f8d560ce6fe12547f0a4ddbfdaf84b51_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f8d560ce6fe12547f0a4ddbfdaf84b51_JaffaCakes118
Size

4.8MB
MD5

f8d560ce6fe12547f0a4ddbfdaf84b51
SHA1

62633ae4459a89398680f8c01ce31d0493a18ce0
SHA256

f8d7503fdffac8d682cd2e887021b60291bf99035efc08fe35a19f307e3290ef
SHA512

0bced012db1d2fe3255baf80fdd30f7be7034b81058384d90e07b957171125a7a18fc8fdd0e1e689b8d4b212f4f32ecd13fd1dabb286fe24ccb27fb22ff40779
SSDEEP

98304:OCK22T8aTPz8pLYD1QtjJ4DfyhNbYf637GVtOcs1j/dE:22WTPz8pagJIKnbYS5cmJE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f8d560ce6fe12547f0a4ddbfdaf84b51_JaffaCakes118

Files

f8d560ce6fe12547f0a4ddbfdaf84b51_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d9c300e179d42bc1eae8f6227bb89f1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\p4builds\Products\GoToMyPC\v7.0\_output\win32_x86\Release\gosetup.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

InterlockedIncrement
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
DeleteFileW
CloseHandle
WriteFile
CreateFileW
LockResource
LoadResource
SizeofResource
GetLastError
FindResourceW
lstrlenW
MoveFileExW
RemoveDirectoryW
WaitForSingleObject
GetTempFileNameW
CreateDirectoryW
GetTempPathW
GetModuleFileNameW
Sleep
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetCurrentProcessId
SetFilePointer
CreateMutexW
GetModuleHandleW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
LocalFree
LocalAlloc
FormatMessageW
FreeLibrary
TlsGetValue
TlsSetValue
TlsAlloc
GetProcAddress
IsBadReadPtr
GetCurrentProcess
RaiseException
LoadLibraryW
GetVersionExW
SetUnhandledExceptionFilter
LoadLibraryExW
SystemTimeToFileTime
GetSystemTime
SetEvent
OpenEventW
GetCurrentThreadId
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
ReleaseMutex
TlsFree
GetSystemWindowsDirectoryW
GetCurrentThread
FindClose
FlushFileBuffers
FindFirstFileW
GetSystemDirectoryW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetTickCount
QueryPerformanceCounter
WriteConsoleA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
LCMapStringA
HeapSize
GetConsoleMode
GetConsoleCP
LCMapStringW
GetModuleHandleA
IsValidCodePage
GetOEMCP
InterlockedExchange
LoadLibraryA
ExitProcess
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
RtlUnwind
GetStdHandle
GetModuleFileNameA
SetLastError
InterlockedDecrement
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetCPInfo
GetACP

ole32

CoGetCurrentProcess

psapi

EnumProcessModules
GetModuleInformation
GetModuleFileNameExW

shlwapi

PathRemoveExtensionW
PathStripPathW

Sections

.text
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9c300e179d42bc1eae8f6227bb89f1e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

ole32

psapi

shlwapi

Sections

.text Size: 142KB - Virtual size: 142KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 6.5MB - Virtual size: 6.5MB

.text
Size: 142KB - Virtual size: 142KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 6.5MB - Virtual size: 6.5MB