393da05ddb1d857be56c43bcbbb1e5cf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

393da05ddb1d857be56c43bcbbb1e5cf_JaffaCakes118
Size

553KB
MD5

393da05ddb1d857be56c43bcbbb1e5cf
SHA1

b0138e46085f261f276600e0c1acac32c2f91866
SHA256

a95cff45859410b6c31ae14d594ea8effe3bb4e798a4260a19b5da48573b397c
SHA512

9a41d5f23e76c00a85fcd30975301433231feedf8197dede5329999f401d6b84c30c2f59a2a8a58680510e67e058f0c43fceafc336fd58bcd8bca4b9cafcf7bc
SSDEEP

12288:9F0s4vfEMNsL97p6sa9jaMJsJQf0vaWu3GkIPc:ws4vfEMNsL9dJa9WM+J00vgG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
393da05ddb1d857be56c43bcbbb1e5cf_JaffaCakes118

Files

393da05ddb1d857be56c43bcbbb1e5cf_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d89068047fd65851e5f193e625f1245f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Projects\bot-mws\output\MinSizeRel\cursormania.pdb

Imports

shlwapi

PathStripPathW
PathRemoveExtensionW
PathRemoveArgsW
PathMakePrettyW
SHGetValueW

wininet

SetUrlCacheEntryInfoW
FindNextUrlCacheEntryW
FindCloseUrlCache
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW

pdh

PdhCloseQuery
PdhLookupPerfNameByIndexA
PdhMakeCounterPathA
PdhRemoveCounter
PdhCollectQueryData
PdhAddCounterA
PdhOpenQueryW
PdhGetFormattedCounterValue

kernel32

ExitThread
GetWindowsDirectoryW
CreateProcessW
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
ResumeThread
ResetEvent
ReleaseSemaphore
IsProcessorFeaturePresent
InterlockedCompareExchange
SetEnvironmentVariableA
GetProcAddress
GetModuleHandleW
InterlockedExchangeAdd
Sleep
InterlockedIncrement
InterlockedDecrement
CompareStringA
GetLocaleInfoA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
LCMapStringW
GetLastError
CompareStringW
LCMapStringA
GetCPInfo
GetStringTypeA
GetFileInformationByHandle
GetFileSize
ReadFile
WriteFile
GetSystemInfo
CloseHandle
SetFilePointer
GetFileType
CreateFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
HeapFree
GetProcessHeap
WaitForSingleObject
CreateEventA
CreateSemaphoreA
DuplicateHandle
GetCurrentProcess
HeapAlloc
SetEvent
LocalFree
FormatMessageA
FlushInstructionCache
lstrlenA
SystemTimeToFileTime
GetSystemTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetVersionExW
RtlUnwind
RaiseException
GetStartupInfoW
HeapReAlloc
SetHandleCount
GetStdHandle
GetStartupInfoA
SetStdHandle
GetSystemTimeAsFileTime
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
CreateThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameA
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
HeapSize
VirtualAlloc
GetModuleHandleA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

user32

MapVirtualKeyW
VkKeyScanW
PostMessageW
IsWindow
CloseDesktop
SetThreadDesktop
GetThreadDesktop
CreateDesktopW
CallWindowProcW
SetWindowLongW
DefWindowProcW
GetWindowLongW

shell32

ord680

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysStringLen
SysAllocString
VariantInit
VariantClear
VariantChangeType

advapi32

RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW

Sections

.text
Size: 389KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

STLPORT_
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d89068047fd65851e5f193e625f1245f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

wininet

pdh

kernel32

user32

shell32

ole32

oleaut32

advapi32

Sections

.text Size: 389KB - Virtual size: 388KB

.rdata Size: 94KB - Virtual size: 93KB

.data Size: 25KB - Virtual size: 34KB

STLPORT_ Size: 512B - Virtual size: 32B

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 43KB - Virtual size: 42KB

.text
Size: 389KB - Virtual size: 388KB

.rdata
Size: 94KB - Virtual size: 93KB

.data
Size: 25KB - Virtual size: 34KB

STLPORT_
Size: 512B - Virtual size: 32B

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 43KB - Virtual size: 42KB