2f28499d6bc71a3825b5005d2777eeec_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2f28499d6bc71a3825b5005d2777eeec_JaffaCakes118
Size

341KB
MD5

2f28499d6bc71a3825b5005d2777eeec
SHA1

92e51355ee54a367ade43e14457ab3887670249d
SHA256

87962c05a6a5a8022545a12387223af427dbd41050f557bd3033db5dcb62106a
SHA512

9f0802991cf00c7dae7c19ab25911cd5e301c9db0c3531d1230c3ccfab001aef1d079233f94a42761e361e90a227245b14cd4de517a75d53cba60e33f1005989
SSDEEP

6144:vtjK0Q4O/ijrNy7QvcG3uOtAhgIObbWDMkkekY4pffp7C5RRRRRRRRjPMoRjTpzV:vtjKCO/YrNgQELhh3ObbW4zfuTpV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f28499d6bc71a3825b5005d2777eeec_JaffaCakes118

Files

2f28499d6bc71a3825b5005d2777eeec_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3bf73e2d7e0a77f35d25c83e5226651b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\src\rnuninst\r1puninst.pdb

Imports

kernel32

MultiByteToWideChar
GetDiskFreeSpaceA
GetWindowsDirectoryA
GetDriveTypeA
SetErrorMode
Process32Next
Process32First
CreateToolhelp32Snapshot
GetVersionExA
RemoveDirectoryA
GetFileAttributesA
CreateDirectoryA
MoveFileA
GetVersion
GetFullPathNameA
SetCurrentDirectoryA
GetCurrentDirectoryA
FlushFileBuffers
SetEnvironmentVariableA
CompareStringW
CompareStringA
VirtualProtect
GetTimeZoneInformation
InitializeCriticalSection
IsBadCodePtr
OpenProcess
VirtualQuery
InterlockedExchange
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
SetStdHandle
VirtualFree
HeapCreate
HeapDestroy
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
WriteFile
HeapSize
GetCurrentProcess
EnterCriticalSection
CloseHandle
FreeLibrary
FindFirstFileA
FindClose
CreateProcessA
GetTickCount
GetExitCodeProcess
InterlockedIncrement
WaitForSingleObject
TerminateProcess
GetModuleFileNameA
DeleteFileA
FindResourceA
LoadResource
LockResource
SizeofResource
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
Sleep
GetSystemDirectoryA
GetTempPathA
GetTempFileNameA
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetSystemInfo
GetLastError
FindNextFileA
LoadLibraryA
ReadFile
GetProcAddress
InterlockedDecrement
IsBadReadPtr
ExitProcess
RtlUnwind
RaiseException
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
GetFileType
SetEndOfFile
SetFilePointer
HeapAlloc
HeapFree
HeapReAlloc
SetFileAttributesA
GetACP
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
DeleteCriticalSection
LeaveCriticalSection
SetEnvironmentVariableW

user32

CharPrevA
CharNextA
WaitForInputIdle
GetDesktopWindow
PeekMessageA
TranslateMessage
DispatchMessageA
SetWindowTextA
LoadIconA
GetSystemMenu
EnableMenuItem
SystemParametersInfoA
GetParent
SetWindowPos
DestroyWindow
CreateDialogParamA
IsWindow
DialogBoxIndirectParamA
ShowWindow
GetWindowRect
MoveWindow
DialogBoxParamA
SetDlgItemTextA
InvalidateRect
UpdateWindow
SendDlgItemMessageA
EndDialog
GetAsyncKeyState
GetDlgItem
GetClientRect
GetSystemMetrics
PostMessageA
GetDC
SendMessageA
ReleaseDC
GetSysColor
FillRect
LoadBitmapA
DrawTextExA
LoadStringA
MessageBoxA

advapi32

RegCreateKeyA
RegEnumKeyA
RegSetValueA
RegQueryValueA
RegCreateKeyExA
RegEnumKeyExA
OpenProcessToken
AllocateAndInitializeSid
GetTokenInformation
EqualSid
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
RegOpenKeyA
RegQueryInfoKeyA
RegCloseKey

gdi32

GetStockObject
GetCurrentObject
CreateFontIndirectA
CreateSolidBrush
DeleteObject
GetObjectA
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
SetTextColor
SetBkColor

comctl32

ord17

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3bf73e2d7e0a77f35d25c83e5226651b

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

gdi32

comctl32

Sections

.text Size: 144KB - Virtual size: 143KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 16KB - Virtual size: 12KB

.text
Size: 144KB - Virtual size: 143KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 16KB - Virtual size: 12KB