2106f0bb796162b29f79dee5a2c1b92c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2106f0bb796162b29f79dee5a2c1b92c_JaffaCakes118
Size

502KB
MD5

2106f0bb796162b29f79dee5a2c1b92c
SHA1

675a8fbd9a5dcdd3c89654c5b34192d8e31053d8
SHA256

986f97bdeb878e6604e4714e84eef9f615bddad740e02110cb96738b57bf08b6
SHA512

2b368ccbc0c397f27f91e8998b6ddb304d82cfa1cbbfb9682e85b0bb9db761531e35d191b581e12709816773788b063a64c73f026e10fa830f389adecbd5c1ae
SSDEEP

12288:hRhyTTO5w7ZeyH0aNtQWVHYWtqjzqUArDy0Bib8hPQG5:/wFJLQWVHYFjzIBQ4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2106f0bb796162b29f79dee5a2c1b92c_JaffaCakes118

Files

2106f0bb796162b29f79dee5a2c1b92c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0aae4e78a851c0a7bae1cde067d38aea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\BuildSystem\Node\UICONTAINER_LI2150_6338258533801.Build\build\Win32\Release\McUICnt.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

FindFirstFileA
CreateFileA
GetFileSize
CreateMutexW
FindFirstFileW
SetFilePointer
WritePrivateProfileStructA
GetLocaleInfoA
VirtualQuery
InterlockedIncrement
MoveFileExW
InterlockedDecrement
CreateDirectoryW
WaitForSingleObject
InterlockedCompareExchange
OutputDebugStringW
GetWindowsDirectoryA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
Sleep
GetVersionExW
GetFileAttributesW
ReadFile
GetModuleFileNameW
CreateFileW
GetACP
MultiByteToWideChar
GetLastError
GetCurrentDirectoryW
GetThreadLocale
FindClose
GetPrivateProfileStringA
GetLocalTime
RemoveDirectoryW
GetPrivateProfileStructA
FindNextFileW
DeleteCriticalSection
GetShortPathNameW
GetCurrentThreadId
ReleaseMutex
CloseHandle
DeleteFileW
GetCurrentProcessId
SetFileAttributesW
GetModuleHandleW
GetCurrentProcess
GetTickCount
LeaveCriticalSection
GetProcAddress
EnterCriticalSection
GetVersionExA
GetCommandLineW
GlobalDeleteAtom
FindResourceExW
FindResourceW
FreeLibrary
LoadResource
SetEvent
LoadLibraryW
SizeofResource
LocalAlloc
LockResource
CreateEventW
GlobalGetAtomNameW
GlobalAddAtomW
LocalFree
CreateThread
SetLastError
GetShortPathNameA
lstrlenA
GetSystemDirectoryA
SystemTimeToFileTime
IsBadReadPtr
SetEnvironmentVariableA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
TlsSetValue
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
FreeEnvironmentStringsW
GetOEMCP
CompareStringW
CompareStringA
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetCPInfo
GetStartupInfoW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
ExitProcess
VirtualFree
HeapCreate
InterlockedExchange
LoadLibraryA
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
lstrlenW
VirtualProtect
VirtualAlloc
GetModuleHandleA
GetSystemInfo
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsFree

user32

UnregisterClassA
IsWindow
PostQuitMessage
LoadImageW
PostMessageW
GetDesktopWindow
SetWindowPos
GetSystemMetrics
SendMessageW
SetWindowTextW
DestroyIcon
GetMessageW
wsprintfW
SetPropW
TranslateMessage
GetWindowPlacement
BringWindowToTop
ShowWindow
FindWindowExW
GetPropW
DispatchMessageW
DestroyWindow
IsDialogMessageW
GetWindowLongW
SetWindowLongW
EndDialog
CreateDialogParamW
GetWindowRect

ole32

CoInitialize
CoUninitialize
CoInitializeEx

oleaut32

CreateStdDispatch
SysFreeString
SysStringByteLen
VariantChangeType
VariantInit
SysAllocStringByteLen
VariantCopy
CreateDispTypeInfo
VariantClear
SysAllocString
SysAllocStringLen

shlwapi

PathRemoveExtensionA
PathFileExistsW
PathStripPathA
PathRemoveFileSpecW
PathStripPathW
PathAppendW
SHGetValueW

wintrust

WinVerifyTrust

Sections

.text
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0aae4e78a851c0a7bae1cde067d38aea

Headers

File Characteristics

PDB Paths

Imports

version

kernel32

user32

ole32

oleaut32

shlwapi

wintrust

Sections

.text Size: 304KB - Virtual size: 303KB

.rdata Size: 52KB - Virtual size: 50KB

.data Size: 12KB - Virtual size: 19KB

.rsrc Size: 48KB - Virtual size: 45KB

.trdata Size: 76KB - Virtual size: 76KB

.text
Size: 304KB - Virtual size: 303KB

.rdata
Size: 52KB - Virtual size: 50KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 48KB - Virtual size: 45KB

.trdata
Size: 76KB - Virtual size: 76KB