1a069c14be5f8883781d9081b096853d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1a069c14be5f8883781d9081b096853d_JaffaCakes118
Size

540KB
MD5

1a069c14be5f8883781d9081b096853d
SHA1

6908a3ca2f7ed0e758ca3945f0b6fb15286094f0
SHA256

e6f7c71e26dba912515cacf7d97d2119005352807955b6f6eaecf2f32d138831
SHA512

e1d75481037c74cb79b21f4de705f1c43df7925892fec9eb38c8e2ec2ec7f05de524a6e4e5817e8b5add8e9abf445fbc5688cb23ca5d73490e20e064dcb63327
SSDEEP

12288:Rk/l/ix1kWQVGtc+9BUHRj3fPAApIAg/ZzYXNuPBJmXq:O0LnLQLfPAApIrhJDm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a069c14be5f8883781d9081b096853d_JaffaCakes118

Files

1a069c14be5f8883781d9081b096853d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a22b5f4d4ae71c6203e62959ceb85377

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Dev\Sdk\MiscProjects\c2e_stub_ppclean\Utility\UpdateBuilder\cab2exe\updStub\Release\orig-stub.pdb

Imports

kernel32

SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
FreeLibrary
GetProcAddress
LoadLibraryA
FlushFileBuffers
WriteFile
GetCurrentThreadId
GetLocalTime
GetModuleFileNameA
GetStdHandle
SetFilePointer
OutputDebugStringA
GetExitCodeProcess
WaitForSingleObject
LocalFree
FormatMessageA
GetLastError
CreateProcessA
FindNextFileA
DeleteFileA
CloseHandle
RemoveDirectoryA
FindFirstFileA
SetCurrentDirectoryA
GetVersionExA
GetTempPathA
Sleep
GetCurrentDirectoryA
GetWindowsDirectoryA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CopyFileA
DeviceIoControl
MultiByteToWideChar
IsDBCSLeadByte
GetSystemDirectoryA
SetLastError
FlushViewOfFile
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
CreateDirectoryA
CreateFileA
FindClose
GetFileSize
GetLocaleInfoA
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
SetConsoleCtrlHandler
CompareStringA
VirtualQuery
GetSystemInfo
VirtualProtect
HeapAlloc
HeapFree
RtlUnwind
GetFileAttributesA
GetCurrentProcessId
ExitProcess
GetModuleHandleA
TerminateProcess
GetCurrentProcess
ReadFile
GetFileType
GetStartupInfoA
GetCommandLineA
GetFullPathNameA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetStdHandle
SetHandleCount
GetACP
GetOEMCP
GetCPInfo
WideCharToMultiByte
SetEndOfFile
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetDriveTypeA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
VariantClear

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a22b5f4d4ae71c6203e62959ceb85377

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

oleaut32

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 8KB - Virtual size: 4KB