6399c19bbf98516a818557c0085415f7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6399c19bbf98516a818557c0085415f7_JaffaCakes118
Size

319KB
MD5

6399c19bbf98516a818557c0085415f7
SHA1

3f463ce6cbafe5f3b6fd9a1cd32ff7dfb38ec2c9
SHA256

48c9bb4bc3bb10aecf225e018aa9af107b37cf873013acefec0522faa393382f
SHA512

b4122f960646048a76bfde5138260145c60e42c33b47e5f456c1d6a46d85db1a39fc40111d1609a3fcd6a0e06aabb8d0f055c1af7618ba60d21a0f454cccaacf
SSDEEP

6144:oLxiC/F2w2jz2Kb5UpSjcl5yp0F70dAVePaTctCjD3JNEfJj:oLxiC/Foz2KeyGZVEsD3JNEfJj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6399c19bbf98516a818557c0085415f7_JaffaCakes118

Files

6399c19bbf98516a818557c0085415f7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0298153bdaf951e5c0155c0ece1267ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Team\Felt\always\Weightfair.pdb

Imports

kernel32

VirtualProtectEx
CreateSemaphoreW
LockResource
GetSystemInfo
WaitForMultipleObjects
GetShortPathNameW
CloseHandle
GetWindowsDirectoryW
GetSystemTime
GetCurrentDirectoryW
GetTempPathW
CreateFileW
GetModuleFileNameW
GetFileAttributesW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
OutputDebugStringW
WriteConsoleW
OutputDebugStringA
GetStringTypeW
MultiByteToWideChar
LCMapStringW
WideCharToMultiByte
RtlUnwind
HeapFree
GetVersionExW
CopyFileW
Sleep
OpenProcess
GetModuleHandleW
QueryPerformanceCounter
FindResourceW
GetTempFileNameW
GetDateFormatW
GetEnvironmentVariableW
HeapQueryInformation
HeapSize
HeapReAlloc
GetModuleFileNameA
HeapAlloc
LoadLibraryW
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
DecodePointer
GetCurrentThreadId
TlsFree
GetProcAddress
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
IsProcessorFeaturePresent
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
ExitProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
HeapValidate
IsBadReadPtr
HeapCreate
WriteFile
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
FlushFileBuffers

gdi32

GetCharWidthW
SetTextColor
CreateBitmap
GetClipBox

user32

GetWindowRect
DrawTextW
DialogBoxIndirectParamW
CallNextHookEx
EnumWindows
GetClassInfoExW
GetForegroundWindow
CreateDialogIndirectParamW
GetWindowLongW
ReleaseDC
GetDesktopWindow
CreatePopupMenu
GetSysColorBrush
DefWindowProcW
DispatchMessageW
GetClientRect

comctl32

ImageList_GetImageCount
ImageList_EndDrag
ImageList_Create
ImageList_GetIcon
ImageList_DragEnter

comdlg32

GetSaveFileNameW
FindTextW
GetOpenFileNameW

netapi32

NetGetAnyDCName
NetApiBufferFree
NetWkstaSetInfo

secur32

FreeContextBuffer
InitializeSecurityContextW

Sections

.text
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 686KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0298153bdaf951e5c0155c0ece1267ff

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

user32

comctl32

comdlg32

netapi32

secur32

Sections

.text Size: 215KB - Virtual size: 215KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 29KB - Virtual size: 686KB

.rsrc Size: 33KB - Virtual size: 33KB

.text
Size: 215KB - Virtual size: 215KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 29KB - Virtual size: 686KB

.rsrc
Size: 33KB - Virtual size: 33KB