2b74f0683445cc4d19a926e67f09610e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b74f0683445cc4d19a926e67f09610e_JaffaCakes118
Size

542KB
MD5

2b74f0683445cc4d19a926e67f09610e
SHA1

61ad1570034566518919bc2fb5b3bf86cd968210
SHA256

4fa8a8e3a1e5a7d85feb628127992446accb938d8a5fbbab590044f9ea383690
SHA512

856031880e857bb8568f79f7a8bab27796842fd077fe0007c96efad06607f6fd09395e644b12c7cca87bf2a698ca58fcfb4dd0e4dd99943063241911add427ee
SSDEEP

12288:UvHBDR9qHtBo9QGe172dSWnVZM+/GufZWGIjvpHc2KEAT:Uv9HWAQN16dSEw+ff8X0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b74f0683445cc4d19a926e67f09610e_JaffaCakes118

Files

2b74f0683445cc4d19a926e67f09610e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5b514666d551ca15704cb8fe0362b291

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\eapstjferl\sxaebt\xexaae.pdb

Imports

user32

CreateMenu
IsZoomed
GrayStringW
ScrollDC
RegisterClassA
RegisterClassExA
GetWindowContextHelpId
SetWindowsHookExW

kernel32

GetCurrentThread
UnhandledExceptionFilter
InterlockedIncrement
GetOEMCP
OpenMutexA
GetCPInfo
DeleteCriticalSection
LeaveCriticalSection
GetCommandLineA
SetStdHandle
ReadFile
FreeEnvironmentStringsA
WriteFile
GetModuleHandleA
GetStartupInfoA
GetLastError
RtlUnwind
ExitProcess
GetCurrentProcess
SetLastError
GetSystemTime
TlsGetValue
LCMapStringW
MultiByteToWideChar
VirtualQuery
LCMapStringA
HeapReAlloc
HeapFree
TerminateProcess
GetACP
SetEnvironmentVariableA
GetModuleFileNameA
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeZoneInformation
GetVersion
TlsFree
GetSystemTimeAsFileTime
GetLocalTime
HeapAlloc
GetStdHandle
CreateMutexA
GetStringTypeW
GetProcAddress
HeapDestroy
IsBadWritePtr
GetTickCount
GetCurrentProcessId
LoadLibraryA
TlsSetValue
InterlockedExchange
InterlockedDecrement
SetFilePointer
TlsAlloc
QueryPerformanceCounter
CompareStringW
GetThreadContext
CompareStringA
GetEnvironmentStrings
GetStringTypeA
SetHandleCount
WideCharToMultiByte
GetCurrentThreadId
GetFileType
EnterCriticalSection
VirtualAlloc
CloseHandle
InitializeCriticalSection
ConvertDefaultLocale
HeapCreate
VirtualFree

comctl32

ImageList_DrawEx
CreateStatusWindowW
ImageList_DrawIndirect
ImageList_SetFilter
ImageList_GetImageCount
ImageList_GetImageInfo
InitCommonControlsEx
ImageList_DragShowNolock
_TrackMouseEvent
ImageList_Copy
ImageList_Create
ImageList_SetIconSize
DrawStatusText

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 243KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b514666d551ca15704cb8fe0362b291

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

comctl32

Sections

.text Size: 122KB - Virtual size: 122KB

.rdata Size: 243KB - Virtual size: 266KB

.data Size: 120KB - Virtual size: 119KB

.rsrc Size: 55KB - Virtual size: 55KB

.text
Size: 122KB - Virtual size: 122KB

.rdata
Size: 243KB - Virtual size: 266KB

.data
Size: 120KB - Virtual size: 119KB

.rsrc
Size: 55KB - Virtual size: 55KB