002b668af924cbb76a8f90c95e667b10_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

002b668af924cbb76a8f90c95e667b10_JaffaCakes118
Size

1.0MB
MD5

002b668af924cbb76a8f90c95e667b10
SHA1

25a20fff3ba9a5ffa9dd57ed3fa4a8f735384b9e
SHA256

c3c31c4efbc4dfafbe42dfb5585eed8e7f6c5e24df8d571d157bdc83ad6f8f07
SHA512

9e584f255bc6ef85c9177ee2dd893f0458f21d6193e896add12ee524f28bd6aed8d4c9200e86f1173a040ad54b33d9a2935d66134e89ad125e0d29ba4d643932
SSDEEP

24576:2Ai2X2lnb+Y/qMgOUFITo1aSiR81JHBv/8JbHLmxP07oTrTaAM/yZ9hvS3ZZ2:i2X2ldiLFIsJ/D9hvSn2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
002b668af924cbb76a8f90c95e667b10_JaffaCakes118

Files

002b668af924cbb76a8f90c95e667b10_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f17d3e58592ea1a9113249a0d2cf01be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
CreateMutexW
ReleaseMutex
MulDiv
GetCurrentDirectoryW
SetCurrentDirectoryW
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
Sleep
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
WideCharToMultiByte
MultiByteToWideChar
RtlUnwind
RaiseException
GetVersion
ExitProcess
GetFileType
HeapFree
HeapAlloc
CreateFileA
DeleteFileA
HeapReAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
LCMapStringA
LCMapStringW
GetCPInfo
CompareStringA
CompareStringW
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
SetUnhandledExceptionFilter
GetTempPathW
GetCurrentProcess
HeapSize
GetProcAddress
GetModuleHandleA
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
SetStdHandle
SetEndOfFile
VirtualAlloc
IsBadWritePtr
FlushFileBuffers
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
LoadLibraryA
WaitForSingleObject
GetLocaleInfoW
GetACP
GetOEMCP
SetEnvironmentVariableA
GetTempFileNameW
CreateDirectoryW
GetLastError
DeleteFileW
SetFilePointer
ReadFile
WriteFile
GetFileAttributesExW
GetFileAttributesW
CreateFileW
TerminateProcess
CloseHandle

user32

ReleaseDC
FillRect
GetDC
wsprintfW

gdi32

SelectObject
CreateFontW
ExtCreatePen
GetTextExtentPoint32W
CreateDIBSection
SetDIBColorTable
GetStockObject
SetBkColor
SetBkMode
BeginPath
TextOutW
EndPath
StrokePath
SetTextColor
DeleteDC
DeleteObject
CreateSolidBrush
CreateCompatibleDC
GetDeviceCaps

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

Sections

.text
Size: 732KB - Virtual size: 729KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f17d3e58592ea1a9113249a0d2cf01be

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

Sections

.text Size: 732KB - Virtual size: 729KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 76KB - Virtual size: 86KB

.text Size: 152KB - Virtual size: 152KB

.text
Size: 732KB - Virtual size: 729KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 76KB - Virtual size: 86KB

.text
Size: 152KB - Virtual size: 152KB