0eb8467d4cb3e4c7a04409ba67ac0360_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0eb8467d4cb3e4c7a04409ba67ac0360_JaffaCakes118
Size

274KB
MD5

0eb8467d4cb3e4c7a04409ba67ac0360
SHA1

96e6ba4f69b34ad15601cdf320593f31546c204b
SHA256

b6928ada9b353108cb8fe31881ad6dbafc958187ca2ad80bcd9a7ba509339ddf
SHA512

718b6d17b15bad4d4ee35260a60b0d4af2a41f1d7fdb65372f78c28b94a419e69b4d976c3e93cb789178aa7e248b077abe73c98b76100d3600e0cd2ceb4d69d0
SSDEEP

6144:MbPiSudrfG5TyWylMUck2Vlax0i/be+F1Kp1EFGxkZ:MjiSud4yW8NcLaxBKCcUbZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0eb8467d4cb3e4c7a04409ba67ac0360_JaffaCakes118

Files

0eb8467d4cb3e4c7a04409ba67ac0360_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2fadfbd0d170bcf43ec3d41ac9552520

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\documents and settings\ijsd33\デスクトップ\egvb3\manualviewer\release\cmvdrv.pdb

Imports

kernel32

GetProcessHeap
HeapFree
GetCommandLineW
lstrcpyW
CreateMutexW
HeapSize
RtlUnwind
HeapAlloc
VirtualAlloc
InitializeCriticalSection
LoadLibraryA
GetLocaleInfoA
Sleep
CloseHandle
HeapReAlloc
ReleaseMutex
EnterCriticalSection
GetVersionExA
GetStartupInfoW
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW
LeaveCriticalSection

user32

ShowWindow
PostMessageW
GetMessageW
TranslateMessage
SetForegroundWindow
FindWindowW
DefWindowProcW
DispatchMessageW
UpdateWindow
PostQuitMessage
GetSystemMetrics
CreateWindowExW
RegisterClassExW
LoadCursorW

winspool.drv

OpenPrinterW
DocumentPropertiesW
SetPrinterW
ClosePrinter

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

shell32

CommandLineToArgvW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2fadfbd0d170bcf43ec3d41ac9552520

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

winspool.drv

advapi32

shell32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 72KB - Virtual size: 72KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 72KB - Virtual size: 72KB