594ec09e59c4461ecd9167b5939e8d31_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

594ec09e59c4461ecd9167b5939e8d31_JaffaCakes118
Size

265KB
MD5

594ec09e59c4461ecd9167b5939e8d31
SHA1

1662b1192697ba1a15bd7f31156ce78eb293ec47
SHA256

eeac3a56bb646b8b88fbd021faed46396190987435caebaf2f38f39d9e11b4f7
SHA512

3c957218228417177cb562ee23c776acff1f2cef36fc5719d890cc453e002d96a600c04287204ef263e79f055cc907ac9e29304021a69bb7d96e8d49ef25ec5e
SSDEEP

3072:4OU1H7tRFNhHm/4FBVlhmhvXsk/GYtnkAtc3MmJNz7YaoXryNnv0uLT+K/5XK3mL:y7t9hpHlIt/GYiJV7Yaq2nvNLT7/I3m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
594ec09e59c4461ecd9167b5939e8d31_JaffaCakes118

Files

594ec09e59c4461ecd9167b5939e8d31_JaffaCakes118
.exe windows:6 windows x86 arch:x86

2469bdeec834e1080ec1d36ede2b8455

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Spell\Travel\complete\Landlone.pdb

Imports

kernel32

InitializeCriticalSectionAndSpinCount
DecodePointer
SetEndOfFile
WriteConsoleW
HeapReAlloc
HeapSize
FlushFileBuffers
CreateFileW
GetConsoleCP
GetProcessHeap
GetStringTypeW
SetStdHandle
LCMapStringW
GetExitCodeProcess
lstrcmpiA
FindFirstChangeNotificationA
ResetEvent
DeleteFileA
TlsAlloc
GetCurrentThread
OpenMutexA
GetTempPathA
Sleep
DuplicateHandle
lstrcmpA
CreateMutexA
GetEnvironmentVariableA
PeekNamedPipe
FindNextFileA
VirtualProtect
TlsSetValue
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
EncodePointer
RaiseException
GetLastError
GetModuleFileNameW
SetLastError
RtlUnwind
FindFirstFileA
TlsGetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReadFile
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetFileType
CloseHandle
FindClose
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW

user32

GetWindowLongA
GetKeyNameTextA
IsDlgButtonChecked
CallNextHookEx
EnumWindows
ReleaseDC
DefWindowProcA
DrawIconEx
DrawEdge
GetClassInfoExA

gdi32

IntersectClipRect
EndPage
RestoreDC
CreateFontIndirectA
Rectangle
LineTo
SetBkMode
StartDocA
ExtTextOutA

comctl32

ImageList_Destroy
ImageList_SetIconSize
ImageList_GetImageCount
ImageList_SetBkColor
ImageList_AddMasked
ImageList_Remove

ole32

CoRegisterClassObject
CoUninitialize
CoInitialize
CoRegisterSurrogate

shlwapi

SHRegCloseUSKey
SHRegWriteUSValueA
StrToIntA
SHRegCreateUSKeyA
PathFindFileNameA

advapi32

SystemFunction036
OpenServiceA
OpenThreadToken
RegOpenKeyExA
InitializeSecurityDescriptor
FreeSid
OpenProcessToken
ControlService
SetSecurityDescriptorDacl
SetEntriesInAclA
CreateServiceW
RegCloseKey
StartServiceCtrlDispatcherA
QueryServiceStatus
RegDeleteKeyA
RegQueryValueExA
AllocateAndInitializeSid
LookupPrivilegeValueA
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenSCManagerA
RegCreateKeyExA

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmNotifyIME
ImmSetCompositionFontA
ImmGetCompositionStringA

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2469bdeec834e1080ec1d36ede2b8455

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comctl32

ole32

shlwapi

advapi32

imm32

Sections

.text Size: 124KB - Virtual size: 124KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 22KB - Virtual size: 84KB

.gfids Size: 512B - Virtual size: 292B

.rsrc Size: 64KB - Virtual size: 63KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 124KB - Virtual size: 124KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 22KB - Virtual size: 84KB

.gfids
Size: 512B - Virtual size: 292B

.rsrc
Size: 64KB - Virtual size: 63KB

.reloc
Size: 6KB - Virtual size: 6KB