038aa00c3515e725a0f1a378c5681c82_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

038aa00c3515e725a0f1a378c5681c82_JaffaCakes118
Size

605KB
MD5

038aa00c3515e725a0f1a378c5681c82
SHA1

f94f50b21e3403ea6f3259476f8bbf2abca9499b
SHA256

f8900df873b5fb21105564ba75152f70fabea80efdd16532f76076dd3ab97d4a
SHA512

2a2b7e5f0a636f96d56c4d5bef7e4a7365bdc18d3cc966f3c6cd30de3a28515dce0043c9070c6d7e4360a7482aae156e17f655e4ddeec620c849357dd9038b15
SSDEEP

12288:1UwUutY7BPAKxkUGqEjdIstHWI3//RAmiCyPeWVMb9OGR1:3tgNG9jdIsJWDTPeWV8YS1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
038aa00c3515e725a0f1a378c5681c82_JaffaCakes118

Files

038aa00c3515e725a0f1a378c5681c82_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cd50bc25d0ec4da7db1fd11199a7b237

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\A\Release\staleness.pdb

Imports

kernel32

HeapSize
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
GetTimeFormatA
VirtualAlloc
CreateEventA
WaitForSingleObject
GetConsoleMode
GetConsoleCP
SetStdHandle
GetModuleFileNameA
VirtualFree
HeapCreate
GetFileType
GetStdHandle
SetHandleCount
GetStartupInfoA
GetCommandLineA
RtlUnwind
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
ExitProcess
GetModuleHandleW
HeapAlloc
HeapReAlloc
GetLastError
lstrlenA
GetCurrentProcess
EnumDateFormatsA
GetTempPathA
HeapFree
CreateFileW
CreateFileA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetFullPathNameW
GetFullPathNameA
GetTempFileNameA
GetModuleHandleA
FormatMessageW
FormatMessageA
Sleep
InitializeCriticalSection
InterlockedCompareExchange
DeleteCriticalSection
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
AreFileApisANSI
CloseHandle
ReadFile
SetFilePointer
WriteFile
SetEndOfFile
FlushFileBuffers
GetFileSize
UnlockFile
LockFile
GetFileAttributesA
DeleteFileA
GetFileAttributesW
DeleteFileW
LoadLibraryA
LoadLibraryW
GetProcAddress
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTime
GetSystemTimeAsFileTime
LockFileEx
GetTempPathW
LocalFree
SetEnvironmentVariableA

user32

GetFocus
CreateDialogParamW
DestroyWindow
GetSysColor
SendMessageA
DrawFocusRect
GetDlgItem
ReleaseDC
GetDC
EndDialog
LoadStringA
GetWindowTextA
GetWindowTextLengthA
LoadIconA
SetRect
LoadCursorA
NotifyWinEvent
MessageBoxA
LoadBitmapA
FindWindowA
SetClassLongA
IsWindowEnabled
GetCursorPos
DestroyIcon
SetPropA
SetWindowLongA
CreateWindowExA
DefDlgProcA
GetWindowLongA
BeginPaint
GetClientRect
DrawTextA
EndPaint
DefWindowProcA
KillTimer

gdi32

TextOutA
GetObjectA
GetTextExtentPoint32A
CombineRgn
CreateSolidBrush
SetTextAlign
SelectObject
GetTextMetricsA
SetTextColor
SetBkColor
ExtTextOutA

comdlg32

PageSetupDlgA
GetOpenFileNameW
ChooseFontA
ReplaceTextA

shell32

SHGetDesktopFolder
SHGetFileInfoA
SHParseDisplayName
SHBindToParent

ole32

CoInitialize
CoTaskMemFree

msvfw32

ICInfo
ICOpen
ICGetInfo
ICClose

wininet

HttpAddRequestHeadersA

psapi

GetProcessMemoryInfo

winmm

mmioClose
mmioDescend

shlwapi

PathGetArgsA
StrCmpNIA

comctl32

ImageList_ReplaceIcon
ord17
ImageList_Create
ImageList_Draw

pdh

PdhAddCounterA
PdhOpenQueryA
PdhCollectQueryData
PdhGetFormattedCounterValue

dbghelp

EnumerateLoadedModules

dnsapi

DnsReplaceRecordSetA

tapi32

phoneGetRing

Sections

.text
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd50bc25d0ec4da7db1fd11199a7b237

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

shell32

ole32

msvfw32

wininet

psapi

winmm

shlwapi

comctl32

pdh

dbghelp

dnsapi

tapi32

Sections

.text Size: 315KB - Virtual size: 314KB

.rdata Size: 62KB - Virtual size: 62KB

.data Size: 8KB - Virtual size: 99KB

.rsrc Size: 218KB - Virtual size: 217KB

.text
Size: 315KB - Virtual size: 314KB

.rdata
Size: 62KB - Virtual size: 62KB

.data
Size: 8KB - Virtual size: 99KB

.rsrc
Size: 218KB - Virtual size: 217KB