281e107f061244beff0d851c7b001926_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

281e107f061244beff0d851c7b001926_JaffaCakes118
Size

529KB
MD5

281e107f061244beff0d851c7b001926
SHA1

4f5360ff3683270c5841f78f5a545393402c8030
SHA256

11806da8c897adbce4c6f0b80d01b064c5669108b8213e3c230e00a792ca02c4
SHA512

31e24a6bb7065f707e43fc376aa8e827e897bd717251f1629eec9ba3c92712f0aecccf14ff66fa05e49b8bb197d09e5891bef315fe8925317959f418bc89b7ac
SSDEEP

12288:eQ9J/oVOfzM023UxLHow1zXT+l5mYIIHxDIDdaUMYSLnzRYMzJ/kjsFbDzuN1VAi:eQT/oOf/EUVzjEsYII

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
281e107f061244beff0d851c7b001926_JaffaCakes118

Files

281e107f061244beff0d851c7b001926_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ca9c2b0a42c8b9a3558da067afef9d4e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

k:\mex\sptzsp\eqxxqbseqe\wlvkvr.PDB

Imports

kernel32

GlobalFindAtomA
GetCommandLineW
GetCurrentProcess
GetThreadPriorityBoost
GetEnvironmentStrings
ReadFile
HeapCreate
InitializeCriticalSection
DeleteCriticalSection
TlsFree
HeapReAlloc
SetStdHandle
GetModuleHandleA
SetFilePointer
HeapFree
GetCurrentThread
InterlockedDecrement
MultiByteToWideChar
CompareStringW
InterlockedIncrement
GetVersion
GetTickCount
ExitProcess
SetHandleCount
SetLastError
CompareStringA
SetEnvironmentVariableA
TlsGetValue
GetModuleFileNameW
VirtualAlloc
GetProcAddress
GetStartupInfoW
GetLastError
GetSystemTime
FreeEnvironmentStringsW
IsBadWritePtr
GetCommandLineA
CloseHandle
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCPInfo
OpenMutexA
GetLocalTime
FreeEnvironmentStringsA
GetFileType
VirtualQuery
LCMapStringW
GetSystemTimeAsFileTime
FlushFileBuffers
HeapAlloc
LoadLibraryA
TerminateProcess
QueryPerformanceCounter
GetStringTypeA
InterlockedExchange
LCMapStringA
GetStringTypeW
GetEnvironmentStringsW
UnhandledExceptionFilter
WideCharToMultiByte
GetStartupInfoA
GetTimeZoneInformation
GetStdHandle
InterlockedExchangeAdd
TlsAlloc
HeapDestroy
WriteFile
GetModuleFileNameA
RtlUnwind
GetCurrentProcessId
WriteConsoleA
WriteProfileStringA
VirtualFree
CreateMutexA
WriteProfileSectionW
TlsSetValue

user32

CreateWindowExA
DefWindowProcA
GetMessageTime
RegisterClassA
DestroyWindow
ShowWindow
DrawEdge
TranslateMDISysAccel
GetGUIThreadInfo
SendMessageW
SendDlgItemMessageA
GetInputState
DrawAnimatedRects
DdeReconnect
DdeCreateStringHandleA
RegisterClassExA
MessageBoxW
SetPropA
SendNotifyMessageA

comctl32

ImageList_SetFilter
CreateStatusWindowW
CreatePropertySheetPageA
ImageList_Create
ImageList_Write
DestroyPropertySheetPage
ImageList_DrawEx
CreateUpDownControl
CreatePropertySheetPageW
ImageList_DragEnter
CreateToolbarEx
_TrackMouseEvent
ImageList_EndDrag
CreateToolbar
ImageList_GetFlags
ImageList_LoadImageW
ImageList_DragMove
InitCommonControlsEx
ImageList_GetImageRect

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 253KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca9c2b0a42c8b9a3558da067afef9d4e

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

comctl32

Sections

.text Size: 125KB - Virtual size: 124KB

.rdata Size: 253KB - Virtual size: 257KB

.data Size: 112KB - Virtual size: 111KB

.rsrc Size: 38KB - Virtual size: 38KB

.text
Size: 125KB - Virtual size: 124KB

.rdata
Size: 253KB - Virtual size: 257KB

.data
Size: 112KB - Virtual size: 111KB

.rsrc
Size: 38KB - Virtual size: 38KB