3a8621606ad024426509ae789c939e26_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3a8621606ad024426509ae789c939e26_JaffaCakes118
Size

1.2MB
MD5

3a8621606ad024426509ae789c939e26
SHA1

b7d0669329a2cdf1d13dcbf90387f55e461663f3
SHA256

1de95bb84eaef4e4833d4bdd2cd3377683e7fcbd4c104c8518bb363f7d9b6778
SHA512

0361d301a9d65352da6aecdd147c590eac599502f370e9b5d13a9e9fa6259f60f84168491aab0006788aa247a229032945d9aa4207bfa3817a32bdce8dbd1e05
SSDEEP

24576:Ll+VUMrSCvJtqulrel8ahs0rTNio70bl/TyrxiVvbRlSxsZT0iWEmqj:Z+Rv7qule33v4Dbl7ywvdlSOTNj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a8621606ad024426509ae789c939e26_JaffaCakes118

Files

3a8621606ad024426509ae789c939e26_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4929bfcbb27d6d02b59fd1782dc90802

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\lrodwsadeq.PDB

Imports

shell32

ExtractAssociatedIconA
RealShellExecuteExW
ExtractIconExW
ExtractIconW

comdlg32

ReplaceTextW

comctl32

InitCommonControlsEx

kernel32

WideCharToMultiByte
GetProcAddress
GetCommandLineA
IsValidLocale
GetFileType
GetOEMCP
GetLocaleInfoA
HeapSize
VirtualProtect
GetStdHandle
LocalHandle
GetStartupInfoW
InterlockedExchange
GetEnvironmentStringsW
SetLastError
TlsSetValue
GetSystemTimeAsFileTime
GetModuleFileNameA
FlushFileBuffers
FreeEnvironmentStringsW
lstrcatW
GetStringTypeA
CreateSemaphoreW
LCMapStringW
HeapAlloc
GetTimeFormatA
GetPriorityClass
GetStartupInfoA
GetStringTypeW
QueryPerformanceCounter
VirtualFree
VirtualAlloc
SetHandleCount
DeleteCriticalSection
LoadLibraryA
CompareStringA
FreeEnvironmentStringsA
OpenMutexA
ExitProcess
InitializeCriticalSection
CloseHandle
RtlUnwind
ReadFile
SetEnvironmentVariableA
TerminateProcess
GetTickCount
SetConsoleCursorPosition
Sleep
HeapReAlloc
GetVersionExA
GetCommandLineW
EnterCriticalSection
GetUserDefaultLCID
GetCurrentThreadId
HeapDestroy
VirtualQuery
WriteFile
GetDateFormatA
TlsFree
HeapFree
MultiByteToWideChar
EnumSystemLocalesA
GetLocaleInfoW
GetSystemInfo
GetCurrentProcess
TlsGetValue
GetLastError
CompareStringW
LCMapStringA
SetStdHandle
HeapCreate
IsBadWritePtr
UnhandledExceptionFilter
GetCurrentProcessId
TlsAlloc
FlushInstructionCache
GetCPInfo
lstrcpyn
CreateMutexA
GetCurrentThread
IsValidCodePage
GetACP
LocalSize
OpenEventW
GetModuleFileNameW
SetFilePointer
LeaveCriticalSection
GetEnvironmentStrings
GetModuleHandleA
CopyFileExA
GetTimeZoneInformation

user32

DrawFocusRect
SetDlgItemTextW
CreateDesktopA
GetDlgItemInt
IsCharUpperW
GetTabbedTextExtentW
RegisterClassExA
RegisterClassA

advapi32

RegEnumValueA
AbortSystemShutdownA
RegSetValueExA
CryptSignHashA
RegDeleteKeyW
RegReplaceKeyW
LogonUserW
CryptDuplicateHash
CryptCreateHash

gdi32

SetPaletteEntries
GetCharWidthA
SetFontEnumeration
CreateFontIndirectW
GetBitmapBits
SetPixel
CheckColorsInGamut
RectVisible
EnumFontFamiliesExA
CombineRgn
ScaleWindowExtEx
TranslateCharsetInfo
SetICMMode
ExtEscape
LPtoDP
SetTextCharacterExtra
Arc
SetROP2
PolyBezierTo
SetBrushOrgEx
GetCharWidth32W

Sections

.text
Size: 338KB - Virtual size: 338KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 804KB - Virtual size: 802KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4929bfcbb27d6d02b59fd1782dc90802

Headers

File Characteristics

PDB Paths

Imports

shell32

comdlg32

comctl32

kernel32

user32

advapi32

gdi32

Sections

.text Size: 338KB - Virtual size: 338KB

.rdata Size: 46KB - Virtual size: 55KB

.data Size: 804KB - Virtual size: 802KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 338KB - Virtual size: 338KB

.rdata
Size: 46KB - Virtual size: 55KB

.data
Size: 804KB - Virtual size: 802KB

.rsrc
Size: 9KB - Virtual size: 9KB