e91974b96449dadf2c18e41c7e259189_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e91974b96449dadf2c18e41c7e259189_JaffaCakes118
Size

924KB
MD5

e91974b96449dadf2c18e41c7e259189
SHA1

08ee9dd9f046c0db70e14fae0e348f88983fc896
SHA256

172226d0aa7ecbe277f6b7f2baecc12f2a13e038054c1df2d05cef76970e332f
SHA512

f2fc6088060be86cf77a42f459d26b9e6069252a24347f530e6261b4d8e87c3e7197695f3520a640d4212e79f7bbf16ebf5f3c50908112bb5e4b93a6765c165d
SSDEEP

12288:LnJcI2fLcSsZaFcWpiFbQbpIpYVwj8xVVoS0tSW:j+dYVZE0lQpIpYVwEVVoS05

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e91974b96449dadf2c18e41c7e259189_JaffaCakes118

Files

e91974b96449dadf2c18e41c7e259189_JaffaCakes118
.exe windows:5 windows x86 arch:x86

da4720762ebc28cb497ab27780a8e399

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\dnsrv\Multimedia\DMD\crescent\bin\obj\i386\setup_wm.pdb

Imports

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetEvent
EnterCriticalSection
LeaveCriticalSection
ResetEvent
DeleteCriticalSection
CreateEventW
WaitForSingleObject
InitializeCriticalSection
LoadLibraryExW
FreeLibrary
LoadLibraryW
GetProcAddress
CreateMutexW
ReleaseMutex
MoveFileExW
GetModuleFileNameA
FindFirstFileA
FindClose
CreateFileA
ReadFile
GetWindowsDirectoryW
CopyFileW
DeleteFileW
GetTempPathW
GetSystemWindowsDirectoryW
GetSystemDirectoryW
GetCurrentDirectoryW
CreateFileW
MoveFileW
GetModuleFileNameW
GetCommandLineW
lstrcpynW
CompareStringW
GetExitCodeThread
QueryDosDeviceW
GetVersion
GetDriveTypeW
SetErrorMode
GetLocaleInfoW
GetUserDefaultLangID
DeviceIoControl
LoadLibraryA
GetProcessHeap
HeapAlloc
HeapFree
GetProfileStringW
WriteProfileStringW
GlobalAlloc
GlobalLock
GlobalUnlock
CreateThread
lstrlenA
DeleteFileA
InterlockedDecrement
InterlockedIncrement
ExpandEnvironmentStringsW
GetLongPathNameW
OpenEventW
WritePrivateProfileStringW
GetLocalTime
lstrlenW
LocalAlloc
LocalFree
Sleep
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetFilePointer
SetEndOfFile
GetSystemDefaultLangID
GlobalFree
WideCharToMultiByte
FindFirstFileW
FindNextFileW
GetShortPathNameW
GetWindowsDirectoryA
GetModuleHandleA
CreateProcessW
WaitForMultipleObjects
GetExitCodeProcess
GetDiskFreeSpaceExW
SetFileAttributesW
GetFileTime
FileTimeToSystemTime
GetTimeZoneInformation
GetModuleHandleW
GetVersionExA
GetVersionExW
GetFileAttributesW
GetFileAttributesA
SetCurrentDirectoryW
GetUserDefaultLCID
GetUserGeoID
GetTempPathA
CreateDirectoryW
RemoveDirectoryW
GetPrivateProfileStringW
SetLastError
GetFileSize
WriteFile
MultiByteToWideChar
GetStartupInfoA
CloseHandle
GetLastError

msvcrt

wcsrchr
wcsstr
wcschr
??2@YAPAXI@Z
??3@YAXPAX@Z
_wcsicmp
wcslen
swscanf
_wcslwr
_beginthreadex
_wtol
_wcsnicmp
_vsnprintf
_endthread
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit
_onexit
wcsncpy
_snwprintf
iswspace
wcsncmp
wcspbrk
iswdigit
towupper
iswalpha
strpbrk
_strlwr
_stricmp
iswalnum
_wcsupr
ceil
wcstol
calloc
strchr
memmove
wcscmp
malloc
free
_itow
wcstok
_vsnwprintf
strrchr
strstr
_purecall
_wtoi
time

advapi32

RegCreateKeyExW
LookupPrivilegeValueW
InitiateSystemShutdownExW
CloseServiceHandle
QueryServiceStatus
EnumDependentServicesW
ControlService
OpenServiceW
OpenSCManagerW
StartServiceW
CreateServiceW
DeleteService
QueryServiceConfigW
RegOpenKeyExA
OpenProcessToken
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
AdjustTokenPrivileges
RegQueryValueExW
RegCloseKey
RegQueryValueExA
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation

gdi32

SelectObject
SetMapMode
CreateCompatibleDC
GetStockObject
GetDeviceCaps
CreateSolidBrush
SetTextColor
GetObjectW
SetBkColor
DeleteObject
CreateFontIndirectW
PatBlt
CreatePen
GetTextMetricsW
CreateFontA
GetTextFaceA
ExtTextOutW
SetBkMode
DeleteDC

user32

PeekMessageW
PostThreadMessageW
SetCursor
CallWindowProcW
DrawTextW
LoadCursorW
DestroyCursor
GetScrollInfo
SetScrollInfo
ScrollWindow
GetActiveWindow
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
LoadIconW
UpdateWindow
IsWindow
BeginPaint
CreateDialogParamW
LoadImageW
GetWindowLongW
SetWindowLongW
EndPaint
PostQuitMessage
InvalidateRect
GetSystemMetrics
SendDlgItemMessageW
DestroyWindow
CreateWindowExW
SetWindowTextA
FindWindowExW
GetSystemMenu
EnableMenuItem
MessageBoxW
ScreenToClient
SetWindowPos
PostMessageW
EnableWindow
LoadStringW
SetWindowTextW
ShowWindow
GetDlgItem
GetDC
DrawFocusRect
ReleaseDC
DefWindowProcW
GetWindowRect
GetParent
MapWindowPoints
MoveWindow
SetFocus
SendMessageW
FindWindowW
GetDesktopWindow
RegisterClassW
MsgWaitForMultipleObjects
UnregisterClassW
CharNextA
IsCharAlphaW
SetTimer
KillTimer
GetClientRect
LoadStringA

ole32

CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoCreateInstance
CLSIDFromString
OleInitialize
OleUninitialize

comctl32

InitCommonControlsEx

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHGetFolderLocation
ShellExecuteW
SHChangeNotify
ShellExecuteExW
CommandLineToArgvW

wininet

InternetCrackUrlW

setupapi

SetupCloseInfFile
SetupFindNextLine
SetupGetStringFieldW
SetupGetLineCountW
SetupFindFirstLineW
SetupGetLineTextW
SetupGetBinaryField
SetupInstallFromInfSectionW
SetupIterateCabinetA

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvSignerFromChain

wsock32

getsockopt
socket
select
WSAGetLastError
connect
htons
inet_ntoa
ioctlsocket
__WSAFDIsSet
WSAStartup
WSACleanup
WSAAsyncGetHostByName
WSACancelAsyncRequest
closesocket

urlmon

ObtainUserAgentString
UrlMkSetSessionOption

shlwapi

PathAddBackslashW
PathAddBackslashA
PathFindExtensionW
PathFindFileNameW
SHDeleteKeyW
PathGetCharTypeA
PathGetCharTypeW

crypt32

CertVerifyCertificateChainPolicy

oleaut32

SysAllocString
SysStringLen
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
VariantInit
VariantClear

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

mpr

WNetCancelConnection2W
WNetAddConnection2W
WNetGetConnectionW

Sections

.text
Size: 300KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 484KB - Virtual size: 482KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

da4720762ebc28cb497ab27780a8e399

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

advapi32

gdi32

user32

ole32

comctl32

shell32

wininet

setupapi

wintrust

wsock32

urlmon

shlwapi

crypt32

oleaut32

version

mpr

Sections

.text Size: 300KB - Virtual size: 298KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 484KB - Virtual size: 482KB

.text Size: 124KB - Virtual size: 124KB

.text
Size: 300KB - Virtual size: 298KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 484KB - Virtual size: 482KB

.text
Size: 124KB - Virtual size: 124KB