006f0fbb304c3ac433f1655617dfa6e3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

006f0fbb304c3ac433f1655617dfa6e3_JaffaCakes118
Size

529KB
MD5

006f0fbb304c3ac433f1655617dfa6e3
SHA1

2c4b0126db7bdb4cc6abedaea8b66c1d8073c83f
SHA256

2fc6b782937b50ec84ca46d13375870e48244da41a23940a52d50c16b324e0f0
SHA512

15a0993a357c78af3f1adbd384a7e0e16df9db76af959671447b74d8c902197c18ce979d575f27331587a0661d9ff4aaf97194f41c18307ba1132664495892f1
SSDEEP

12288:Py7F2GxydGWeSfOjyhPdioYMTDX++67u+BeRWWWj5DY1WVey:IFTxydGWeSGjyoqX++67Z6WWWdDRVH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
006f0fbb304c3ac433f1655617dfa6e3_JaffaCakes118

Files

006f0fbb304c3ac433f1655617dfa6e3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1da2074158be22dde67b50cf11ac67da

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\geaedsl\wooeb\ywjosd\eeb\dhse\xyrwue.PDB

Imports

comctl32

CreateStatusWindowA
CreateToolbarEx
CreatePropertySheetPage
InitMUILanguage
ImageList_GetDragImage
ImageList_LoadImageA
ImageList_SetFilter
ImageList_BeginDrag
CreatePropertySheetPageW
ImageList_AddMasked
MakeDragList
InitCommonControlsEx
CreateUpDownControl

kernel32

HeapAlloc
GetTimeZoneInformation
MultiByteToWideChar
GetModuleFileNameA
EnterCriticalSection
InterlockedIncrement
GetProfileIntA
InterlockedDecrement
CloseHandle
ReadFile
CompareStringA
GetEnvironmentVariableA
GetExitCodeProcess
VirtualQuery
GetLastError
VirtualFree
SetFilePointer
GetStringTypeW
GetSystemTime
HeapReAlloc
SetHandleCount
CreateMutexA
GetSystemInfo
GetCommandLineA
UnhandledExceptionFilter
FreeEnvironmentStringsW
EnumSystemCodePagesA
TerminateProcess
GetComputerNameW
GetLocalTime
SetLastError
InterlockedExchange
DeleteCriticalSection
lstrcpyW
GetCommandLineW
IsBadWritePtr
TlsAlloc
FlushConsoleInputBuffer
GetProcAddress
OpenFile
ReadConsoleOutputW
WriteFile
GetEnvironmentStrings
OpenMutexA
LCMapStringW
WideCharToMultiByte
FreeEnvironmentStringsA
GetCurrentProcess
GetVersion
GetEnvironmentStringsW
TlsSetValue
GetStdHandle
GetFileType
GetCurrentThread
ExitProcess
GetModuleHandleA
GetSystemTimeAsFileTime
CopyFileA
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
HeapFree
GetModuleFileNameW
GetStartupInfoA
LeaveCriticalSection
GetCurrentThreadId
SetEnvironmentVariableA
LCMapStringA
TlsFree
RtlUnwind
HeapDestroy
GetStringTypeA
FoldStringW
MoveFileA
LoadLibraryA
SetStdHandle
CompareStringW
InitializeCriticalSection
VirtualAlloc
GetTickCount
TlsGetValue
FlushFileBuffers
HeapCreate
GetCPInfo

user32

MessageBoxA
ShowWindow
RegisterClassExA
RegisterClassA
DefWindowProcA
DestroyWindow
FlashWindowEx
GetWindowLongW
CreateWindowExA

Sections

.text
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1da2074158be22dde67b50cf11ac67da

Headers

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

Sections

.text Size: 364KB - Virtual size: 364KB

.rdata Size: 31KB - Virtual size: 37KB

.data Size: 102KB - Virtual size: 101KB

.rsrc Size: 31KB - Virtual size: 30KB

.text
Size: 364KB - Virtual size: 364KB

.rdata
Size: 31KB - Virtual size: 37KB

.data
Size: 102KB - Virtual size: 101KB

.rsrc
Size: 31KB - Virtual size: 30KB