3747620f8ef6d4411087543d6c2bf891_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3747620f8ef6d4411087543d6c2bf891_JaffaCakes118
Size

518KB
MD5

3747620f8ef6d4411087543d6c2bf891
SHA1

2784fd8d605b47abb690fa39c4241a9305f4df73
SHA256

00e10d3a5b56a1a179e69d7f99a028308c11799fe2d2d88a9f948e47a2162a5f
SHA512

b80e237b953c742d43b46087786bc88dae010cddf33a987770f40da9013a83e56c473f23772db3e96bbae738934f1afee653118d62b0f199b0981e80fcdb5c3a
SSDEEP

12288:5b2MuVZQ9IIMVFZrDPXIXhokzeLgy33DYnkuny:5AVa9evCx6g+3Dekun

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3747620f8ef6d4411087543d6c2bf891_JaffaCakes118

Files

3747620f8ef6d4411087543d6c2bf891_JaffaCakes118
.exe windows:4 windows x86 arch:x86

56d709827a98e0225a28f46eb583d05f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\nwdqjfc\ecftdsavo\gor

Imports

kernel32

GetModuleHandleA
QueryPerformanceCounter
GetCurrentThread
FileTimeToSystemTime
CompareStringW
FreeEnvironmentStringsW
GetACP
GetModuleFileNameA
CloseHandle
GetLocalTime
VirtualQuery
GetStdHandle
HeapDestroy
GetPrivateProfileStructA
InterlockedExchange
GetFullPathNameW
GetCurrentProcessId
InitializeCriticalSection
TlsFree
LCMapStringW
OpenMutexA
FreeLibraryAndExitThread
LeaveCriticalSection
CreateThread
FreeEnvironmentStringsA
FlushFileBuffers
CompareStringA
SetLastError
UnhandledExceptionFilter
GetStringTypeW
GetLastError
HeapReAlloc
SetStdHandle
GetEnvironmentStrings
GetStringTypeA
GetSystemTime
GetCPInfo
InterlockedDecrement
TlsGetValue
TlsSetValue
HeapCreate
VirtualFreeEx
GetTimeZoneInformation
GetProcAddress
WideCharToMultiByte
HeapAlloc
GetStartupInfoA
GetTickCount
GetEnvironmentStringsW
TerminateProcess
LCMapStringA
GetCurrentProcess
GetFileType
VirtualQueryEx
SetHandleCount
ReadFile
GetThreadContext
EnterCriticalSection
CreateMutexA
GetCommandLineA
TlsAlloc
RtlUnwind
SetEnvironmentVariableA
LoadLibraryA
HeapFree
GetCurrentThreadId
DeleteCriticalSection
InterlockedIncrement
SetFilePointer
MultiByteToWideChar
GetVersion
VirtualAlloc
WriteFile
GetOEMCP
VirtualFree
CommConfigDialogA
GetSystemTimeAsFileTime
IsBadWritePtr
ExitProcess

user32

CloseWindowStation
LoadAcceleratorsW
SetScrollRange
RegisterClassA
GetAltTabInfo
SetDlgItemTextA
ReleaseDC
ValidateRgn
ChangeDisplaySettingsExW
GetWindowLongA
DdeCmpStringHandles
GetWindowDC
OpenClipboard
TileWindows
DrawEdge
MapWindowPoints
RegisterClassExA

comctl32

ImageList_SetFlags
CreatePropertySheetPageW
ImageList_GetIcon
ImageList_DragLeave
CreateToolbar
ImageList_Replace
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
DrawStatusTextA
ImageList_SetBkColor
ImageList_Merge
InitCommonControlsEx
ImageList_DrawEx
DrawStatusText
ImageList_LoadImage
ImageList_Read

shell32

SHGetPathFromIDListA

Sections

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56d709827a98e0225a28f46eb583d05f

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

comctl32

shell32

Sections

.text Size: 149KB - Virtual size: 148KB

.rdata Size: 244KB - Virtual size: 244KB

.data Size: 112KB - Virtual size: 142KB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 149KB - Virtual size: 148KB

.rdata
Size: 244KB - Virtual size: 244KB

.data
Size: 112KB - Virtual size: 142KB

.rsrc
Size: 11KB - Virtual size: 11KB