2be37346311b8edd564ab12ffc0f5493_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2be37346311b8edd564ab12ffc0f5493_JaffaCakes118
Size

508KB
MD5

2be37346311b8edd564ab12ffc0f5493
SHA1

701a889301f4b29304ced234293ee71b419771fe
SHA256

962f4e3b6949263ce64a4936567ec41dd92482473a33cc3b8f08593d8340d0cc
SHA512

1f0288046c7aed67171ac217094636dc50a85c509c0105b4d851cf8881785b3a7b2c4d5d625928e68469e86e63dc39287a06a0f826ad9afc80cfbf077263f3c7
SSDEEP

12288:pLLMnlNF9EP/QtTGJhAAuSzzmnA+Yb1eJjmL+nNvWNN/bfP0IRg:pAlNrEnHJ2pK1eJjo+nyb3lRg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2be37346311b8edd564ab12ffc0f5493_JaffaCakes118

Files

2be37346311b8edd564ab12ffc0f5493_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2d0688a5a77eda4ba852962e0b928a96

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\kzoepj\qmxa\tudkupsh\iwuube\fexlkt\oejh.PDB

Imports

kernel32

GetCurrentThread
TlsGetValue
QueryPerformanceCounter
SetFilePointer
RtlUnwind
SetEnvironmentVariableA
VirtualQuery
GetEnvironmentStrings
GetStartupInfoW
GetFileType
GetLocalTime
GetTickCount
GetTimeZoneInformation
IsBadWritePtr
GetStringTypeA
MultiByteToWideChar
LeaveCriticalSection
InterlockedIncrement
TlsSetValue
SetHandleCount
HeapDestroy
FreeEnvironmentStringsA
HeapFree
GetCurrentProcessId
CloseHandle
HeapAlloc
LCMapStringA
TlsFree
VirtualAlloc
InterlockedDecrement
TlsAlloc
GetVersion
ExitProcess
CompareStringW
HeapCreate
GetCommandLineW
GetStdHandle
DeleteCriticalSection
GetModuleFileNameW
TerminateProcess
CompareStringA
GetStartupInfoA
GetCommandLineA
GetProcAddress
VirtualFree
CreateMutexA
OpenMutexA
GetStringTypeW
HeapReAlloc
LoadLibraryA
SetStdHandle
WideCharToMultiByte
GetEnvironmentStringsW
EnterCriticalSection
FreeEnvironmentStringsW
GetModuleFileNameA
FlushFileBuffers
InterlockedExchange
GetModuleHandleA
GetCurrentProcess
GetCurrentThreadId
SetLastError
ReadFile
GetLastError
WriteFile
GetSystemTimeAsFileTime
GetTempPathA
InitializeCriticalSection
LCMapStringW
GetCPInfo
GetSystemTime
UnhandledExceptionFilter

comctl32

ImageList_GetImageRect
InitMUILanguage
ImageList_GetIconSize
ImageList_Replace
ImageList_DragEnter
ImageList_Destroy
ImageList_GetIcon
ImageList_BeginDrag
InitCommonControlsEx
ImageList_LoadImage

user32

DefWindowProcW
SendMessageA
OemKeyScan
wvsprintfW
GetMonitorInfoA
ModifyMenuW
CharUpperBuffA
RegisterWindowMessageW
EnumDisplayMonitors
ShowWindow
BeginPaint
CharToOemBuffW
RegisterClassA
GetWindowTextLengthW
SetWindowWord
MessageBoxW
UnhookWindowsHookEx
IsWindowVisible
CallMsgFilterA
SetDlgItemTextW
SetFocus
RegisterClassExA
DefMDIChildProcA
DestroyWindow
CreateWindowExA
CreateDialogParamA

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 237KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d0688a5a77eda4ba852962e0b928a96

Headers

File Characteristics

PDB Paths

Imports

kernel32

comctl32

user32

Sections

.text Size: 130KB - Virtual size: 130KB

.rdata Size: 237KB - Virtual size: 262KB

.data Size: 123KB - Virtual size: 122KB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 130KB - Virtual size: 130KB

.rdata
Size: 237KB - Virtual size: 262KB

.data
Size: 123KB - Virtual size: 122KB

.rsrc
Size: 17KB - Virtual size: 16KB