81e3427f5a73d7fc7a9bae3a9b390
SHA1

32f9e7aa7c94f7089277da6a3650fc2d189e3207
SHA256

e8a671f159ff3542739075f0f4ff060090b2f075272982cb9c2f4637458afbb5
SHA512

be72938c8907e04403b139ce916df58d70bdd03282a7bc91cac8427ccc53450e2b0f06178412e73919620420422f1ba9ae840a2c890ba544972cf88eafd67861
SSDEEP

3072:yCwjBObvw4/HI1DtTqfcFQYFfILXFNsKBC5CH+xF7vCww95YeoLoSqtIzp:yCxbnI1OYBI7F7BC564ubYe5t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3dd81e3427f5a73d7fc7a9bae3a9b390_JaffaCakes118

Files

3dd81e3427f5a73d7fc7a9bae3a9b390_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f4a56752101113afb3fdb96bb290005f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

y:\NANKING_5.1\CMPC\RunImage\win32\release\InstHelpApp.pdb

Imports

rpcrt4

UuidCreate

kernel32

VirtualAlloc
RtlUnwind
HeapSize
HeapReAlloc
GetLocaleInfoA
GetVersion
CreateToolhelp32Snapshot
GetPrivateProfileStringW
FindNextFileW
GetProcessHeap
WritePrivateProfileStringW
GetTickCount
OutputDebugStringW
Process32NextW
CreateFileW
WaitForSingleObject
GetModuleFileNameW
HeapFree
GetVersionExW
MoveFileExW
HeapAlloc
Process32FirstW
Sleep
FreeLibrary
SetEndOfFile
FindClose
LoadLibraryW
GetSystemDirectoryW
FindFirstFileW
OpenProcess
LocalFree
GetProcAddress
WriteFile
CloseHandle
FormatMessageW
GetLastError
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetFileAttributesW
GetModuleHandleA
ExitProcess
GetVersionExA
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
MultiByteToWideChar
LCMapStringA
WideCharToMultiByte
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA

user32

LoadStringW
ChangeDisplaySettingsW
wsprintfW
PostMessageW
GetWindowTextW
EnableWindow
GetClassNameW
FindWindowW
GetDlgItem
GetWindowThreadProcessId
EnumWindows
MessageBoxW

advapi32

StartServiceW
RegOpenKeyW
RegCreateKeyW
BuildExplicitAccessWithNameW
RegOpenKeyExW
SetNamedSecurityInfoW
OpenServiceW
SetEntriesInAclW
RegDeleteKeyW
QueryServiceStatusEx
RegQueryValueExW
OpenSCManagerW
CloseServiceHandle
RegDeleteValueW
GetNamedSecurityInfoW
RegSetValueExW
CreateServiceW
RegCreateKeyExW
RegCreateKeyA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

shell32

SHGetPathFromIDListW
ShellExecuteW
SHGetSpecialFolderLocation
SHFileOperationW

ole32

CoInitialize
CoUninitialize

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wfgozpy
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f4a56752101113afb3fdb96bb290005f

Headers

File Characteristics

PDB Paths

Imports

rpcrt4

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 32KB - Virtual size: 32KB

wfgozpy Size: - Virtual size: 4KB

 Size: 92KB - Virtual size: 92KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 32KB - Virtual size: 32KB

wfgozpy
Size: - Virtual size: 4KB

Size: 92KB - Virtual size: 92KB