78ec7b0dc13ba992ee3af57b3d344464_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

78ec7b0dc13ba992ee3af57b3d344464_JaffaCakes118
Size

208KB
MD5

78ec7b0dc13ba992ee3af57b3d344464
SHA1

b55b89677dcc4b20b66e98a8cc4160785a59ad0d
SHA256

0658862fc2cd39f428e75849a0af8ad2cc3b39af263e64ac802de137df7cb01f
SHA512

4fd1cc006a32668d0c79d727faa1abf31a46569d8cfde9e08575b9db1f3e5536876b20ffef6604893af9ab44b19c30f860322112797d07e45d6e97736065fd4e
SSDEEP

3072:+Zpz+taxfVu5A9xcUYg1MDAwi1perljFXie/BYpMXXe3q:+/zsKl9xyg1MDA1per3Xayb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78ec7b0dc13ba992ee3af57b3d344464_JaffaCakes118

Files

78ec7b0dc13ba992ee3af57b3d344464_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b946646a385fd54bf0d8483b1146e14e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Optical\T&L\erg\LineItem\MyPrce.pdb

Imports

kernel32

IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
HeapSize
CloseHandle
lstrcpyA
GetModuleHandleA
LoadLibraryA
GetPrivateProfileStringA
GetProcAddress
GetLastError
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
GetStdHandle
WriteFile
CreateFileA
HeapAlloc
InterlockedDecrement
GetCurrentThreadId
GetExitCodeProcess
Sleep
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
ExitProcess
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
TlsGetValue
TlsAlloc

user32

GetSystemMetrics
DispatchMessageA
EndDialog
GetDlgItem
FindWindowA
CreateWindowExW
MessageBoxW
LoadCursorA
SetScrollInfo
RegisterClassA
GetSysColorBrush
DestroyWindow
GetMessageA
ScreenToClient
LoadBitmapA
LoadIconA
DrawIcon
SendMessageA
SetScrollRange
GetIconInfo
GetDC
TranslateMessage
ChildWindowFromPoint
RegisterClassExW
OffsetRect
SetWindowLongA
GetWindowLongA
CreateWindowExA
SetScrollPos
ReleaseDC

gdi32

BitBlt
SetTextColor
DeleteDC
CreateDIBSection
SetBkColor
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
GetObjectA
CreateSolidBrush
EnumFontsA

comdlg32

CommDlgExtendedError
ChooseColorA
GetSaveFileNameA

advapi32

StartServiceA
CloseServiceHandle
RegisterServiceCtrlHandlerA
RegCloseKey
OpenSCManagerA
SetServiceStatus
RegOpenKeyExA
RegCreateKeyExA
EnumServicesStatusExA
OpenServiceA

shell32

SHGetFolderPathA
SHGetFileInfoW

odbc32

ord239
ord240
ord238

winscard

SCardConnectA
g_rgSCardT1Pci
SCardEstablishContext
SCardFreeMemory
SCardTransmit
SCardDisconnect
SCardReleaseContext

iphlpapi

NotifyAddrChange

shlwapi

SHQueryValueExW

comctl32

InitCommonControlsEx
ord17

pdh

PdhBrowseCountersA

gdiplus

GdiplusStartup

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b946646a385fd54bf0d8483b1146e14e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

odbc32

winscard

iphlpapi

shlwapi

comctl32

pdh

gdiplus

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 5KB - Virtual size: 11KB

.rsrc Size: 110KB - Virtual size: 110KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 5KB - Virtual size: 11KB

.rsrc
Size: 110KB - Virtual size: 110KB

.reloc
Size: 7KB - Virtual size: 6KB