29f1e6b18d449425ab51c90b0641f92f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

29f1e6b18d449425ab51c90b0641f92f_JaffaCakes118
Size

348KB
MD5

29f1e6b18d449425ab51c90b0641f92f
SHA1

ce829b45934cf2130fa299cd33031f312f863008
SHA256

259348235c56d9bd449f9d40108917a1c63a5b72298f93f157b3962b211ae9e2
SHA512

468fb97be52c5a6746115f580385eea0877dc7a519799adeb7c07a4745a3da7ea3fc88bcb648e6f213f68c350fc10684c4df15134c8a31f2b5de4ccc33379130
SSDEEP

6144:jEbRco0ASwWfNbB7Ju+eGW6GNzaeZoZ3t235x1uPd5:cWo0dtfpJJu+eee5aE3k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29f1e6b18d449425ab51c90b0641f92f_JaffaCakes118

Files

29f1e6b18d449425ab51c90b0641f92f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fe2c89e3ef9a912a7c8e873080f4007a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\solkt\riwtuzoz.pdb

Imports

kernel32

TlsSetValue
MultiByteToWideChar
GetVersion
LeaveCriticalSection
QueryPerformanceCounter
GetFileType
FlushConsoleInputBuffer
GetFileTime
GetPriorityClass
HeapAlloc
GetEnvironmentStrings
ReadConsoleInputW
TlsGetValue
VirtualFree
GetModuleHandleA
GetTickCount
GetWindowsDirectoryA
GetStartupInfoA
EnterCriticalSection
HeapCreate
LoadLibraryA
GetCommandLineA
GetStartupInfoW
CreateEventA
GetProcAddress
VirtualProtect
WideCharToMultiByte
GetACP
FreeEnvironmentStringsA
OpenMutexA
InterlockedIncrement
TlsAlloc
WriteConsoleA
VirtualQuery
GetCurrentThreadId
SetFilePointer
LocalFlags
InterlockedDecrement
CloseHandle
ExitProcess
UnhandledExceptionFilter
ConvertDefaultLocale
GetModuleHandleW
GetSystemTime
GetCommandLineW
IsBadWritePtr
InitializeCriticalSection
GetCurrentThread
ReadFile
GetStringTypeA
LCMapStringW
GetSystemTimeAsFileTime
GetEnvironmentStringsW
GetLocalTime
EnumDateFormatsA
GetModuleFileNameA
GetProcAddress
CompareStringA
GetStdHandle
CompareStringW
VirtualAlloc
ExpandEnvironmentStringsW
GetCurrentDirectoryA
GetCPInfo
GetConsoleMode
HeapFree
GetTempFileNameA
WriteFile
FlushInstructionCache
lstrlenA
GetLastError
DeleteAtom
GetTimeZoneInformation
GetThreadSelectorEntry
SetLastError
SetThreadAffinityMask
GetCalendarInfoW
WriteConsoleInputA
GetStringTypeW
FreeEnvironmentStringsW
HeapReAlloc
TlsFree
RtlUnwind
FlushFileBuffers
SetStdHandle
HeapDestroy
SetConsoleMode
GetModuleFileNameW
SetHandleCount
SetEnvironmentVariableA
CreateSemaphoreW
GetCurrentProcessId
GetCurrentProcess
InterlockedExchange
FindFirstFileExW
CreateMutexA
LCMapStringA
DeleteCriticalSection
TerminateProcess

comctl32

InitCommonControlsEx
CreateMappedBitmap
ImageList_GetDragImage
DrawStatusTextA

comdlg32

PrintDlgA
GetOpenFileNameW
GetSaveFileNameW

user32

DdeFreeDataHandle
SendIMEMessageExW
CreateDialogParamW
DefWindowProcW
DestroyWindow
BeginPaint
VkKeyScanA
DdeDisconnect
CopyAcceleratorTableA
DdeCreateStringHandleW
SetMenuContextHelpId
ShowWindow
GetClassWord
RegisterClassExA
DdeAddData
MessageBoxA
RegisterClassA
EnumPropsW
IsCharAlphaNumericA
GetWindowRect
LoadCursorFromFileA
CharUpperA
CreateWindowExA

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe2c89e3ef9a912a7c8e873080f4007a

Headers

File Characteristics

PDB Paths

Imports

kernel32

comctl32

comdlg32

user32

Sections

.text Size: 76KB - Virtual size: 74KB

.rdata Size: 72KB - Virtual size: 68KB

.data Size: 88KB - Virtual size: 101KB

.rsrc Size: 108KB - Virtual size: 106KB

.text
Size: 76KB - Virtual size: 74KB

.rdata
Size: 72KB - Virtual size: 68KB

.data
Size: 88KB - Virtual size: 101KB

.rsrc
Size: 108KB - Virtual size: 106KB