29237b90e2561c3c024b00f93071da1b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

29237b90e2561c3c024b00f93071da1b_JaffaCakes118
Size

828KB
MD5

29237b90e2561c3c024b00f93071da1b
SHA1

b87eef85e3af9b8332adb479b1fda18071afca3e
SHA256

868561febae25f09418166f0dfb3531b8505039c8bcf8aa185037d348e64c0d8
SHA512

0ad52d90338a43fc58a8f512376cdf6c41c433b2bf14b10e5680f2ed462b34b3f28cd4be69f103979b2284da1a9383fdaab2749663bdbc9c8534cc5700184f61
SSDEEP

24576:9kP1AmIR7dgAnJeA4bSaEyDshgOdK2dZjFIf:9k9AmygYJeA4b7WgK5HI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29237b90e2561c3c024b00f93071da1b_JaffaCakes118

Files

29237b90e2561c3c024b00f93071da1b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1f5faa5033010b8c814a1a1c7e55d477

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\bpphfm.pdb

Imports

gdi32

WidenPath
DeleteDC
CreateDCA
GetDeviceCaps

kernel32

CompareStringW
LeaveCriticalSection
CloseHandle
EnterCriticalSection
SetHandleCount
UnhandledExceptionFilter
OpenMutexA
GetModuleFileNameA
TlsSetValue
GetCommandLineA
GetDiskFreeSpaceA
GetStringTypeA
GetStartupInfoA
SetFilePointer
GetCPInfo
ExitProcess
HeapCreate
TlsAlloc
InterlockedDecrement
TlsFree
GetNamedPipeInfo
GetTimeZoneInformation
FlushFileBuffers
SetLastError
GetSystemTimeAsFileTime
GetLocalTime
MultiByteToWideChar
GetVersion
GetTickCount
GetCurrentProcessId
FreeEnvironmentStringsA
GetProcAddress
SetStdHandle
GetCurrentThreadId
LCMapStringW
DeleteCriticalSection
HeapReAlloc
GetStdHandle
GetCurrentThread
WriteFile
GetFileType
SetUnhandledExceptionFilter
LoadLibraryA
ReadFile
GetStringTypeW
FillConsoleOutputAttribute
GetCurrentProcess
GetStartupInfoW
WritePrivateProfileSectionW
CreateMutexA
InitializeCriticalSection
WideCharToMultiByte
IsBadWritePtr
LCMapStringA
CompareStringA
VirtualAlloc
GetEnvironmentStringsW
TerminateProcess
FillConsoleOutputCharacterW
GetSystemTime
InterlockedExchange
VirtualFree
SetEnvironmentVariableA
QueryPerformanceCounter
WritePrivateProfileStringW
HeapFree
HeapDestroy
TlsGetValue
GetModuleFileNameW
GetSystemDefaultLangID
RtlUnwind
FreeEnvironmentStringsW
InterlockedIncrement
GetCommandLineW
GetModuleHandleA
GetLastError
VirtualQuery
HeapAlloc
GetEnvironmentStrings

comdlg32

FindTextA
GetSaveFileNameW
PrintDlgA

wininet

InternetCrackUrlW
InternetWriteFileExW
FtpRemoveDirectoryA
FindFirstUrlCacheEntryW
InternetCheckConnectionA

comctl32

InitCommonControlsEx
CreateStatusWindowA
DrawInsert

user32

ShowWindow
MapVirtualKeyA
DestroyMenu
GetWindowTextA
RegisterClassA
CheckMenuRadioItem
CopyAcceleratorTableA
SetMenu
ClipCursor
DdeQueryNextServer
GetSysColorBrush
GetWindowInfo
CheckMenuItem
CloseWindowStation
GetProcessDefaultLayout
ScrollDC
LoadAcceleratorsW
MessageBoxW
GetCursorPos
AppendMenuA
DlgDirSelectExA
CreateWindowExW
CharUpperBuffA
RegisterClassExA
VkKeyScanA
OpenClipboard
MonitorFromPoint

shell32

ShellExecuteEx

Sections

.text
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 468KB - Virtual size: 462KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f5faa5033010b8c814a1a1c7e55d477

Headers

File Characteristics

PDB Paths

Imports

gdi32

kernel32

comdlg32

wininet

comctl32

user32

shell32

Sections

.text Size: 280KB - Virtual size: 280KB

.rdata Size: 69KB - Virtual size: 85KB

.data Size: 468KB - Virtual size: 462KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 280KB - Virtual size: 280KB

.rdata
Size: 69KB - Virtual size: 85KB

.data
Size: 468KB - Virtual size: 462KB

.rsrc
Size: 9KB - Virtual size: 8KB