428a2b5bda7a4eae72f09b53ba482359_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

428a2b5bda7a4eae72f09b53ba482359_JaffaCakes118
Size

484KB
MD5

428a2b5bda7a4eae72f09b53ba482359
SHA1

29adfa39e3a0aa50251e16912e7d70d614cec9cb
SHA256

3f4566c828067d27adc18898d74494b605f353bd0323264bb920d8208df94938
SHA512

c0fe49200f7849bc3748a83f18752c643af87de24e5f158c3ccb7e20f2b1df05d27e2b86a35957c79c29c900707160a27d2b4ddef7f481394fa3ddcf9c35d9bc
SSDEEP

6144:nT7rG9iDrHVQ1w5GJntppA+kUz9pgEQpfGmQc9L32UPX90/fnPMVyA3qlAYRVfMk:n30iDr+1wsJn3i7E9epfDF6nndnAYIk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
428a2b5bda7a4eae72f09b53ba482359_JaffaCakes118

Files

428a2b5bda7a4eae72f09b53ba482359_JaffaCakes118
.exe windows:5 windows x86 arch:x86

447eed55ce7e9646a2d34164aa7e64d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Magalhae\Release\Store.pdb

Imports

kernel32

HeapFree
GetACP
WideCharToMultiByte
GetModuleFileNameA
LCMapStringW
DecodePointer
HeapReAlloc
GetConsoleMode
ReadConsoleW
GetConsoleCP
FlushFileBuffers
SetStdHandle
SetFilePointerEx
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetProcessHeap
CreateFileW
WriteConsoleW
HeapSize
SetEndOfFile
CreateEventA
CloseHandle
HeapAlloc
SetLastError
GetLastError
GetCurrentThread
FreeEnvironmentStringsA
GetCurrentProcess
VirtualAlloc
LocalFree
LocalAlloc
GlobalFree
GlobalUnlock
GlobalHandle
ExitProcess
ReadFile
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
EncodePointer
Sleep
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GlobalLock
GlobalReAlloc
GlobalAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
RaiseException
TerminateProcess
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
WaitForSingleObject
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
GetCurrentThreadId
MultiByteToWideChar
GetProcAddress
GetModuleHandleA
GetVersion
WriteFile
GetFileType
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent

user32

DispatchMessageA
GetProcessWindowStation
TranslateMessage
SendMessageA
DefWindowProcA
GetMessageA
MessageBoxA
GetUserObjectInformationW
PostQuitMessage
RegisterClassExA
CreateWindowExA
DestroyWindow
ShowWindow
MoveWindow
SetWindowPos
GetSystemMetrics
SetMenu
CreateMenu
CreatePopupMenu
EnableMenuItem
AppendMenuA
UpdateWindow
GetDC
ReleaseDC
DdeCreateStringHandleW
FindWindowA
SetClassLongA
PtInRect
GetCursorPos
GetClientRect
SetWindowTextA
EndPaint
BeginPaint
GetWindowDC
GetMenuCheckMarkDimensions
CheckMenuItem
GetMenu
CreateAcceleratorTableA
SetFocus
GetDlgItem
LoadIconA
LoadCursorA
SetWindowLongA
SetCursor
GetWindowRect
GetPropA
SetPropA
InvalidateRect

gdi32

TextOutA
CreateDIBSection
GetTextMetricsA
SetTextJustification
SetTextAlign
SetTextColor
SetPolyFillMode
SetBkMode
PatBlt
GetTextAlign
GetGlyphOutlineA
GetDeviceCaps
EnumFontFamiliesA
CreatePatternBrush
CreateFontA
CreateFontIndirectA
GetObjectA
SetDCPenColor
SetDCBrushColor
SelectObject
Rectangle
GetStockObject
Ellipse
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateBitmap
BitBlt

comdlg32

ChooseFontA
GetOpenFileNameA

advapi32

RegisterEventSourceA
DuplicateToken
AccessCheck
OpenProcessToken
SetNamedSecurityInfoA
ChangeServiceConfig2A
LookupAccountNameA
SetFileSecurityA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
FreeSid
AllocateAndInitializeSid
ReportEventA
DeregisterEventSource
GetTokenInformation
OpenThreadToken

ole32

RevokeDragDrop
StgOpenStorage
CoCreateGuid
StringFromGUID2
CoLockObjectExternal
CoMarshalInterface
CoCreateInstance
CoUninitialize
CoInitialize

windowscodecs

WICConvertBitmapSource

ws2_32

WSAEventSelect

wininet

GopherCreateLocatorA
GopherFindFirstFileW

netapi32

NetWkstaUserGetInfo

avifil32

AVIStreamGetFrameOpen
AVIStreamRelease

winscard

SCardGetProviderIdW

shlwapi

StrToIntExA

wintrust

CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAddCatalog

opengl32

glLoadIdentity
glMatrixMode
glViewport
glOrtho

glu32

gluLookAt

urlmon

CreateAsyncBindCtx

tapi32

phoneGetGain

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

447eed55ce7e9646a2d34164aa7e64d1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

ole32

windowscodecs

ws2_32

wininet

netapi32

avifil32

winscard

shlwapi

wintrust

opengl32

glu32

urlmon

tapi32

Sections

.text Size: 141KB - Virtual size: 140KB

.rdata Size: 173KB - Virtual size: 172KB

.data Size: 23KB - Virtual size: 35KB

.gfids Size: 512B - Virtual size: 300B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 144KB - Virtual size: 144KB

.text
Size: 141KB - Virtual size: 140KB

.rdata
Size: 173KB - Virtual size: 172KB

.data
Size: 23KB - Virtual size: 35KB

.gfids
Size: 512B - Virtual size: 300B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 144KB - Virtual size: 144KB