5fbd129d02eb3ec77f6e3941067a2aff_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5fbd129d02eb3ec77f6e3941067a2aff_JaffaCakes118
Size

718KB
MD5

5fbd129d02eb3ec77f6e3941067a2aff
SHA1

83e99306af8738b42f9ddac90aa64c8f43c337df
SHA256

328d7fb55999ce919341d6445effa8719fbb710738b04d766a75e8daf20c5048
SHA512

805d97f76f755a95cedd4bd4a4b6d3a2c68880e1f65498e097e682240546773fe35fc57a5a05aa7a078166d44f09ab9b8f7a2ed215dc1bc9c43e23da0c2237fb
SSDEEP

12288:ZdR9FJlGMifjKs8Kfm99FdUjA2WoG1YBDr7xYLfljnPwTUY2VpwFw:HRpAMiWs8KfOyA2w1Y9cfBPqso

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
5fbd129d02eb3ec77f6e3941067a2aff_JaffaCakes118

Files

5fbd129d02eb3ec77f6e3941067a2aff_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a1931129c2b6aa6f7eeeeaf01cec9b1d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\city\Tone\crowd\Open\part\anger\Steam\Breadglass.pdb

Imports

kernel32

EnumSystemLocalesA
IsValidLocale
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
LoadLibraryExA
GetProcAddress
WritePrivateProfileSectionW
Sleep
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
GetCPInfo
RaiseException
GetLastError
HeapFree
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeW
HeapAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
CloseHandle
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
GetModuleHandleA

user32

EndDialog
OffsetRect
WindowFromPoint
LoadIconA
SetCapture
CloseClipboard
GetMessageA

ole32

OleInitialize
OleUninitialize
CoRegisterSurrogate
CoInitialize
CoRegisterClassObject
CoUninitialize

advapi32

OpenProcessToken
RegCloseKey
RegEnumKeyA
FreeSid
OpenSCManagerA
SetServiceStatus
AllocateAndInitializeSid
QueryServiceStatus
RegOpenKeyExA
LookupPrivilegeValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateServiceA
RegQueryValueExA
RegisterServiceCtrlHandlerA
RegSetValueExA
GetTokenInformation
SetEntriesInAclA
OpenThreadToken
DeleteService
OpenServiceA
StartServiceCtrlDispatcherA

Sections

.text
Size: 449KB - Virtual size: 449KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a1931129c2b6aa6f7eeeeaf01cec9b1d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

advapi32

Sections

.text Size: 449KB - Virtual size: 449KB

.rdata Size: 118KB - Virtual size: 118KB

.data Size: 53KB - Virtual size: 129KB

.rsrc Size: 96KB - Virtual size: 96KB

.text
Size: 449KB - Virtual size: 449KB

.rdata
Size: 118KB - Virtual size: 118KB

.data
Size: 53KB - Virtual size: 129KB

.rsrc
Size: 96KB - Virtual size: 96KB