2b5ddee3e5957f3b4c3673feb561c86e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b5ddee3e5957f3b4c3673feb561c86e_JaffaCakes118
Size

1.6MB
MD5

2b5ddee3e5957f3b4c3673feb561c86e
SHA1

e2378c992991dc2223b86260e82f249f7d3b68e8
SHA256

1434d4c565a4e3c4f40fd640b5f75d24e26f2295f145a94f72ff1cacc2ed8b80
SHA512

aba110909e2f0fd664bb1834544ecce978435a0c6c140b7e7d63aab6ffe1f71cab10f432172f8f3c37f30397b9bf33c9c31b15739519a799cb41b5c6a9a90336
SSDEEP

24576:A22/XRK+C7DTbUm3pxVrAXhUmPJPagreF6Wi4tAc1SP11p:cXq3920gCQutAcG11p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b5ddee3e5957f3b4c3673feb561c86e_JaffaCakes118

Files

2b5ddee3e5957f3b4c3673feb561c86e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

718a59bbac5fbdc9b72ae7944819b944

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\EAThirdPerson\lotr\rotk\code\Project\VisualStudio\Win\EN\ROTK_EN_Fin_Win_DotNet.pdb

Imports

kernel32

GetUserDefaultLangID
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
LocalFree
FormatMessageA
GetLastError
GetSystemTime
QueryPerformanceCounter
QueryPerformanceFrequency
SetEvent
ReadFile
SetFilePointer
ResetEvent
WaitForSingleObjectEx
GetFileAttributesA
CloseHandle
GetFileInformationByHandle
GetCurrentDirectoryA
CreateFileA
SetThreadPriority
CreateThread
CreateEventA
WritePrivateProfileSectionA
GetPrivateProfileSectionA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
GetCurrentThreadId
CreateMutexA
GetLocalTime
GetFullPathNameA
CreateDirectoryA
RtlUnwind
HeapAlloc
HeapFree
DeleteFileA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
TerminateProcess
GetCurrentProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
UnhandledExceptionFilter
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetACP
GetOEMCP
GetCPInfo
GetLocaleInfoA
VirtualProtect
GetSystemInfo
VirtualQuery
FlushFileBuffers
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
HeapSize
SetEndOfFile
IsProcessorFeaturePresent
OutputDebugStringA
LocalAlloc
InterlockedExchange
CompareStringW
CompareStringA
GetTimeZoneInformation
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
RaiseException
GetModuleFileNameA
LoadLibraryA
GetProcAddress
FreeLibrary
ExitProcess
GetTickCount
SetEnvironmentVariableA

user32

MapVirtualKeyA
MapVirtualKeyExA
DefWindowProcA
SetCursor
PeekMessageA
TranslateMessage
GetSystemMetrics
LoadCursorA
DispatchMessageA
LoadStringA
LoadIconA
RegisterClassExA
CreateWindowExA
ShowWindow
SetForegroundWindow
UpdateWindow
AdjustWindowRect
SetWindowPos
PostQuitMessage
MessageBoxA
GetKeyboardLayout

advapi32

RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegSetValueExA

shell32

SHGetSpecialFolderPathA

Exports

Exports

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

718a59bbac5fbdc9b72ae7944819b944

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 148KB - Virtual size: 147KB

.data Size: 124KB - Virtual size: 4.3MB

.data1 Size: 4KB - Virtual size: 2KB

.rsrc Size: 24KB - Virtual size: 22KB

Size: 96KB - Virtual size: 92KB

.reloc Size: 28KB - Virtual size: 24KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 148KB - Virtual size: 147KB

.data
Size: 124KB - Virtual size: 4.3MB

.data1
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 24KB - Virtual size: 22KB

.reloc
Size: 28KB - Virtual size: 24KB