246fcd580e863b9f108628fe5c32e70c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

246fcd580e863b9f108628fe5c32e70c_JaffaCakes118
Size

610KB
MD5

246fcd580e863b9f108628fe5c32e70c
SHA1

f75f4e7bbac98d161f05a63044ac188248c701c2
SHA256

dadb05afa5257dfe85360fbc4ab9f5d0c43856380c8524b53800c9db4eb8cbd6
SHA512

2495584bb548c2c2ea2bbaac94143eddf53bc7eb37b64c52d9f323a9ec7be2ef97730c9783ba40957f43035064844c4ccf8aec990efe65f4d878b16fea880f1b
SSDEEP

12288:6wNkDKxero7mdjB432BsPF0uQAu+bwnOMZUO:lkFrDdV43iGF0bAu8wnFZU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
246fcd580e863b9f108628fe5c32e70c_JaffaCakes118

Files

246fcd580e863b9f108628fe5c32e70c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e672554be3158bce6ea6727fadf11e48

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\ctfsewveii\rgwcm.pdb

Imports

advapi32

CryptGenKey
CryptDecrypt
LookupAccountSidA
RegSaveKeyA
LogonUserA

kernel32

LCMapStringW
GetCPInfo
DeleteCriticalSection
SetHandleCount
GetTickCount
SetStdHandle
GetCurrentThread
GetStringTypeA
LoadLibraryA
GetPrivateProfileSectionNamesW
TlsGetValue
lstrcmpi
GetLogicalDriveStringsA
GetSystemTimeAsFileTime
InterlockedIncrement
HeapDestroy
GetLocalTime
GetSystemTime
SetEnvironmentVariableA
CloseHandle
FillConsoleOutputCharacterW
SetFilePointer
VirtualFree
WriteFile
HeapReAlloc
GetCurrentProcess
TerminateProcess
GetCommandLineA
GetStartupInfoA
OpenMutexA
GetModuleHandleA
GetEnvironmentStringsW
GetStdHandle
RtlUnwind
GetVersion
TlsAlloc
DebugBreak
GetTimeZoneInformation
GetModuleFileNameA
HeapCreate
VirtualAlloc
TlsFree
VirtualQuery
UnhandledExceptionFilter
CompareStringA
InterlockedDecrement
GetLastError
ExitProcess
GetModuleFileNameW
RtlZeroMemory
GetCurrentThreadId
GetProcAddress
GetCurrentProcessId
SetThreadPriority
GetEnvironmentStrings
GetStartupInfoW
CreateMutexA
HeapAlloc
LCMapStringA
MultiByteToWideChar
ResetEvent
FlushFileBuffers
CompareStringW
GetFileType
RtlMoveMemory
IsBadWritePtr
QueryPerformanceCounter
FreeEnvironmentStringsW
TransmitCommChar
InitializeCriticalSection
InterlockedExchange
LocalSize
EnterCriticalSection
WideCharToMultiByte
HeapFree
FreeEnvironmentStringsA
SetLastError
TlsSetValue
LeaveCriticalSection
GetStringTypeW
GetCommandLineW
ReadFile

user32

DrawStateW
ClipCursor
RegisterClassExA
EnumClipboardFormats
DefWindowProcA
SendMessageTimeoutA
GetSystemMetrics
InSendMessageEx
CreateWindowExA
GetClassInfoW
DestroyWindow
RegisterClassA
MessageBoxW
EnableMenuItem
ShowWindow
LoadImageA
DdeQueryConvInfo

comctl32

InitCommonControlsEx
ImageList_Add
CreateStatusWindowW
ImageList_Merge
ImageList_SetIconSize
CreatePropertySheetPageA
ImageList_Copy
ImageList_LoadImageA
GetEffectiveClientRect
CreateToolbar
ImageList_DragShowNolock
MakeDragList
ImageList_ReplaceIcon
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DrawEx
ImageList_SetFlags
ImageList_LoadImageW
ImageList_AddIcon

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 251KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 189KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e672554be3158bce6ea6727fadf11e48

Headers

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

comctl32

Sections

.text Size: 129KB - Virtual size: 128KB

.rdata Size: 251KB - Virtual size: 256KB

.data Size: 189KB - Virtual size: 184KB

.rsrc Size: 40KB - Virtual size: 39KB

.text
Size: 129KB - Virtual size: 128KB

.rdata
Size: 251KB - Virtual size: 256KB

.data
Size: 189KB - Virtual size: 184KB

.rsrc
Size: 40KB - Virtual size: 39KB