24683db3d75925b8c0f4721422f438cb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

24683db3d75925b8c0f4721422f438cb_JaffaCakes118
Size

549KB
MD5

24683db3d75925b8c0f4721422f438cb
SHA1

76c79bc6b155dc18b661d3c5be198d1734e9c02a
SHA256

ce19149eb3949979b0849a274141aa7c399d5d02e295b50078fbdbb35654e83a
SHA512

6006193e01e7d19baee0a9babb1f9fa0d7628320438d3af37076e6eb966778be758d9c02005ff92a3a758d3ff374df46a12f365bbdf2f81c09671d6fb501753d
SSDEEP

12288:UOprBzd+XuLiNqlmu4/ZJi9HXLrmFn8Ajusz+xwMrE:UoyqlleJi93m1hx+zrE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24683db3d75925b8c0f4721422f438cb_JaffaCakes118

Files

24683db3d75925b8c0f4721422f438cb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1ee9cc2fd61a8f47eedab6bb560c5dd2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\usaaqunbe.pdb

Imports

shell32

SHBrowseForFolderA
ExtractAssociatedIconExA
DragQueryPoint
RealShellExecuteW
CommandLineToArgvW

kernel32

RtlUnwind
FlushFileBuffers
Sleep
GetProcAddress
GetCommandLineA
CreateMutexA
CommConfigDialogW
GetFileType
WideCharToMultiByte
TerminateProcess
GetTempPathW
LCMapStringW
GetCurrentProcessId
ReadFile
SetStdHandle
SetFileAttributesA
WriteConsoleInputA
HeapReAlloc
SetEnvironmentVariableA
GetVersionExA
LeaveCriticalSection
IsValidLocale
GetCPInfo
GetOEMCP
GetDateFormatA
FreeEnvironmentStringsW
GetEnvironmentStringsW
InterlockedExchange
GetStartupInfoA
GetTickCount
GetNamedPipeInfo
lstrcatW
TlsFree
GetPrivateProfileStructA
GetStringTypeA
GetStdHandle
GetModuleHandleA
InitializeCriticalSection
SetHandleCount
MultiByteToWideChar
GetTimeFormatA
VirtualAlloc
GetCurrentThread
HeapDestroy
HeapAlloc
HeapCreate
CompareStringW
OpenMutexA
GetSystemTimeAsFileTime
InterlockedDecrement
FindAtomW
CompareStringA
GetTimeZoneInformation
EnterCriticalSection
VirtualFree
EnumResourceLanguagesA
SetFilePointer
IsValidCodePage
GetModuleFileNameA
lstrlenW
FreeEnvironmentStringsA
IsBadWritePtr
WriteFile
GetCurrentProcess
VirtualQuery
HeapSize
VirtualProtect
ExitProcess
GetCurrentThreadId
GetSystemInfo
TlsGetValue
GetUserDefaultLCID
UnhandledExceptionFilter
CloseHandle
GetEnvironmentStrings
GetShortPathNameA
GetStringTypeW
EnumSystemLocalesA
GetLocaleInfoA
LockResource
LCMapStringA
AllocConsole
DeleteCriticalSection
SetConsoleTextAttribute
TlsSetValue
DeleteAtom
GetLocaleInfoW
FindNextFileA
QueryPerformanceCounter
GetLastError
TlsAlloc
LoadLibraryA
HeapFree
SetLastError
GetACP

comdlg32

ChooseFontA
PrintDlgW
GetFileTitleA
PageSetupDlgW

user32

WindowFromDC
RegisterClassA
LoadKeyboardLayoutA
SetWindowWord
GetSysColorBrush
ChildWindowFromPoint
MessageBoxA
ShowWindow
EnumDisplayDevicesA
RegisterClassExA
LoadCursorFromFileA
CreateWindowExW
IsRectEmpty
WINNLSGetIMEHotkey

advapi32

RegEnumKeyExA
CryptSetProviderA
CryptSetProviderW
CryptGetDefaultProviderW

comctl32

ImageList_SetIconSize
ImageList_LoadImageA
ImageList_Replace
ImageList_SetFlags
InitCommonControlsEx

Sections

.text
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ee9cc2fd61a8f47eedab6bb560c5dd2

Headers

File Characteristics

PDB Paths

Imports

shell32

kernel32

comdlg32

user32

advapi32

comctl32

Sections

.text Size: 314KB - Virtual size: 314KB

.rdata Size: 78KB - Virtual size: 96KB

.data Size: 112KB - Virtual size: 111KB

.rsrc Size: 43KB - Virtual size: 43KB

.text
Size: 314KB - Virtual size: 314KB

.rdata
Size: 78KB - Virtual size: 96KB

.data
Size: 112KB - Virtual size: 111KB

.rsrc
Size: 43KB - Virtual size: 43KB