495486ce5bd0bcf5b9659f05bf14cf51_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

495486ce5bd0bcf5b9659f05bf14cf51_JaffaCakes118
Size

319KB
MD5

495486ce5bd0bcf5b9659f05bf14cf51
SHA1

1efefb1a0e38b7f9c820efc5a9bc288b30596031
SHA256

90a92e8a5679fb2367e66c5b67e4c8590fd6fc9c0a3b89a9f1c93c20644dd2c7
SHA512

b523786e6043a68717a54f16b5388e3b82f330454704b24558f1704ff6dc089e4d78f3c94e45c62968646d757aa86db993c3a7dccbdefaa697d659899709012e
SSDEEP

6144:aWS70l7GPw1aKs0tLRIU4lj0kopJMd48fiSg2nxWGtkUK:aWu0l5q0tIQ/MyCWz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
495486ce5bd0bcf5b9659f05bf14cf51_JaffaCakes118

Files

495486ce5bd0bcf5b9659f05bf14cf51_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a346f0a35f9aaeb7b9f0b33963c11e9d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\eqksescmi\wztb.pdb

Imports

user32

RegisterClassExA
RegisterClassA
LookupIconIdFromDirectory
CreateDesktopA
DdeQueryStringW
IsDialogMessage
CreateWindowStationW
CreateWindowExA
CreateDialogParamA
DdeQueryNextServer
MoveWindow
MessageBoxA
InsertMenuItemA
DdeInitializeA
OpenInputDesktop
GetInputState
DeleteMenu
GetClassLongA
ShowWindow
ArrangeIconicWindows

comctl32

InitCommonControlsEx

kernel32

GetVersionExA
ReadFile
FreeEnvironmentStringsW
GetProcAddress
HeapCreate
ExitProcess
GetCPInfo
GetCurrentProcess
GetCommandLineA
GetTickCount
GetLocaleInfoW
LCMapStringA
IsBadWritePtr
GetCurrentThreadId
GetModuleFileNameA
HeapSize
TlsAlloc
GetStringTypeA
GetDateFormatA
GetOEMCP
SetLocaleInfoA
LoadLibraryA
HeapAlloc
VirtualAlloc
UnhandledExceptionFilter
GlobalFix
SetEnvironmentVariableA
IsValidCodePage
LCMapStringW
VirtualProtect
GetStringTypeW
SetConsoleOutputCP
GetFileType
TerminateProcess
SetStdHandle
GetACP
HeapFree
CreateMutexA
GetCurrentThread
TlsGetValue
WaitForSingleObject
SetFilePointer
GetLastError
GetEnvironmentStrings
CompareStringA
VirtualQuery
GetUserDefaultLCID
SetLastError
WriteFile
GetEnvironmentStringsW
SetLocalTime
GetProcAddress
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedExchange
EnterCriticalSection
GetPrivateProfileStringW
EnumSystemLocalesA
GetStdHandle
CloseHandle
WideCharToMultiByte
QueryPerformanceCounter
GetTimeFormatA
HeapDestroy
GetLocaleInfoA
RtlUnwind
GetModuleHandleA
FreeEnvironmentStringsA
OpenMutexA
GetModuleFileNameW
TlsFree
CreateRemoteThread
WriteConsoleA
SetThreadAffinityMask
GetSystemInfo
GetStartupInfoA
SetHandleCount
VirtualFree
LoadLibraryExW
LeaveCriticalSection
GetCommandLineW
DeleteCriticalSection
MultiByteToWideChar
GetStartupInfoW
FlushFileBuffers
TlsSetValue
HeapReAlloc
FileTimeToSystemTime
CompareStringW
IsValidLocale
InitializeCriticalSection
GetTimeZoneInformation

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a346f0a35f9aaeb7b9f0b33963c11e9d

Headers

File Characteristics

PDB Paths

Imports

user32

comctl32

kernel32

Sections

.text Size: 200KB - Virtual size: 199KB

.rdata Size: 14KB - Virtual size: 41KB

.data Size: 88KB - Virtual size: 88KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 14KB - Virtual size: 41KB

.data
Size: 88KB - Virtual size: 88KB

.rsrc
Size: 16KB - Virtual size: 16KB