05e3a387c40b10e8a8f7e4bea64b9f18_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

05e3a387c40b10e8a8f7e4bea64b9f18_JaffaCakes118
Size

478KB
MD5

05e3a387c40b10e8a8f7e4bea64b9f18
SHA1

092859dec32612d7284049f307962a0731f04a64
SHA256

a0fe8048c5618227a1a85f12a34dcbd3296f539e596a6a25e15615455f8ef603
SHA512

3e7d06fa04bfaca69bac3dbbe93773e92ba968a619087db8bd80d8a2c3f5d352f9a363d742f175606dcad9d06066c69cb882233ae9c4ba69d08c8e9f7d26c4aa
SSDEEP

12288:2SDzozC3V34eZA3OKFCs5h/nQIVpAReXGUpJ7XRNtb:2ozozC3meZA3os5hfQIceWUpdXrtb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05e3a387c40b10e8a8f7e4bea64b9f18_JaffaCakes118

Files

05e3a387c40b10e8a8f7e4bea64b9f18_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2d743e4f260011d9df2b2ab54bbd346a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\voew\jert\hcosfdz\eqe.pdb

Imports

advapi32

CryptVerifySignatureW

user32

SetWindowsHookA
GetMenuState
RegisterClassA
ChangeClipboardChain
ModifyMenuW
MsgWaitForMultipleObjectsEx
RegisterClassExA
SystemParametersInfoA
DestroyWindow
FrameRect
EnableScrollBar
CreatePopupMenu
GetWindowTextLengthW
EqualRect

comctl32

InitCommonControlsEx

kernel32

HeapAlloc
TlsAlloc
GetTickCount
SetLastError
GetCPInfo
GetCurrentThreadId
GetCurrentProcessId
TlsGetValue
GetVersionExA
IsBadWritePtr
IsValidLocale
TlsSetValue
OpenMutexA
GetProcAddress
LeaveCriticalSection
WideCharToMultiByte
FreeEnvironmentStringsA
GetCommandLineA
IsValidCodePage
FlushFileBuffers
GetCommandLineW
GetStdHandle
lstrcmpi
GetEnvironmentStrings
CompareStringW
GetTimeZoneInformation
VirtualProtect
GetProfileStringW
GetACP
GetConsoleCP
HeapCreate
EnterCriticalSection
CompareStringA
SetStdHandle
GetStringTypeW
SetEnvironmentVariableA
GetProfileSectionW
CreateMutexA
GetModuleHandleA
MultiByteToWideChar
GetStartupInfoW
GetOEMCP
HeapSize
LCMapStringA
GetLocaleInfoW
GetDateFormatA
HeapFree
VirtualFree
FreeEnvironmentStringsW
GetLocaleInfoA
QueryPerformanceCounter
GetSystemInfo
TlsFree
ReadFile
SetFilePointer
DeleteCriticalSection
GetCurrentProcess
InitializeCriticalSection
GetFileType
LoadLibraryA
GetModuleFileNameW
GetModuleFileNameA
UnhandledExceptionFilter
CloseHandle
GetSystemTimeAsFileTime
GetStringTypeA
ExitProcess
RtlUnwind
GetCurrentThread
VirtualQuery
GetEnvironmentStringsW
GetTimeFormatA
TerminateProcess
HeapDestroy
WriteFile
EnumSystemLocalesA
GetLastError
GetStartupInfoA
VirtualAlloc
HeapReAlloc
InterlockedExchange
GetUserDefaultLCID
SetHandleCount
LCMapStringW

gdi32

SetWorldTransform
ResetDCW
BitBlt
WidenPath
InvertRgn
GetRandomRgn
GetDIBColorTable
CreateICW
SetWindowExtEx
GetEnhMetaFilePaletteEntries
SetDIBColorTable
GdiFlush
ResetDCA
CloseFigure
ExtFloodFill
ExtCreateRegion
GetPixelFormat
GetOutlineTextMetricsA
GetGlyphOutlineA
GetWindowOrgEx
GetTextExtentPointW
ExcludeClipRect
EnumICMProfilesA

shell32

RealShellExecuteExW
SHLoadInProc

Sections

.text
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d743e4f260011d9df2b2ab54bbd346a

Headers

File Characteristics

PDB Paths

Imports

advapi32

user32

comctl32

kernel32

gdi32

shell32

Sections

.text Size: 294KB - Virtual size: 294KB

.rdata Size: 62KB - Virtual size: 83KB

.data Size: 102KB - Virtual size: 101KB

.rsrc Size: 19KB - Virtual size: 18KB

.text
Size: 294KB - Virtual size: 294KB

.rdata
Size: 62KB - Virtual size: 83KB

.data
Size: 102KB - Virtual size: 101KB

.rsrc
Size: 19KB - Virtual size: 18KB