2b0ca356af63176d70cb976cce626021_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2b0ca356af63176d70cb976cce626021_JaffaCakes118
Size

276KB
MD5

2b0ca356af63176d70cb976cce626021
SHA1

41a312f2f623dbeae5bfc321fa6b634072cbdc0c
SHA256

cf791914b2e3190945882c4c24ce8f44a653643c16a9399166c5b865f9664061
SHA512

def2a84e224c1ff11c1be040e09d4e5da2e4523e5a61dfa21d2ea28f5c13279e3c1ca2848ca1fc9dc361f6fad1d1ea2e424d5ea3d27d7f34acff327dd9a6c337
SSDEEP

6144:FoyYgTZyMl0J83EItiNJTvzCLrGge3kE94qGU6:ayYgTZ9lxUIUNJh9z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b0ca356af63176d70cb976cce626021_JaffaCakes118

Files

2b0ca356af63176d70cb976cce626021_JaffaCakes118
.exe windows:5 windows x64 arch:x64

c9097bac7780d2845936267b6668db0f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Source Codes\Project KMA 2008\x64\Release\Project KMA 2008.pdb

Imports

kernel32

FindFirstFileA
DeleteFileA
LeaveCriticalSection
EnterCriticalSection
ReadFile
CreateFileA
GetExitCodeThread
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetSystemDirectoryW
WaitForSingleObject
GetProcAddress
LoadLibraryW
FreeLibrary
Process32NextW
OpenProcess
FindNextFileA
ExitProcess
DeleteFileW
GetModuleFileNameW
GetTempFileNameW
GetTempPathW
DeleteCriticalSection
CreateThread
Sleep
GetVersionExA
InitializeCriticalSection
SetEndOfFile
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableA
FindClose
GetComputerNameA
GetLogicalDriveStringsA
GetDriveTypeA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetSystemDirectoryA
CopyFileA
GetModuleFileNameA
FindResourceA
SizeofResource
LoadResource
LockResource
CreateFileW
WriteFile
Process32FirstW
CloseHandle
CompareStringW
CompareStringA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetTimeZoneInformation
HeapReAlloc
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetProcessHeap
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
FlushFileBuffers
WideCharToMultiByte
MultiByteToWideChar
RtlLookupFunctionEntry
RtlUnwindEx
GetLastError
FileTimeToSystemTime
FileTimeToLocalFileTime
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
RaiseException
RtlPcToFileHeader
GetCommandLineA
GetStartupInfoA
LCMapStringA
LCMapStringW
GetCPInfo
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
GetFullPathNameA
GetCurrentDirectoryA
GetACP
GetOEMCP
IsValidCodePage
HeapSetInformation
HeapCreate
GetModuleHandleW
GetStdHandle
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
SetFilePointer

user32

PostMessageA
FindWindowA
MessageBoxA
GetDesktopWindow
GetWindowRect
GetWindowDC

gdi32

CreateCompatibleDC
CreateDIBSection
DeleteDC
SaveDC
SelectObject
BitBlt
RestoreDC
DeleteObject
GetDeviceCaps

advapi32

RegOpenKeyExA
RegSetValueExA
RegCloseKey
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetUserNameA

shell32

ShellExecuteA

wininet

InternetCloseHandle
InternetConnectA
HttpOpenRequestA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
InternetOpenUrlA
InternetQueryDataAvailable
InternetReadFile
InternetOpenA
InternetSetOptionA

gdiplus

GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusShutdown
GdiplusStartup
GdipAlloc
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipCloneImage
GdipFree

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9097bac7780d2845936267b6668db0f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

wininet

gdiplus

Sections

.text Size: 196KB - Virtual size: 196KB

.rdata Size: 47KB - Virtual size: 46KB

.data Size: 8KB - Virtual size: 17KB

.pdata Size: 13KB - Virtual size: 12KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 196KB - Virtual size: 196KB

.rdata
Size: 47KB - Virtual size: 46KB

.data
Size: 8KB - Virtual size: 17KB

.pdata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 2KB - Virtual size: 1KB