2b592788482990b5c0a133061dd2af49_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b592788482990b5c0a133061dd2af49_JaffaCakes118
Size

324KB
MD5

2b592788482990b5c0a133061dd2af49
SHA1

5930271e782cfb01b5ec3dff266255a36243da28
SHA256

8c7539100db87ab6049c5bb288cac5f83cb369e80b49e067f7502bc71af6ff8c
SHA512

bc6af98c09c58c1c17a1ef34ee4525413cf5e58cd465c2fc37ca17e6d0b4031572191850fd494cd2c2a6c7a79b0fc7852e23330eac99ae7da60bafd542c72560
SSDEEP

6144:h7mv19oqhJqaAWPl5ALXqo1jmUZxL6xQGQm9UmM7I+6cw:h7mYq3TAWULXqs76ve7I+L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b592788482990b5c0a133061dd2af49_JaffaCakes118

Files

2b592788482990b5c0a133061dd2af49_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4136135659ba50108f54107994521465

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\SpecTools\dual_core_optimizer\Dbuild0169\Release\sync_tsc.pdb

Imports

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList

powrprof

DeletePwrScheme
WritePwrScheme
WriteProcessorPwrScheme
EnumPwrSchemes
GetActivePwrScheme
SetActivePwrScheme

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

kernel32

WaitForSingleObject
CloseHandle
SetEvent
GetLastError
CreateMutexA
SetThreadPriority
SetPriorityClass
GetCurrentProcess
CreateThread
CreateEventA
DeviceIoControl
SetProcessAffinityMask
GetProcessAffinityMask
LocalFree
CreateFileA
LocalAlloc
CreateProcessA
GetVersionExA
GetSystemInfo
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcpynA
GetStdHandle
AllocConsole
DisconnectNamedPipe
FlushFileBuffers
WriteFile
ReadFile
ConnectNamedPipe
ResetEvent
CreateNamedPipeA
ReleaseMutex
IsBadCodePtr
SetUnhandledExceptionFilter
GetLocaleInfoA
SetEnvironmentVariableA
CompareStringW
CompareStringA
HeapSize
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetFilePointer
MultiByteToWideChar
VirtualProtect
VirtualAlloc
VirtualQuery
InterlockedExchange
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
WideCharToMultiByte
HeapAlloc
WaitForMultipleObjects
HeapReAlloc
HeapFree
GetFileAttributesA
TerminateProcess
SetHandleCount
CreatePipe
GetACP
GetOEMCP
GetCPInfo
UnhandledExceptionFilter
GetCurrentThreadId
FreeEnvironmentStringsW
GetEnvironmentStrings
ExitProcess
DuplicateHandle
SetStdHandle
GetFileType
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
FreeEnvironmentStringsA

user32

GetProcessWindowStation
GetThreadDesktop
SetUserObjectSecurity
EndDialog
DialogBoxParamA
DestroyWindow
DefWindowProcA
BeginPaint
EndPaint
PostQuitMessage
GetCursorPos
CreatePopupMenu
InsertMenuA
SetForegroundWindow
TrackPopupMenu
DestroyMenu
CreateWindowExA
GetSystemMetrics
LoadImageA
DestroyIcon
ShowWindow
LoadIconA
LoadCursorA
RegisterClassExA
SendMessageA
LoadStringA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA

advapi32

InitializeSid
GetSidSubAuthority
InitializeAcl
AddAccessAllowedAce
ReportEventA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
DeregisterEventSource
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegNotifyChangeKeyValue
RegCloseKey
GetSidLengthRequired

shell32

Shell_NotifyIconA

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tc
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4136135659ba50108f54107994521465

Headers

File Characteristics

PDB Paths

Imports

setupapi

powrprof

wtsapi32

kernel32

user32

advapi32

shell32

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 8KB - Virtual size: 7KB

.tc Size: 248KB - Virtual size: 248KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 8KB - Virtual size: 7KB

.tc
Size: 248KB - Virtual size: 248KB