60fc3e88f8548d0b2127cf5af744d450_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

60fc3e88f8548d0b2127cf5af744d450_JaffaCakes118
Size

72KB
MD5

60fc3e88f8548d0b2127cf5af744d450
SHA1

a96668126d3c2de31ec9c396f4e131bb928b544d
SHA256

0edf4c24dffd02bcdd3869a6da3a47ebc2c4bb455ad8af8cf1fbf27eab9b002a
SHA512

39dbde08f6caf9b57c7619c67d11faeccca2a24c923b16a334221d8002d59223dfa3de2c9505e301e22cc13e67dbd39f3d94644316c2dfa1029bdb9b9434584b
SSDEEP

768:25+EZDrJkBTxs6FPLPVvoq6jKqkEBHQyqPYPq4+NaDFWdttaz:25vZ3Ja1LPVvR6+EZuPfhNtPtaz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
60fc3e88f8548d0b2127cf5af744d450_JaffaCakes118

Files

60fc3e88f8548d0b2127cf5af744d450_JaffaCakes118
.exe windows:4 windows x86 arch:x86

742b08a1c1badb6156a2759186e7c92a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\Slava\Desktop\BhoKeeper\Release\BhoKeeper.pdb

Imports

kernel32

ExitProcess
HeapSize
GetLocaleInfoA
GetProcAddress
GetStringTypeW
GetStringTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LCMapStringW
LCMapStringA
SetEndOfFile
SetFilePointer
TerminateProcess
OpenProcess
DeleteFileA
GetModuleFileNameA
LoadLibraryA
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetLastError
CloseHandle
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetModuleHandleA
WriteFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
CreateFileA
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
MultiByteToWideChar
ReadFile
GetCPInfo
GetACP
GetOEMCP

user32

KillTimer
GetWindowThreadProcessId
FindWindowA
PostQuitMessage
EndPaint
BeginPaint
DefWindowProcA
DestroyWindow
SetTimer
UpdateWindow
ShowWindow
CreateWindowExA
RegisterClassExA
LoadCursorA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadStringA
RegisterHotKey

advapi32

RegDeleteKeyA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

742b08a1c1badb6156a2759186e7c92a

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 44KB - Virtual size: 40KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 316B

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 316B