3d79d2b7c859dd55bfcfb13eaad284d9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3d79d2b7c859dd55bfcfb13eaad284d9_JaffaCakes118
Size

452KB
MD5

3d79d2b7c859dd55bfcfb13eaad284d9
SHA1

4ee02d0b2d15f2151a035471bf61633b5441d77a
SHA256

3cc99effad03638d44d9ecf82f75cbd6bc95f00d62bf5cd506f409eca5f31661
SHA512

f94995157c6e851c7c8e8a91b961c4f800e247b34189f397e3f4837434f8f73cab07aa5b7d49958d5a729f98b5517ca4651967e5d725ebe2e624364f9f76fb5e
SSDEEP

6144:kVxKUv7oHoSIXCVjajY2gAdQyC10ZPleXMSgy9NNHVXEuar5nTm21DdFqS0XrKxU:kuUvmoSIQjirb6/geAna21DdFbxcd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
3d79d2b7c859dd55bfcfb13eaad284d9_JaffaCakes118

Files

3d79d2b7c859dd55bfcfb13eaad284d9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c3ed4c3fd83c44ca687fdd0513a70cd9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

J:\if\push\Identity\connectionless.pdb

Imports

kernel32

OutputDebugStringW
WriteConsoleW
OutputDebugStringA
WriteFile
HeapCreate
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
IsBadReadPtr
HeapValidate
SetLastError
GetModuleHandleW
TlsFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
DecodePointer
EncodePointer
RaiseException
GetModuleFileNameW
GetStartupInfoW
HeapSetInformation
GetCommandLineA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
LoadLibraryW
SetFilePointer
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
GetStringTypeW
RtlUnwind
LCMapStringW
HeapAlloc
HeapReAlloc
HeapSize
HeapQueryInformation
HeapFree
SetStdHandle
FlushFileBuffers
CreateFileW
lstrcpyA
GetSystemTime
CompareStringA
ExitProcess
GetModuleHandleA
GetThreadPriority
EnumDateFormatsA
LoadLibraryA
GetProcAddress
GetLastError
GlobalUnlock
SetConsoleTitleA
SetThreadPriority
lstrlenW
MulDiv
GetProcessHandleCount
GetVolumeInformationA
WideCharToMultiByte
GlobalAlloc
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
FormatMessageA
GetCurrentThread
GlobalLock
GetCurrentProcess
LoadResource
SetErrorMode
lstrcmpA
FindResourceA
TlsGetValue
CloseHandle

user32

LoadCursorA
DestroyIcon
GetWindow
LoadImageA
SetWindowTextA
FindWindowA
GetSystemMetrics
IsRectEmpty
BeginPaint
EndPaint
DestroyWindow
CloseClipboard
GetDlgItemInt
GetSystemMenu
SetTimer
InsertMenuItemA
SendDlgItemMessageA
TrackPopupMenu
DeleteMenu
LoadBitmapA
GetParent
LoadIconA
wsprintfA
GetClientRect
SystemParametersInfoA
SendMessageA
GetDC
SetRect
SetWindowLongA
MessageBoxA
GetWindowLongA
GetClipboardData
CreateWindowExA
ReleaseDC
EmptyClipboard
GetDlgItem
DefWindowProcA
GetDesktopWindow
GetCursorPos
CreatePopupMenu
CreateDialogParamW
GetClassInfoA
OpenClipboard
MessageBoxW

gdi32

MoveToEx
BitBlt
LineTo
DeleteDC
CreateFontIndirectA
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
Rectangle
GetTextMetricsA
GetObjectA
GetStockObject
CreateSolidBrush
StretchBlt

advapi32

OpenProcessToken
GetTokenInformation
OpenThreadToken

shell32

SHGetFileInfoA
SHGetFolderPathW

oleaut32

SysStringLen
RevokeActiveObject

comctl32

ImageList_GetImageInfo
ImageList_ReplaceIcon
ImageList_Create
ImageList_Add
ImageList_GetImageCount

dbghelp

EnumerateLoadedModules

uxtheme

OpenThemeData
DrawThemeBackground
CloseThemeData

tapi32

lineProxyResponse

Exports

Exports

ro

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 89KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

idata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3ed4c3fd83c44ca687fdd0513a70cd9

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

oleaut32

comctl32

dbghelp

uxtheme

tapi32

Exports

Exports

Sections

.text Size: 169KB - Virtual size: 169KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 89KB - Virtual size: 96KB

idata Size: 42KB - Virtual size: 41KB

.vata Size: 54KB - Virtual size: 53KB

.rsrc Size: 42KB - Virtual size: 41KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 169KB - Virtual size: 169KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 89KB - Virtual size: 96KB

idata
Size: 42KB - Virtual size: 41KB

.vata
Size: 54KB - Virtual size: 53KB

.rsrc
Size: 42KB - Virtual size: 41KB

.reloc
Size: 15KB - Virtual size: 14KB