f11952bd804da0d67b9cfa3264065e39_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f11952bd804da0d67b9cfa3264065e39_JaffaCakes118
Size

440KB
MD5

f11952bd804da0d67b9cfa3264065e39
SHA1

cae85a3c29fe05b8bae3dafe561116412c0759a4
SHA256

c0e06549c8b8fbccab22a93905ff569797e01373492bf8c7948313e783bc5156
SHA512

c6d260c4c18a3f4cf8b4d9593766ef8eb7340f358bf970d5dcf54b83849caf388ca2483c6d5164be5e2a0b3baff6fd9566576e9751e0f3831dc5aae7c088fd8b
SSDEEP

6144:6suc+P/5ZqyAcSD3Dty9ZCOfVavfqfS5cNIdVQXcrDeq4p/TWjERGJmdl:6rc6vhSDTtyu2Ivz5cN8zWq4dWYRSmdl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f11952bd804da0d67b9cfa3264065e39_JaffaCakes118

Files

f11952bd804da0d67b9cfa3264065e39_JaffaCakes118
.exe windows:4 windows x86 arch:x86

af041e598a73c116dfec1c47bf0165f8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

z:\kunden\codesoft-pw-stealer_v0.5\cem version\release\Codesoft-PW_Stealer_Server.pdb

Imports

kernel32

GetCurrentProcess
lstrcatA
lstrcpyA
Sleep
FreeLibrary
LoadLibraryA
SizeofResource
LoadResource
FindResourceA
GetModuleHandleA
CloseHandle
WriteFile
CreateFileA
GetModuleFileNameA
GetPrivateProfileStringA
CreateMutexA
GetFileSize
SetCurrentDirectoryA
GetSystemDirectoryA
ExitProcess
lstrcmpA
Module32Next
Module32First
Process32Next
Process32First
CreateToolhelp32Snapshot
FindNextFileA
FindFirstFileA
GetLastError
GetProcAddress
ReadFile
lstrlenA
DeleteFileA
RtlUnwind
RaiseException
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSection
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

user32

wsprintfA

advapi32

RegOpenKeyExA
GetUserNameA
RegCloseKey

shell32

SHGetFolderPathA

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.umap
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 336KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af041e598a73c116dfec1c47bf0165f8

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 52KB - Virtual size: 48KB

.umap Size: 48KB - Virtual size: 45KB

.rsrc Size: 336KB - Virtual size: 334KB

.text
Size: 52KB - Virtual size: 48KB

.umap
Size: 48KB - Virtual size: 45KB

.rsrc
Size: 336KB - Virtual size: 334KB