0d99c3c370d28b306cc9212119da4835_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0d99c3c370d28b306cc9212119da4835_JaffaCakes118
Size

612KB
MD5

0d99c3c370d28b306cc9212119da4835
SHA1

32e54acb19b0dfdcb1cccf0428194fc874dbd304
SHA256

f192f9d866f9d3a433aa41f7cc7c155298a3137293d2bbd7135c944a04f8c32f
SHA512

1120535bee04fe3e7db58aee314fc453c0988737a56f3aaa1b495f6ad9df4434ee82eff3ef18b15cf912d1165cd4780936a15965d1cb2f8d9135688656f880ec
SSDEEP

12288:m491uyxmQoV5q8AdrJUNXzjhX0K4a+XVHnaycSbR0:m4aWmT5pArJUphX0KOHVbR0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d99c3c370d28b306cc9212119da4835_JaffaCakes118

Files

0d99c3c370d28b306cc9212119da4835_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2bd262e8d1b7787fcc9f7aad842d8123

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\izft\olcilseuax.pdb

Imports

comctl32

DrawStatusTextW
ImageList_SetIconSize
DestroyPropertySheetPage
ImageList_Draw
ImageList_SetImageCount
InitCommonControlsEx
MakeDragList
ImageList_AddIcon
ImageList_Create
DrawInsert
ImageList_DrawEx

shell32

ShellAboutW
SHInvokePrinterCommandA
ExtractIconW
SHFileOperationW

user32

ShowWindow
DefWindowProcW
RegisterClassExA
RegisterClassA
DestroyWindow
MonitorFromRect
CopyAcceleratorTableA
MessageBoxW
CreateWindowExW

wininet

FtpCreateDirectoryA
FreeUrlCacheSpaceA
InternetShowSecurityInfoByURL
InternetDialW
FtpGetFileSize
FindFirstUrlCacheContainerA

advapi32

LookupPrivilegeNameA

kernel32

GetTickCount
GetCommandLineA
GetCurrentProcessId
FlushFileBuffers
TlsGetValue
InitializeCriticalSection
SetFilePointer
EnterCriticalSection
GetLastError
DeleteCriticalSection
InterlockedDecrement
CreateMutexA
GetStartupInfoA
UnhandledExceptionFilter
HeapReAlloc
TlsAlloc
InterlockedIncrement
HeapFree
TlsFree
GetCPInfo
SetHandleCount
GetFullPathNameA
GetModuleHandleA
GetOEMCP
RtlUnwind
GetEnvironmentStringsW
IsValidLocale
QueryPerformanceCounter
GetStringTypeW
lstrcmpi
CompareStringW
GetCurrentThread
TerminateProcess
LCMapStringA
EnumSystemLocalesA
GetSystemTimeAsFileTime
GetModuleFileNameW
HeapAlloc
LoadLibraryA
GetFileType
GetCurrentProcess
GetLocaleInfoA
HeapValidate
WriteFile
VirtualProtect
MultiByteToWideChar
GetModuleFileNameA
VirtualFree
GetCommandLineW
HeapCreate
CloseHandle
IsValidCodePage
SetLastError
OutputDebugStringA
GetVersionExA
EnumSystemCodePagesW
SetStdHandle
GetStringTypeA
IsBadWritePtr
HeapDestroy
TlsSetValue
CompareStringA
FreeEnvironmentStringsA
GetTimeFormatA
OpenMutexA
SetConsoleCtrlHandler
InterlockedExchange
DebugBreak
GetStartupInfoW
LCMapStringW
VirtualQuery
WideCharToMultiByte
LeaveCriticalSection
ExitProcess
IsBadReadPtr
GetLocaleInfoW
FreeEnvironmentStringsW
GetStdHandle
ReadFile
GetACP
SetEnvironmentVariableA
GetProcAddress
GetCurrentThreadId
FileTimeToLocalFileTime
GetDateFormatA
GetUserDefaultLCID
GetSystemInfo
GetTimeZoneInformation
VirtualAlloc
GetEnvironmentStrings

Sections

.text
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2bd262e8d1b7787fcc9f7aad842d8123

Headers

File Characteristics

PDB Paths

Imports

comctl32

shell32

user32

wininet

advapi32

kernel32

Sections

.text Size: 412KB - Virtual size: 412KB

.rdata Size: 57KB - Virtual size: 71KB

.data Size: 115KB - Virtual size: 114KB

.rsrc Size: 27KB - Virtual size: 26KB

.text
Size: 412KB - Virtual size: 412KB

.rdata
Size: 57KB - Virtual size: 71KB

.data
Size: 115KB - Virtual size: 114KB

.rsrc
Size: 27KB - Virtual size: 26KB