30d4d4227adf7c65dd752e9c301353db_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

30d4d4227adf7c65dd752e9c301353db_JaffaCakes118
Size

499KB
MD5

30d4d4227adf7c65dd752e9c301353db
SHA1

5c36364ad043c6c206233043c41d95f8acaa35dd
SHA256

b37c3b66b03e7460e522eda8c7176c05e8663435ce2c838e5eba978deb4bc4da
SHA512

caa4242ad627e5a80e1c5e65fb099d508e9cb185e60a33e4ee8e972e0f7531cc4d84afdefbc4dce4a7666effc900a0510ee20cbee2d5770c8dfa3910e0f8b315
SSDEEP

12288:jQ5yLVaft1GU2+GCFf3/3tQfBvGnB8RPsCJy6jj0sTp:jQ5yLVaftoUnGCx3/3tQfAB8Ry6P0s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30d4d4227adf7c65dd752e9c301353db_JaffaCakes118

Files

30d4d4227adf7c65dd752e9c301353db_JaffaCakes118
.exe windows:4 windows x86 arch:x86

103906eb40404d69ed30b73ebba0b7c2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\epfeed.pdb

Imports

shell32

DoEnvironmentSubstA
DragQueryFileA
SHFormatDrive
ExtractIconExW
RealShellExecuteW

comctl32

InitCommonControlsEx

advapi32

InitializeSecurityDescriptor
RegConnectRegistryA
CryptDeriveKey
CryptDestroyHash
RegEnumKeyExW
CryptDuplicateHash
RegDeleteKeyW
RegCreateKeyExW
RegSetValueA
RegQueryMultipleValuesW
DuplicateToken
CryptHashData
GetUserNameA
CryptSignHashW

kernel32

EnumResourceNamesW
ReadFile
GetStartupInfoA
WriteConsoleA
GetCurrentProcess
WriteConsoleW
GetStdHandle
CloseHandle
GetConsoleMode
GetCommandLineA
HeapCreate
HeapDestroy
GetStringTypeW
Sleep
LeaveCriticalSection
HeapAlloc
VirtualQuery
GetLocaleInfoA
HeapReAlloc
CreateMutexA
EnumSystemLocalesA
ExitProcess
CompareStringA
TlsSetValue
LCMapStringA
GetConsoleCursorInfo
WideCharToMultiByte
GetStringTypeA
GetCPInfo
LCMapStringW
CompareStringW
OpenMutexA
VirtualFree
InterlockedIncrement
IsValidCodePage
MultiByteToWideChar
WriteFile
GetEnvironmentStringsW
GetVersionExA
GetCurrentProcessId
TlsAlloc
GetProcAddress
FlushFileBuffers
GetUserDefaultLCID
SetEnvironmentVariableA
GetLastError
SetFilePointer
FreeEnvironmentStringsA
HeapSize
IsDebuggerPresent
SetStdHandle
EnumResourceNamesA
GetOEMCP
GetACP
lstrcatW
HeapFree
VirtualAlloc
LocalCompact
GetDateFormatA
FreeEnvironmentStringsW
GetProcessHeap
GetConsoleCP
InterlockedExchange
TerminateProcess
IsValidLocale
GetTimeFormatA
DeleteCriticalSection
CreateFileA
SetUnhandledExceptionFilter
GetConsoleOutputCP
QueryPerformanceCounter
GetTickCount
GetFileType
SetHandleCount
GetCurrentThreadId
GetEnvironmentStrings
LoadLibraryA
SetLastError
TlsFree
GetModuleHandleA
GetSystemTimeAsFileTime
InitializeCriticalSection
SetConsoleCtrlHandler
FreeLibrary
TlsGetValue
InterlockedDecrement
EnterCriticalSection
GetTimeZoneInformation
GetModuleFileNameA
RtlUnwind
UnhandledExceptionFilter
GetLocaleInfoW
GetCurrentThread

user32

RegisterClassExA
LoadMenuA
RegisterClassA
InvertRect
LoadCursorW
GetPriorityClipboardFormat

Sections

.text
Size: 319KB - Virtual size: 319KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

103906eb40404d69ed30b73ebba0b7c2

Headers

File Characteristics

PDB Paths

Imports

shell32

comctl32

advapi32

kernel32

user32

Sections

.text Size: 319KB - Virtual size: 319KB

.rdata Size: 61KB - Virtual size: 70KB

.data Size: 106KB - Virtual size: 105KB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 319KB - Virtual size: 319KB

.rdata
Size: 61KB - Virtual size: 70KB

.data
Size: 106KB - Virtual size: 105KB

.rsrc
Size: 11KB - Virtual size: 11KB