2622f509766fc8dca049981ebc90d703_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2622f509766fc8dca049981ebc90d703_JaffaCakes118
Size

149KB
MD5

2622f509766fc8dca049981ebc90d703
SHA1

49e92c635b9718da15e1a422fcc52a2885445f3b
SHA256

67746a3ca8df100d17ac32dd508cc0cbc18b8e869d979bee1368fc6de435cc4b
SHA512

bac388ebaac0a68ad30b9653642cd727f75245b09c3f6a7fb380c39accdf2b3d6b1d3f6b98f16a39cb95f6245849a32a039611be23e4fe389cef4e7b409ff265
SSDEEP

3072:tzaE7ZKrQMh/x8orIrUCic0PglqlsvARnj1N2el55D8ejI1AbWxS/Cau2lPX3LMB:ZaE4rQqlrIQL8Eh2eloesObWxS/TzMB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2622f509766fc8dca049981ebc90d703_JaffaCakes118

Files

2622f509766fc8dca049981ebc90d703_JaffaCakes118
.exe windows:5 windows x86 arch:x86

54aaf8dc643114b5c601c5f8d229f3b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Wrote\Sea\Atom\ShopOne.pdb

Imports

kernel32

GetCurrentThreadId
CloseHandle
LocalFree
CreateThread
CompareStringW
VirtualProtect
HeapSize
LoadLibraryW
RtlUnwind
IsProcessorFeaturePresent
HeapReAlloc
GetStringTypeW
LCMapStringW
GetSystemInfo
RemoveDirectoryW
LocalAlloc
GetDiskFreeSpaceW
GetCurrentDirectoryW
GetModuleFileNameW
GetFileAttributesW
WriteConsoleW
Sleep
ReadFile
MultiByteToWideChar
GetProcessHeap
SetEndOfFile
SetFilePointer
GetConsoleMode
GetConsoleCP
RaiseException
WideCharToMultiByte
GetSystemDirectoryW
CreateProcessW
GetEnvironmentVariableW
ExitProcess
GetTimeFormatA
GetDateFormatA
GetLastError
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetFileType
CreateFileA
CreateFileW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
DecodePointer
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
GetProcAddress
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapFree
GetTimeZoneInformation
HeapAlloc
SetStdHandle
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
SetHandleCount
GetStdHandle
DeleteCriticalSection
WriteFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetEnvironmentVariableA

user32

GetClassInfoExW
CallWindowProcW
ReleaseCapture
GetCursorPos
EndDialog
GetWindowTextLengthW
CloseClipboard
GetMessageW
GetFocus
GetAncestor
SetFocus
RegisterClassExW
LoadIconW
OffsetRect
GetWindowLongW
AppendMenuW

comctl32

ord17
ImageList_DragLeave
_TrackMouseEvent

comdlg32

GetOpenFileNameW
ReplaceTextW
GetSaveFileNameW
GetFileTitleW

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemAlloc

shlwapi

PathSkipRootW

avifil32

AVIStreamRelease
AVIFileInit
AVIStreamEndStreaming
AVIMakeFileFromStreams
AVIFileExit

Sections

.text
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 610KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54aaf8dc643114b5c601c5f8d229f3b9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

comctl32

comdlg32

ole32

shlwapi

avifil32

Sections

.text Size: 115KB - Virtual size: 114KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 610KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 115KB - Virtual size: 114KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 610KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB