27ef6e120e8d8ff16458e169a5c1bebb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

27ef6e120e8d8ff16458e169a5c1bebb_JaffaCakes118
Size

288KB
MD5

27ef6e120e8d8ff16458e169a5c1bebb
SHA1

ca803b6fc946801767d6d4b372909d9f25815a5d
SHA256

12ad78ce7c5c5859b2966295803406493099106b9ebabaa036dc600ed19152db
SHA512

24002b65e276cd2c342f22a191798360548b011af18f23cc21dd2885881a8376e9cd4efc03c499a356691d6f79b2775ba00802b2df306fb14ea9e3319d950ffd
SSDEEP

6144:OROk/OOwSHcM42Ta8T0wqLlvUNlDeCyzC7lVUB91UtUBGAAeJTZBxp/Op6x:6z/oS8l2+6ImM+7lVUB9YUIedZ+q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27ef6e120e8d8ff16458e169a5c1bebb_JaffaCakes118

Files

27ef6e120e8d8ff16458e169a5c1bebb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c172594199d3ad22ddd0bad5a2e72d70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\srzve\xysewroe\plcerru.pdb

Imports

kernel32

GetTickCount
GetCurrentThreadId
DeleteCriticalSection
GetModuleHandleA
CommConfigDialogW
GetEnvironmentStringsA
HeapReAlloc
lstrlen
GetEnvironmentStringsW
HeapAlloc
GetStdHandle
GetProcAddress
LoadModule
EnterCriticalSection
SetHandleCount
GetSystemTime
GetStartupInfoW
OpenMutexA
LCMapStringA
SetFilePointer
GetCurrentProcess
FreeEnvironmentStringsW
GetModuleFileNameW
SetStdHandle
HeapFree
GetCurrentProcessId
GetTimeZoneInformation
InterlockedDecrement
GetCurrentThread
GetSystemTimeAsFileTime
WideCharToMultiByte
TerminateProcess
ReadFile
GlobalFree
TlsFree
GetStringTypeA
CompareStringW
lstrlenW
SetLastError
CreateMutexA
GetModuleFileNameA
GetStringTypeW
HeapCreate
VirtualLock
TlsSetValue
QueryPerformanceCounter
FlushFileBuffers
TlsAlloc
TlsGetValue
VirtualAlloc
InterlockedIncrement
lstrcpy
LoadLibraryA
VirtualFree
GetLocalTime
GetCommandLineW
InterlockedExchange
GetCurrentDirectoryW
WriteFile
ExitProcess
CloseHandle
VirtualQuery
SetEnvironmentVariableA
InitializeCriticalSection
RtlUnwind
LeaveCriticalSection
LCMapStringW
IsBadWritePtr
GetStartupInfoA
UnhandledExceptionFilter
ConvertDefaultLocale
MultiByteToWideChar
GetCPInfo
GetVersion
CompareStringA
HeapDestroy
GetLastError
GetFileType
GetCommandLineA
GetEnvironmentStrings
FreeEnvironmentStringsA

user32

DestroyWindow
DlgDirListA
DdeDisconnect
RegisterClassExA
RemovePropA
GetSubMenu
RegisterClassA
GetCaretBlinkTime
SetWindowTextA
ClientToScreen
MessageBoxA
ShowWindow
SetWindowWord
GetCursorInfo
FindWindowW
CreateWindowExA
SetClipboardViewer
IsRectEmpty
ChangeDisplaySettingsW
DefWindowProcA
EnableWindow
SetUserObjectSecurity
CreateDialogParamW
SetSysColors

comdlg32

PageSetupDlgA
ChooseColorW
ChooseFontW
PrintDlgW

comctl32

ImageList_SetFlags
ImageList_DragMove
ImageList_Draw
ImageList_DrawIndirect
CreateToolbar
InitCommonControlsEx
ImageList_Merge
ImageList_Read
ImageList_DragEnter
ImageList_GetIcon
CreateStatusWindow
CreatePropertySheetPageA

shell32

SHAppBarMessage

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c172594199d3ad22ddd0bad5a2e72d70

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

comdlg32

comctl32

shell32

Sections

.text Size: 127KB - Virtual size: 126KB

.rdata Size: 55KB - Virtual size: 65KB

.data Size: 90KB - Virtual size: 90KB

.rsrc Size: 14KB - Virtual size: 14KB

.text
Size: 127KB - Virtual size: 126KB

.rdata
Size: 55KB - Virtual size: 65KB

.data
Size: 90KB - Virtual size: 90KB

.rsrc
Size: 14KB - Virtual size: 14KB