27d0e23db0c98ab4f1917e7cdd756a46_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

27d0e23db0c98ab4f1917e7cdd756a46_JaffaCakes118
Size

271KB
MD5

27d0e23db0c98ab4f1917e7cdd756a46
SHA1

aa7477120a57d696566d61fdf59e599bc5aaa237
SHA256

6cc816739557bded1a16bfea8dbc47a3e05091d27bd8016ad169b90cf1fd45bd
SHA512

d0116084ec85f1a54d36f8b5d5ef5047599b67226264032f280a14b508f65feedcf0849935472f288b64bbae02c22bca615a909363d082a124a23f0f5cfe14bc
SSDEEP

6144:pjYgmo6vJpptI1qS53FKeVc6KbSKuL1qeevyBspo:pjYgAR9P03s6LI59O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27d0e23db0c98ab4f1917e7cdd756a46_JaffaCakes118

Files

27d0e23db0c98ab4f1917e7cdd756a46_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fd4fcdbea5f25bfc335f514c57ef8634

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\lptzojml\eehg.pdb

Imports

advapi32

LookupPrivilegeValueA
RegRestoreKeyW
RegOpenKeyExA
RegSetValueA
DuplicateTokenEx
CryptAcquireContextA

shell32

SHLoadInProc
DragQueryFileAorW
ShellAboutW
DragAcceptFiles
ExtractIconW

user32

CreateWindowExA
PostMessageA
RegisterClassExA
CharLowerA
MessageBoxW
OemToCharW
CheckMenuItem
ShowWindow
RegisterClassA
GetWindowModuleFileNameW

kernel32

SetEnvironmentVariableA
EnterCriticalSection
GetModuleHandleA
TlsSetValue
IsBadWritePtr
GetCurrentThread
SetFilePointer
TerminateProcess
GetOEMCP
LCMapStringW
InitializeCriticalSection
WideCharToMultiByte
GetACP
GetTickCount
CopyFileA
CompareStringA
GetStringTypeA
VirtualAlloc
HeapFree
InterlockedIncrement
TlsFree
InterlockedExchange
EnumTimeFormatsW
HeapDestroy
GetStartupInfoA
GetLastError
InterlockedDecrement
SetHandleCount
GetCurrentProcess
GetCommandLineA
SetStdHandle
MultiByteToWideChar
LeaveCriticalSection
OpenMutexA
TlsAlloc
ReadFile
HeapReAlloc
CompareStringW
GetSystemTime
GetModuleFileNameA
LoadLibraryA
GetStdHandle
CreateMutexA
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
TlsGetValue
GetSystemTimeAsFileTime
SetLastError
GetStringTypeW
GetTimeZoneInformation
GetLocalTime
CloseHandle
GetVersion
LCMapStringA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetCPInfo
GetEnvironmentStringsW
HeapCreate
FlushFileBuffers
GetCurrentThreadId
UnhandledExceptionFilter
GetProcAddress
ExitProcess
HeapAlloc
RtlUnwind
VirtualQuery
VirtualFree
FreeEnvironmentStringsW
WriteFile
DeleteCriticalSection

comctl32

ImageList_EndDrag
ImageList_DrawIndirect
ImageList_SetIconSize
InitCommonControlsEx
ImageList_Merge
CreateStatusWindow
ImageList_SetFlags
CreatePropertySheetPage

Sections

.text
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd4fcdbea5f25bfc335f514c57ef8634

Headers

File Characteristics

PDB Paths

Imports

advapi32

shell32

user32

kernel32

comctl32

Sections

.text Size: 157KB - Virtual size: 157KB

.rdata Size: 15KB - Virtual size: 40KB

.data Size: 84KB - Virtual size: 83KB

.rsrc Size: 13KB - Virtual size: 13KB

.text
Size: 157KB - Virtual size: 157KB

.rdata
Size: 15KB - Virtual size: 40KB

.data
Size: 84KB - Virtual size: 83KB

.rsrc
Size: 13KB - Virtual size: 13KB