24fbc4f890a4fbb7ec03aeac19740195_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

24fbc4f890a4fbb7ec03aeac19740195_JaffaCakes118
Size

385KB
MD5

24fbc4f890a4fbb7ec03aeac19740195
SHA1

6dd1eb6ebb83420419f20d6d21243e073168f37a
SHA256

cf2fb990bc19ae2aa208624576645117374c40009bdb42155fbfac5f08a9df0a
SHA512

0a5ec1802dfc19bfee09656c20ef14572a96d0887d0300dcd0990a8b79e781952fdd02e717316af2da64cdc00d89b11678d365f841ff8b04b87f34ef6319e611
SSDEEP

6144:NQ9N31ZXJe48mwCDrXdXDPBXLO1k/550VHcLpbaoqpeb5veAnAWoump0:m/1Z9Ma61U50VIpX5grDp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24fbc4f890a4fbb7ec03aeac19740195_JaffaCakes118

Files

24fbc4f890a4fbb7ec03aeac19740195_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5b6ac93befc15ab40ad7c795674b9379

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\onysso\lsaowkiz\boevopea\tmae.pdb

Imports

gdi32

SetPixelV
AddFontResourceW
CreateScalableFontResourceA
SetMapperFlags
StrokeAndFillPath
OffsetClipRgn
GetNearestPaletteIndex
SetRectRgn
GetCharWidth32A
GetKerningPairsW
Escape
GetCharWidthFloatW
CreatePolygonRgn
GdiPlayJournal
CopyEnhMetaFileW

comctl32

InitCommonControlsEx

user32

GetDesktopWindow
CharPrevExA
DrawIconEx
IsCharAlphaNumericW
LoadMenuIndirectA
BroadcastSystemMessageA
RegisterClassA
ScrollDC
FindWindowExW
CreateDialogParamA
CreateMDIWindowW
wvsprintfA
AppendMenuW
CloseWindowStation
TileWindows
ActivateKeyboardLayout
IsCharAlphaNumericA
RegisterClassExA
GetFocus
RemovePropW
GetListBoxInfo
SendIMEMessageExA
GetPropW
ShowWindowAsync
CreateIconFromResource
MonitorFromPoint

kernel32

HeapSize
GetModuleHandleA
InterlockedExchange
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
CompareStringA
HeapCreate
GetLocaleInfoA
GetStartupInfoA
GetCurrentThreadId
GetCommandLineA
GetCurrentProcess
GetModuleFileNameW
SetStdHandle
SetHandleCount
GetConsoleOutputCP
VirtualAlloc
RtlUnwind
GetStdHandle
FreeEnvironmentStringsW
GetStringTypeW
GetEnvironmentStringsW
CompareStringW
IsValidLocale
LCMapStringA
SetFilePointer
HeapDestroy
GetSystemTimeAsFileTime
LCMapStringW
HeapAlloc
ExitProcess
GetLastError
IsValidCodePage
SetLastError
TerminateProcess
CreateFileA
GetModuleHandleW
GetCommandLineW
TlsAlloc
TlsSetValue
LoadLibraryExW
GetACP
FlushFileBuffers
SetConsoleCtrlHandler
GetDateFormatA
TlsFree
Sleep
LeaveCriticalSection
UnhandledExceptionFilter
HeapReAlloc
GetStringTypeA
GetModuleFileNameA
WriteFile
GetCurrentProcessId
WideCharToMultiByte
GetCPInfo
TlsGetValue
GetFileType
EnumSystemLocalesA
EnumResourceLanguagesW
GetTickCount
GetConsoleMode
GetCurrentThread
CreateMutexA
MultiByteToWideChar
GetLocaleInfoW
GlobalDeleteAtom
GetTimeZoneInformation
GetProcAddress
GetDriveTypeA
GetConsoleCP
SetUnhandledExceptionFilter
SetEnvironmentVariableA
GetTimeFormatA
CloseHandle
FreeLibrary
ReadFile
OpenMutexA
DeleteCriticalSection
LoadLibraryA
HeapFree
GetStartupInfoW
GetUserDefaultLCID
WriteConsoleW
GetPriorityClass
VirtualQuery
IsDebuggerPresent
QueryPerformanceCounter
VirtualFree
CreateThread
GetOEMCP
WriteConsoleA

shell32

ShellAboutW
DuplicateIcon
SHGetDiskFreeSpaceA
FindExecutableA

advapi32

RegEnumValueW
CryptEnumProviderTypesA
RegDeleteValueW
LookupAccountNameW
RegQueryInfoKeyA
ReportEventA
InitiateSystemShutdownW
LogonUserW
CryptGetProvParam
CryptHashSessionKey
RegCreateKeyW
RegCreateKeyA
CryptGetDefaultProviderW
RegOpenKeyExA
CryptVerifySignatureW
CryptSignHashW
CryptGetDefaultProviderA
CryptSetProviderW
RegEnumValueA
RegCloseKey

Sections

.text
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b6ac93befc15ab40ad7c795674b9379

Headers

File Characteristics

PDB Paths

Imports

gdi32

comctl32

user32

kernel32

shell32

advapi32

Sections

.text Size: 250KB - Virtual size: 250KB

.rdata Size: 24KB - Virtual size: 32KB

.data Size: 95KB - Virtual size: 94KB

.rsrc Size: 14KB - Virtual size: 14KB

.text
Size: 250KB - Virtual size: 250KB

.rdata
Size: 24KB - Virtual size: 32KB

.data
Size: 95KB - Virtual size: 94KB

.rsrc
Size: 14KB - Virtual size: 14KB