405fbdcecb171368f3c030e8bb26ac9e_JaffaCakes118

General

Target

405fbdcecb171368f3c030e8bb26ac9e_JaffaCakes118
Size

129KB
MD5

405fbdcecb171368f3c030e8bb26ac9e
SHA1

c00c4ebc3ed867d1084827bdc92b59356004fd6b
SHA256

d69fe335b6220f13e731dc5f01a56314532fee61bcbba55c2d705c4e8f3ff9af
SHA512

84f654ff730fca3d25e0d4f8635aae609d60070c71f7edf2d768da85edd0a548e6a9b72215adc524537e83e3b36769c19553400d3e60b40a8f531864bec5d7db
SSDEEP

3072:Pk43L1Pla/MFk+2s5kiJ6RtvsVUGGMKzRibZL/OWWr:P57dy+pmiwR+VPG1zRi1U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
405fbdcecb171368f3c030e8bb26ac9e_JaffaCakes118

Files

405fbdcecb171368f3c030e8bb26ac9e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e1d269f7118ae7a769f8f6be609667eb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BUILD_~1\jdk6_11\control\build\WINDOW~1\tmp\deploy\plugin\jureg\obj\jureg.pdb

Imports

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
GetLastError
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
lstrlenA
GetModuleFileNameA
lstrcatA
GetEnvironmentVariableA
GetSystemDirectoryA
lstrcpyA
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
GetSystemInfo
HeapFree
GetModuleHandleA
GetStartupInfoA
ExitProcess
HeapReAlloc
HeapAlloc
RtlUnwind
VirtualQuery
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetProcAddress
TerminateProcess
GetCurrentProcess
HeapSize
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
SetLastError
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryA
GetOEMCP
GetCPInfo
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualProtect

user32

wsprintfA

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e1d269f7118ae7a769f8f6be609667eb

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 84KB - Virtual size: 84KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 84KB - Virtual size: 84KB