55e52cb6e47d3c55a0a909a83c9ce73d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

55e52cb6e47d3c55a0a909a83c9ce73d_JaffaCakes118
Size

517KB
MD5

55e52cb6e47d3c55a0a909a83c9ce73d
SHA1

d99d76f0ffc20a1df785a499faeb4aa75ef14e0d
SHA256

e221d0090709a02fed987eb9fcd1c8292d6e588eb751a27a81fade88d5e88e0a
SHA512

f3c7fe4a4318b24262f71daba007a07fa7c08120a47d6536d395fd8f7970aa1440170d5960eb88609f800c9c4768a7bf1effb961000e9ec7bbade43fd7d5d0d7
SSDEEP

12288:9YNAEagJirIcPdf8vvHhnqnjy/GggCof14gbzQTp6rWE1:9V18vvBnsjwgCof14ggV6rB1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
55e52cb6e47d3c55a0a909a83c9ce73d_JaffaCakes118

Files

55e52cb6e47d3c55a0a909a83c9ce73d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

948979b925746faec30abb0dacfe498e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\buildslave\steam_rel_client_hotfix_win32\build\src\steamservicehost\Release\SteamServiceHost.pdb

Imports

shlwapi

SHDeleteKeyA
SHStrDupW
SHDeleteKeyW

shell32

SHGetFolderPathA
ShellExecuteA
SHGetMalloc
SHGetSpecialFolderPathA

kernel32

Sleep
GetTickCount
LocalFree
InterlockedDecrement
GetVersionExA
GetCurrentProcess
SetFileAttributesA
SetLastError
MoveFileExA
CopyFileA
FindClose
FindNextFileA
FindFirstFileA
OpenProcess
GetFullPathNameW
GlobalUnlock
GlobalAlloc
GlobalLock
InterlockedIncrement
ExpandEnvironmentStringsA
WriteFile
CreateFileA
DeviceIoControl
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThread
GetCurrentDirectoryW
GetStringTypeW
MultiByteToWideChar
TerminateProcess
GetFileAttributesW
CreateFileW
GetFileSize
ReadFile
GetConsoleWindow
GetCommandLineA
SetConsoleTitleA
SetConsoleCtrlHandler
LoadLibraryA
FreeLibrary
GetFileAttributesExA
lstrlenA
DeleteFileA
RemoveDirectoryA
CreateDirectoryA
GetModuleFileNameA
GetFileAttributesA
OutputDebugStringA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
GetLastError
GetEnvironmentStrings
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
CloseHandle
GetModuleHandleA
GetProcAddress
VirtualQuery
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
LCMapStringW
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapReAlloc
HeapCreate
GetDriveTypeW
HeapSetInformation
GetSystemTimeAsFileTime
GetModuleHandleW
GetStdHandle
WideCharToMultiByte
GetCurrentThreadId
FlushFileBuffers
CreateDirectoryW
SetEndOfFile
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
VirtualAlloc
GetProcessHeap
HeapUnlock
HeapWalk
HeapLock
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
GetCurrentProcessId
GetExitCodeThread
OpenThread
GetThreadPriority
SetThreadAffinityMask
RaiseException
SetEvent
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
LoadLibraryW
LoadLibraryExW
InterlockedExchange
DebugBreak
InterlockedCompareExchange
VirtualFree
VirtualProtect
HeapQueryInformation
GetProcessHeaps
HeapFree
HeapAlloc
HeapValidate
InterlockedExchangeAdd
HeapSize
GetSystemInfo
GetProcessAffinityMask
SetProcessAffinityMask
RtlUnwind
GetLocalTime

user32

ShowWindow
MessageBoxA
DialogBoxParamA
EnumWindows
GetWindowThreadProcessId
GetDlgItemInt
EndDialog
OpenClipboard
EmptyClipboard
GetDlgItem
GetWindowTextLengthA
IsWindowVisible
SetWindowPos
GetDesktopWindow
GetWindowRect
SetDlgItemInt
SetDlgItemTextA
CloseClipboard
SetClipboardData
wsprintfA

advapi32

StartServiceCtrlDispatcherA
RegOpenKeyExW
RegEnumKeyExW
OpenProcessToken
SetNamedSecurityInfoA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegisterServiceCtrlHandlerA
SetServiceStatus
DeleteService
QueryServiceObjectSecurity
GetSecurityDescriptorDacl
ConvertStringSidToSidA
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetServiceObjectSecurity
CreateServiceA
ChangeServiceConfigA
ChangeServiceConfig2A
StartServiceA
QueryServiceStatus
ControlService
QueryServiceStatusEx
OpenServiceA
OpenSCManagerA
CloseServiceHandle
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

PropVariantClear
CoInitialize
CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysFreeString
SysAllocString
VariantClear

Exports

Exports

g_dwDllEntryThreadId

Sections

.text
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 447KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

948979b925746faec30abb0dacfe498e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

shell32

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 337KB - Virtual size: 336KB

.rdata Size: 86KB - Virtual size: 86KB

.data Size: 13KB - Virtual size: 447KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 70KB - Virtual size: 70KB

.text
Size: 337KB - Virtual size: 336KB

.rdata
Size: 86KB - Virtual size: 86KB

.data
Size: 13KB - Virtual size: 447KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 70KB - Virtual size: 70KB