05b65baca6f083a894bae19a12f936f8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

05b65baca6f083a894bae19a12f936f8_JaffaCakes118
Size

205KB
MD5

05b65baca6f083a894bae19a12f936f8
SHA1

5cd3564f8900db55ab40dcc3015ac19d30ec8f4c
SHA256

972e40d34724978fa99bac3050f70f729a09e6312957ac9e7be7d801dd5efd97
SHA512

8a4fa00d748526f76aec8a0ddc39b28dfcf907d53e4011dde43d96369fc5db1870089197d8579c6d57ddc62408679625ec355a9dea8f2437f1fa9c1f7a5fbd8c
SSDEEP

6144:WEa4CCG8Nl3bjdexMXdfT8V9ZX7GKLG1W0j:Wj4CCGgfTc9ZLrL5o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/UGPP2211543.exe

Files

05b65baca6f083a894bae19a12f936f8_JaffaCakes118
.rar
UGPP2211543.exe
.exe windows:6 windows x86 arch:x86

fc967220a008b55a3dae5056690115e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Admin\Desktop\Mine\NightCrypt\Stubs\Ready to sell\Sale 3\ForgottenHeroes\Release\ForgottenHeroes.pdb

Imports

wininet

FindNextUrlCacheEntryW
InternetGetConnectedState
FindFirstUrlCacheEntryExW
FindFirstUrlCacheEntryExA
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
WritePrivateProfileStructA
VirtualProtect
GetStdHandle
SetFileBandwidthReservation
SetMailslotInfo
RequestWakeupLatency
CreateFileW
WriteTapemark
SetSearchPathMode
SetTapeParameters
WritePrivateProfileStructW
ZombifyActCtx
SetDllDirectoryA
TransmitCommChar
SetVolumeMountPointW
SetDefaultCommConfigW
SetCommBreak
VerifyVersionInfoW
GetTapeStatus
SetConsoleCursorPosition
SetDllDirectoryW
SetCommConfig
SetTapePosition
SetFileCompletionNotificationModes
GetCommandLineW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
SetFilePointerEx
GetFileSizeEx
ReadFile
FlushFileBuffers
ReadConsoleW
ReadConsoleInputW
SetConsoleMode
GetConsoleMode
CloseHandle
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapFree
SetStdHandle
GetProcessHeap
HeapSize
GetCommandLineA
TlsAlloc
GetLastError
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
WriteConsoleW
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
FreeLibrary
LoadLibraryExW
GetConsoleCP
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapAlloc

user32

GetWindowThreadProcessId
GetWindowTextLengthW
GetMessageW
GetLastActivePopup
DefWindowProcW
GetWindow
GetWindowRect
DestroyWindow
CreateWindowExW
SendMessageW
GetWindowPlacement
ShowWindow
DispatchMessageW
GetWindowInfo
GetLayeredWindowAttributes
RegisterClassW
GetWindowTextW
TranslateMessage
GetClientRect
PostQuitMessage
GetDesktopWindow
GetWindowModuleFileNameW
GetParent
GetGUIThreadInfo
BeginPaint
EndPaint
GetForegroundWindow

advapi32

ReportEventA
SetFileSecurityA
ReportEventW
SetFileSecurityW

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.zldata
Size: 165KB - Virtual size: 168KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc967220a008b55a3dae5056690115e0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

advapi32

Sections

.text Size: 164KB - Virtual size: 164KB

.rdata Size: 77KB - Virtual size: 77KB

.data Size: 17KB - Virtual size: 20KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 12KB - Virtual size: 11KB

.zldata Size: 165KB - Virtual size: 168KB

.text
Size: 164KB - Virtual size: 164KB

.rdata
Size: 77KB - Virtual size: 77KB

.data
Size: 17KB - Virtual size: 20KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 12KB - Virtual size: 11KB

.zldata
Size: 165KB - Virtual size: 168KB