16e3029222864030e68ddeca0687882d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16e3029222864030e68ddeca0687882d_JaffaCakes118
Size

549KB
MD5

16e3029222864030e68ddeca0687882d
SHA1

f42c97e4054763a8520aaa7318596d5955251294
SHA256

e2862099ecb4e6a3e51f07e1d1811cf8dd4903c33f9bd3be86587fb52ba01766
SHA512

be22223452269ef0d4228146c4df7d7d4f285294c2af927359c7f2e8164629c69ee15fef77bed2f143f6d521bc64d72b9f3abe9c83911c1c6c2807086cfd08ca
SSDEEP

12288:/ZTDd4t/u28bEFGWtdOKbBEP68A2TiiIk1c9La:/H4Vu4xL2Pa2mZk1Wa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16e3029222864030e68ddeca0687882d_JaffaCakes118

Files

16e3029222864030e68ddeca0687882d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

240c975838f9ef5e524afce049ba1162

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

PDB Paths

R:\restaurants\installations\Relea.pdb

Imports

kernel32

LoadLibraryA
CreateFileMappingA
GetConsoleScreenBufferInfo
LocalAlloc
CreateEventW
GetSystemInfo
GetModuleHandleA
FillConsoleOutputAttribute
GetCurrentThreadId
CloseHandle
lstrcpyA
GetModuleHandleW
InterlockedIncrement
CreateFileW
FlushFileBuffers
SetStdHandle
LCMapStringW
VirtualQuery
GetProcessHeap
HeapFree
GetProcAddress
HeapSize
HeapReAlloc
OutputDebugStringW
WriteConsoleW
OutputDebugStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
FlushConsoleInputBuffer
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
IsProcessorFeaturePresent
LoadLibraryW
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetCurrentProcessId
GetTickCount
GetCurrentDirectoryW
GetLastError
GetStdHandle
GlobalUnlock
SetConsoleCursorPosition
HeapCreate
ReadConsoleInputA
GlobalAlloc
HeapQueryInformation
FlushViewOfFile
WaitForSingleObject
GlobalLock
GetCurrentProcess
InterlockedDecrement
HeapAlloc
UnmapViewOfFile
MapViewOfFile
lstrlenA
QueryPerformanceCounter
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetLastError
TlsFree
TlsSetValue
IsDebuggerPresent
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RaiseException
DecodePointer
EncodePointer
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
GetFileSize
CreateFileA
IsBadReadPtr
HeapValidate
FreeLibrary
FillConsoleOutputCharacterA
GetStringTypeW
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
LocalFree
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
ExitProcess

user32

SetClipboardData
SendMessageW
SetWindowTextA
RegisterClassW
SystemParametersInfoA
OpenClipboard
GetClassLongA
DispatchMessageW
UpdateWindow
DestroyWindow
CloseClipboard
GetSystemMenu
GetWindowRect
GetMessageW
IsClipboardFormatAvailable
GetParent
LoadCursorW
wsprintfA
GetWindowTextLengthA
SendMessageA
TranslateMessage
LoadIconW
GetWindowTextA
SetWindowLongA
MessageBoxA
GetWindowLongA
SystemParametersInfoW
CreateWindowExA
EnableMenuItem
SetClassLongA
GetDlgItem
SetWindowPos
ShowWindow
CreateWindowExW
DispatchMessageA

gdi32

CreateFontIndirectW
SetBrushOrgEx
CreateBitmap
DeleteObject
SelectObject
CreatePatternBrush
PatBlt

advapi32

AdjustTokenPrivileges
AccessCheck
RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
RegCreateKeyA

shell32

SHGetSpecialFolderLocation
SHChangeNotify

ole32

OleUninitialize
CoUnmarshalInterface
OleInitialize
CreateStreamOnHGlobal
OleFlushClipboard

oleaut32

SysFreeString
VariantChangeType
VariantInit
VariantCopy
VariantClear
SysAllocString

ws2_32

WSAStartup

shlwapi

StrChrA

comctl32

InitCommonControlsEx

rpcrt4

UuidFromStringA

sensapi

IsNetworkAlive

Sections

.text
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

240c975838f9ef5e524afce049ba1162

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

shlwapi

comctl32

rpcrt4

sensapi

Sections

.text Size: 241KB - Virtual size: 240KB

.rdata Size: 112KB - Virtual size: 111KB

.data Size: 75KB - Virtual size: 82KB

.rsrc Size: 103KB - Virtual size: 102KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 241KB - Virtual size: 240KB

.rdata
Size: 112KB - Virtual size: 111KB

.data
Size: 75KB - Virtual size: 82KB

.rsrc
Size: 103KB - Virtual size: 102KB

.reloc
Size: 17KB - Virtual size: 16KB