24c8a6583c85ef6d5f81cc0d38865afe_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

24c8a6583c85ef6d5f81cc0d38865afe_JaffaCakes118
Size

588KB
MD5

24c8a6583c85ef6d5f81cc0d38865afe
SHA1

c009057231b6d0113de2a679a7ddc57d919cd93a
SHA256

06f15774c8f2441ffa6a9f1a5b9a21674be24c36b321b3579c7b8f44300ebd64
SHA512

6b5af72dffb586bbe07c4a0ac430a3b66803d30a4c99329ea513d42ba0ec0b435f891e6acb41b7da51c305a06697b29b6bf86e08b1b4ba152abbc83ead4cde9c
SSDEEP

12288:TKRQ+n7yRGiTu06MK8YQ456Kz6IG0xUYEQu/7Elgqm1G:YyIR7MKNQ45z6y95ugKf1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24c8a6583c85ef6d5f81cc0d38865afe_JaffaCakes118

Files

24c8a6583c85ef6d5f81cc0d38865afe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

911f64fe1295b372402669ebb18c38f7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\aea\teeiesbegl.pdb

Imports

kernel32

EnterCriticalSection
GetSystemTimeAsFileTime
GetStringTypeA
GetLocaleInfoA
CreateRemoteThread
GetEnvironmentStrings
SetVolumeLabelA
GetCommandLineA
LoadLibraryA
GetCommandLineW
VirtualProtect
GetSystemInfo
CompareStringW
FileTimeToSystemTime
IsBadReadPtr
GetDateFormatA
EnumDateFormatsA
QueryPerformanceCounter
OutputDebugStringA
SetConsoleCtrlHandler
WriteFile
RtlUnwind
IsBadWritePtr
HeapValidate
GetStringTypeW
CompareStringA
ExitProcess
GetTimeZoneInformation
GetLastError
WaitForSingleObject
SetFilePointer
IsValidCodePage
GetProcAddress
UnhandledExceptionFilter
FreeEnvironmentStringsW
TlsFree
MultiByteToWideChar
SetCriticalSectionSpinCount
GetACP
GetModuleFileNameA
ReadFile
GetModuleHandleA
FlushFileBuffers
FindResourceExW
GetVersionExA
GetUserDefaultLCID
LCMapStringA
CreateMutexA
GetProcessShutdownParameters
EnumSystemLocalesA
FindNextChangeNotification
HeapReAlloc
TerminateProcess
HeapAlloc
SetStdHandle
GetStartupInfoA
WideCharToMultiByte
SetHandleCount
VirtualQuery
GetStartupInfoW
InterlockedIncrement
GetLocaleInfoW
GetOEMCP
LCMapStringW
GetLogicalDriveStringsW
HeapDestroy
GetStdHandle
GetConsoleScreenBufferInfo
GetFileSize
TlsGetValue
VirtualAlloc
GetTempPathW
SetConsoleTitleW
FreeEnvironmentStringsA
LeaveCriticalSection
GetThreadPriorityBoost
DebugBreak
LoadLibraryExW
TlsAlloc
GetModuleFileNameW
GetCurrentThreadId
GetCurrentProcess
InitializeCriticalSection
GetCurrentProcessId
IsValidLocale
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
TlsSetValue
HeapFree
OpenMutexA
VirtualFree
SetEnvironmentVariableA
GetCPInfo
GetFileType
DeleteCriticalSection
InterlockedExchange
GetTimeFormatA
GetTickCount
GetThreadLocale
SetLastError
CloseHandle
InterlockedDecrement
GetEnvironmentStringsW
GetPrivateProfileStringW
GetCurrentThread
GetLogicalDrives
HeapCreate

user32

ShowWindow
CreateWindowExW
GetMenuStringA
GetMenuInfo
MessageBoxW
DefWindowProcW
ShowWindowAsync
InSendMessage
RegisterClassExA
GetKeyboardLayout
CharNextW
IsWindowUnicode
DlgDirListComboBoxW
RegisterClassA
DdeAccessData
EnumDisplayDevicesA
DdeCreateDataHandle
CreateDialogParamW
PeekMessageW
GetDoubleClickTime
MapWindowPoints
DestroyWindow
SetMessageQueue
GetClassNameW
ChangeMenuA
RegisterClassExW
SetClassLongW
FlashWindowEx
CreateIconFromResource

advapi32

LookupAccountSidA
RegOpenKeyA
CryptReleaseContext
LookupPrivilegeDisplayNameW
RegDeleteValueW
RegOpenKeyExW
CryptGenRandom
CryptSetProvParam
CryptAcquireContextA
CryptSignHashA
RegSetValueExA
RegEnumKeyW
CryptDestroyKey
RegSaveKeyW
LookupPrivilegeDisplayNameA
LookupPrivilegeValueA
LookupPrivilegeValueW
DuplicateTokenEx
RegQueryValueW

comctl32

ImageList_Read
ImageList_Draw
DrawStatusTextW
ImageList_GetImageInfo
ImageList_DrawIndirect
InitCommonControlsEx
ImageList_SetFlags
ImageList_Replace
ImageList_Merge
InitMUILanguage
CreatePropertySheetPage
ImageList_DragLeave
ImageList_SetIconSize
DrawStatusText
ImageList_SetOverlayImage

Sections

.text
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

911f64fe1295b372402669ebb18c38f7

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

comctl32

Sections

.text Size: 196KB - Virtual size: 192KB

.rdata Size: 260KB - Virtual size: 257KB

.data Size: 112KB - Virtual size: 131KB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 196KB - Virtual size: 192KB

.rdata
Size: 260KB - Virtual size: 257KB

.data
Size: 112KB - Virtual size: 131KB

.rsrc
Size: 16KB - Virtual size: 15KB