3687eb000c87d68bcb6c9e78dbd7ca3b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3687eb000c87d68bcb6c9e78dbd7ca3b_JaffaCakes118
Size

306KB
MD5

3687eb000c87d68bcb6c9e78dbd7ca3b
SHA1

2b4eb8e49f4a0632d519576bf2dae113a43a5f06
SHA256

d0bf690fdd4955d39e5b42d0a7e91fa7b018e2af7babe37f9f122683d2642937
SHA512

51644da56893773f648fefbcf0c57d17f0732001f23a524c005763bdccbca402fda860b7b9eeac5a6b8904f232be09539dd6538f4637c3547a5ae4d000a316d9
SSDEEP

6144:hbfdmxrOf3rz97Xv/ge8UbVaUdwsFORyPceXXe/NqG:hrQkz9Tv/D8sVaUdwsm7eXXe/NqG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3687eb000c87d68bcb6c9e78dbd7ca3b_JaffaCakes118

Files

3687eb000c87d68bcb6c9e78dbd7ca3b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

eaee0676e1a92bce9b1fd66c47793718

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Source\ProcControl\release\ProcControl.pdb

Imports

kernel32

lstrcatA
CloseHandle
CreateThread
GetFileSize
InterlockedDecrement
GetTickCount
FormatMessageW
ReadFile
CreateFileW
lstrlenW
GetLastError
GetCurrentDirectoryW
Process32FirstW
LocalAlloc
DeviceIoControl
Process32NextW
lstrcmpiW
lstrcatW
Sleep
DeleteFileW
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetPrivateProfileIntA
WriteFile
GetProcessHeap
HeapFree
HeapAlloc
lstrlenA
CreateToolhelp32Snapshot
CreateFileA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
SetFilePointer
InitializeCriticalSection
LoadLibraryA
GetOEMCP
GetACP
MultiByteToWideChar
WideCharToMultiByte
LocalFree
GetVersionExA
GetStartupInfoW
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo

user32

SetWindowTextW
wsprintfW
GetDlgItem
SetTimer
EnableWindow
KillTimer
DialogBoxParamW
wsprintfA
SendDlgItemMessageA
LoadIconW
GetWindowTextW
EndDialog
SendDlgItemMessageW
MessageBoxW
SendMessageW

advapi32

StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
ControlService

shell32

ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW

ole32

CoCreateInstance
CoInitialize
OleRun
CoUninitialize
CLSIDFromProgID

oleaut32

SysFreeString
VariantClear
SysAllocString
GetErrorInfo

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msd0
Size: 316KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

eaee0676e1a92bce9b1fd66c47793718

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 64KB - Virtual size: 62KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 16KB - Virtual size: 12KB

.msd0 Size: 316KB - Virtual size: 312KB

.text
Size: 64KB - Virtual size: 62KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 16KB - Virtual size: 12KB

.msd0
Size: 316KB - Virtual size: 312KB