d97daec7ad15bb950cfd2a58f98ccf7f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d97daec7ad15bb950cfd2a58f98ccf7f_JaffaCakes118
Size

849KB
MD5

d97daec7ad15bb950cfd2a58f98ccf7f
SHA1

58ac347c7fead2b764131addc15853f7178adc66
SHA256

6a2008e41c5372251deba44234043a9c83914f64799869cdc89a4c124a231c0c
SHA512

ee4f2c931e793d0d162c860cd79d5e2217061b49896290ec06c699635b191066153391d8b4dcd96dfad3a33b12d22b79e2810e7be2b16c26818e58c339adb58f
SSDEEP

24576:dRznDIrQ9gfKuNSa6BcsR4GROdkOh8H/TZwsG+dr/jYyXXL:fnDIeeNSa6Bdqlks8fTZwQdrcMXL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d97daec7ad15bb950cfd2a58f98ccf7f_JaffaCakes118

Files

d97daec7ad15bb950cfd2a58f98ccf7f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ef1a9ee1203621b7508b3304e9fb03ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\PROJECTS\desktop.trunk\Release\yupdate-executor-en.pdb

Imports

kernel32

GetModuleFileNameW
MultiByteToWideChar
lstrlenW
RaiseException
GetProcAddress
EnterCriticalSection
lstrcmpiW
DeleteCriticalSection
WaitForSingleObject
GetCurrentThread
OpenProcess
GetVersionExW
TerminateProcess
CompareStringW
SetLastError
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
WideCharToMultiByte
CreateDirectoryW
Sleep
CreateMutexW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileAttributesExW
ReleaseMutex
MoveFileW
RemoveDirectoryW
SetEvent
LeaveCriticalSection
OpenEventW
DosDateTimeToFileTime
CreateFileA
SetFileTime
GetFileTime
LocalFileTimeToFileTime
ExpandEnvironmentStringsW
GetCommandLineW
CreateProcessW
FormatMessageA
FormatMessageW
LocalAlloc
WaitForMultipleObjects
FindFirstFileW
LoadLibraryW
FindClose
GetCurrentThreadId
CreateThread
CreateFileW
ReadFile
WriteFile
SetFilePointer
lstrlenA
GetDriveTypeA
SetEndOfFile
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
SizeofResource
InitializeCriticalSection
GetModuleHandleW
InterlockedIncrement
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
CopyFileW
InterlockedDecrement
DeleteFileW
LocalFree
CloseHandle
WTSGetActiveConsoleSessionId
GetLastError
GetProcessHeap
HeapFree
GetCurrentProcess
CreateEventW
HeapAlloc
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetCurrentDirectoryA
GetFullPathNameW
CreatePipe
GetFileAttributesA
GetModuleHandleA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
CreateDirectoryA
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
GetStartupInfoA
SetHandleCount
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
HeapSize
VirtualAlloc
VirtualFree
HeapCreate
CompareStringA
GetStringTypeW
LCMapStringA
LCMapStringW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetDateFormatA
GetTimeFormatA
GetDriveTypeW
FileTimeToLocalFileTime
DuplicateHandle
FindFirstFileA
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
CreateFileMappingA
FlushViewOfFile
GetSystemInfo
InterlockedCompareExchange
GetModuleFileNameA
VirtualQuery
GetExitCodeProcess
GetTempPathW
InterlockedExchange
GetLocaleInfoA
GetSystemTimeAsFileTime
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
ExitProcess
GetStartupInfoW
RtlUnwind
SetStdHandle
GetFileType
FlushFileBuffers
HeapReAlloc
CreateProcessA

user32

LoadStringW
MessageBoxW
PostThreadMessageW
CharNextW
CharUpperW
TranslateMessage
GetMessageW
GetSystemMetrics
DispatchMessageW

advapi32

GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenThreadToken
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
ConvertSidToStringSidW
LookupAccountNameW
GetTokenInformation
OpenProcessToken
RegOverridePredefKey

shell32

SHCreateDirectoryExW
CommandLineToArgvW
SHFileOperationW
ord680
SHGetSpecialFolderPathW

ole32

CoInitializeSecurity
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CLSIDFromString
CoInitialize
CoRevokeClassObject
CoRegisterClassObject
CLSIDFromProgID
StringFromCLSID
CoCreateGuid
CoUninitialize
CoCreateInstance
StringFromGUID2
OleRun

oleaut32

SysAllocString
VariantClear
VariantCopy
GetErrorInfo
SysAllocStringByteLen
VariantInit
VariantChangeType
SysStringByteLen
RegisterTypeLi
UnRegisterTypeLi
LoadRegTypeLi
VarUI4FromStr
LoadTypeLi
SysStringLen
SysFreeString

wtsapi32

WTSQuerySessionInformationW

secur32

GetUserNameExW

ws2_32

WSAGetLastError

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 584KB - Virtual size: 583KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 15KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rrdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ef1a9ee1203621b7508b3304e9fb03ba

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

wtsapi32

secur32

ws2_32

version

Sections

.text Size: 584KB - Virtual size: 583KB

.rdata Size: 121KB - Virtual size: 121KB

.data Size: 15KB - Virtual size: 24KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 41KB - Virtual size: 40KB

.rrdata Size: 72KB - Virtual size: 72KB

.text
Size: 584KB - Virtual size: 583KB

.rdata
Size: 121KB - Virtual size: 121KB

.data
Size: 15KB - Virtual size: 24KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 41KB - Virtual size: 40KB

.rrdata
Size: 72KB - Virtual size: 72KB