350d7fadf9a1d10c4773352774c12458_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

350d7fadf9a1d10c4773352774c12458_JaffaCakes118
Size

398KB
MD5

350d7fadf9a1d10c4773352774c12458
SHA1

c34d90eca88092f7a89fbd48f055476ea77aca0d
SHA256

984bac3c487255cec9d4465adf6ed549f61d3c81f6629d5839dee52c67524bcd
SHA512

5c204ce8793993024fee85bb1ed4e02721995c5908eccbee9da6e6ae70a54d914014478572e52b45a9019b9e9396e767f59ec206738619efb958cb79ca93390f
SSDEEP

6144:3z8qQ44jMcrhssBCTzkmX51ECBPi/C0gkjp3kkSg2pTi:jbvwMc9sTtX51ECBa/027S9p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
350d7fadf9a1d10c4773352774c12458_JaffaCakes118

Files

350d7fadf9a1d10c4773352774c12458_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a3568bf4942547b191d3728fe70cff2d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\App\web\Dll\kwxf\install\Release\install.pdb

Imports

kernel32

WritePrivateProfileStringA
GetACP
GetLocaleInfoA
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
FreeResource
WriteFile
SizeofResource
GetWindowsDirectoryA
LockResource
LoadResource
FindResourceA
TerminateProcess
SetFileTime
GetFileTime
GetSystemDirectoryA
WinExec
Sleep
SetFileAttributesA
CreateDirectoryA
VirtualQuery
GetCurrentProcess
DuplicateHandle
CreateEventA
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
OpenProcess
GetLastError
GetProcAddress
GetProcessHeap
HeapAlloc
lstrcpynA
CloseHandle
HeapFree
GetModuleHandleA
CreateFileA
GetSystemInfo
VirtualProtect
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
SetFilePointer
ExitProcess
GetLocalTime
GetFileAttributesA
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
HeapSize
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
LoadLibraryA
GetOEMCP
GetCPInfo
FlushFileBuffers

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken
GetTokenInformation
LookupAccountSidA

ntdll

sprintf
RtlUnwind
RtlEqualUnicodeString
NtQueryObject
NtQuerySystemInformation
RtlInitUnicodeString
_strupr
NtQueryVirtualMemory

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3568bf4942547b191d3728fe70cff2d

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ntdll

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 2KB - Virtual size: 7KB

.rsrc Size: 363KB - Virtual size: 362KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 2KB - Virtual size: 7KB

.rsrc
Size: 363KB - Virtual size: 362KB