JaffaCakes118_8622058cf310addf596f2d3e24e159e0

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_8622058cf310addf596f2d3e24e159e0
Size

280KB
MD5

8622058cf310addf596f2d3e24e159e0
SHA1

913945c1d59a01bbafafed4eb309dba4c578e86c
SHA256

4ca7f144aebfa5eca9400066cdaa493fdb3a927e10df8f827c4059977979a0fc
SHA512

0f4779d4d74765df11456ab7417328f2aab6d7a0881e1b44a85d75735a6233fb56006d4a25c59e61974d25abf6b6ae39e029b4ad9d7dd52c5f3e661559f19936
SSDEEP

3072:cn4cV8gf2u41Z5tKlwKWSLCgOhZpZ+b6v4XbMjX58z1M3TZRrOsageiqR8J/Ckyc:u4y8gOl2Em2Q6wrMlSK6meiWkJH7J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_8622058cf310addf596f2d3e24e159e0

Files

JaffaCakes118_8622058cf310addf596f2d3e24e159e0
.dll windows:4 windows x86 arch:x86

1cf9228bfac61cfa1a8aa6d8f09dd4bf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHDeleteKeyA

msi

ord210
ord49
ord115
ord158
ord116
ord130
ord11
ord73
ord91
ord31
ord159
ord160
ord117
ord112
ord8
ord15
ord110

kernel32

GetStringTypeW
GetStringTypeA
HeapSize
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
lstrcatA
lstrcpyA
lstrcmpA
lstrlenA
FindClose
FindFirstFileA
WideCharToMultiByte
MultiByteToWideChar
GetACP
DeleteFileA
GetVersionExA
GetLastError
GetCurrentProcess
GetLocaleInfoA
GetTimeZoneInformation
InitializeCriticalSection
LoadLibraryA
CompareStringA
FindNextFileA
RtlUnwind
FileTimeToSystemTime
FileTimeToLocalFileTime
SetEnvironmentVariableA
CompareStringW
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
LCMapStringW
Sleep
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings

advapi32

RegCreateKeyA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegFlushKey
RegCloseKey

Exports

Exports

AddFeature
ApplyUpdates
ApplyUpdatesEx
ApplyUpdatesExRD
IsBrowserIntegrated
MaintenanceRepair
MigrateUserRegistry
MigrateUserRegistryEx
RemoveFeature
RemoveUpdates
RemoveUpdatesEx
RemoveUpdatesExRD
SetupUpdaterForReboot
UpdateCache
ValidateInstaller

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1cf9228bfac61cfa1a8aa6d8f09dd4bf

Headers

File Characteristics

Imports

shlwapi

msi

kernel32

advapi32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 1020B

.reloc Size: 8KB - Virtual size: 5KB

.text Size: 192KB - Virtual size: 192KB

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1020B

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 192KB - Virtual size: 192KB