7c4620b8f4d5bd8b8e73bb7a0f4307e4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

7c4620b8f4d5bd8b8e73bb7a0f4307e4_JaffaCakes118
Size

397KB
MD5

7c4620b8f4d5bd8b8e73bb7a0f4307e4
SHA1

dbd4085892e5d0a4c27d3f539718f88949aa89bd
SHA256

209a5f8bceb242a0ed4a94d90dd6aa97dad76b93e7d6dfa021a46d3fda528e60
SHA512

010b08dcfda55d3a873e854001625a7043f600bc3a45c452f1617ec8ea9e944259fb65875ab19e4ec6ad2ff95b6079fd78b1ad5b364882d359365959b80e2202
SSDEEP

6144:hCd7HxK7FmNeDBGw4hwrW33o2E3m3sQ+O/2MGbBEbr+K4cPOxAfQed3CoD1drsgv:0o2gm3sQVxGlEb2KOKQUfrsgBj3eUeU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
7c4620b8f4d5bd8b8e73bb7a0f4307e4_JaffaCakes118

Files

7c4620b8f4d5bd8b8e73bb7a0f4307e4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7d9b1b19907cf4fdfc167c9f2eb4f4bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

R:\shared\conscious\reconfiguratio.pdb

Imports

kernel32

GetCurrentThreadId
GetCurrentProcessId
lstrcpyA
CloseHandle
CreateFileW
IsProcessorFeaturePresent
HeapReAlloc
WriteConsoleW
SetStdHandle
HeapSize
LoadLibraryW
RtlUnwind
GetStringTypeW
LCMapStringW
Sleep
HeapFree
LeaveCriticalSection
GetConsoleMode
GetConsoleCP
SetFilePointer
RaiseException
GetSystemTimeAsFileTime
QueryPerformanceCounter
HeapCreate
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetModuleFileNameW
GetStdHandle
WriteFile
LoadLibraryA
FindClose
GetProcAddress
GetLastError
FindFirstFileA
lstrlenW
lstrcatA
WideCharToMultiByte
MultiByteToWideChar
GlobalAlloc
GetTickCount
HeapAlloc
lstrlenA
SetLastError
GetModuleHandleW
TlsFree
TlsSetValue
FlushFileBuffers
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
EnterCriticalSection
ExitProcess
InterlockedDecrement
InterlockedIncrement
GetCPInfo
EncodePointer
DecodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
HeapSetInformation
GetCommandLineA

user32

CopyRect
DrawFrameControl
SetWindowTextA
GetSystemMetrics
DefMDIChildProcA
ShowScrollBar
IsDlgButtonChecked
CreatePopupMenu
ClientToScreen
GetWindowRect
GetWindowDC
DrawTextA
GetFocus
IsWindowEnabled
ShowWindow
SendMessageA
BeginPaint
GetClientRect
GetWindowTextA
TrackPopupMenuEx
CreateWindowExA
ReleaseDC
GetDlgItem
EndDialog
DefWindowProcA
GetCursorPos

gdi32

DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateRectRgn

advapi32

AddAccessAllowedAce

shell32

SHGetFolderPathW

comctl32

ord17

gdiplus

GdipCreateBitmapFromFile
GdipDisposeImage
GdipCreateHBITMAPFromBitmap

uxtheme

DrawThemeBackground

powrprof

GetPwrCapabilities

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 211KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.flat
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ddata
Size: 512B - Virtual size: 481B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d9b1b19907cf4fdfc167c9f2eb4f4bb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

comctl32

gdiplus

uxtheme

powrprof

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 211KB - Virtual size: 218KB

.flat Size: 7KB - Virtual size: 6KB

.edata Size: 1KB - Virtual size: 1KB

.ddata Size: 512B - Virtual size: 481B

.rsrc Size: 90KB - Virtual size: 90KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 211KB - Virtual size: 218KB

.flat
Size: 7KB - Virtual size: 6KB

.edata
Size: 1KB - Virtual size: 1KB

.ddata
Size: 512B - Virtual size: 481B

.rsrc
Size: 90KB - Virtual size: 90KB

.reloc
Size: 8KB - Virtual size: 8KB