625a1ca8992bcfcb1dc64ca7cbaf7851_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

625a1ca8992bcfcb1dc64ca7cbaf7851_JaffaCakes118
Size

540KB
MD5

625a1ca8992bcfcb1dc64ca7cbaf7851
SHA1

72b2b74290f527b9cf8f46422321fb28fe67b2dd
SHA256

7e79ce7aa71ec47ee0a13e9588c784df8146e80a8955e2571bb2ded3f7ee8dff
SHA512

70380437b19f96fb81c0342913344b719557be9ff03d3dd3f9894e2e55e25eb30231b5d2277aa6b2e27c55ff2087c681fc84abe6f63d4cfb82d1912830974bc0
SSDEEP

12288:UmbOjsKKj+/qhB8vRAURj1/qa6OEI7gfZAvQ5+CtPKkBnAj9R:UmQ1KjJB8vRAURZqrOEI0Z8UrtPty9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
625a1ca8992bcfcb1dc64ca7cbaf7851_JaffaCakes118

Files

625a1ca8992bcfcb1dc64ca7cbaf7851_JaffaCakes118
.exe windows:4 windows x86 arch:x86

53de51a9dba0d5ff08ca2ef4edc6da01

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\itiqej.pdb

Imports

kernel32

GetCPInfo
CompareStringA
EnumSystemLocalesA
VirtualLock
GetModuleHandleW
SetStdHandle
GetDateFormatA
GetCommandLineA
FlushFileBuffers
GetTimeZoneInformation
GetConsoleMode
TerminateProcess
InterlockedIncrement
HeapAlloc
GetCurrentThread
GetStartupInfoA
GetStringTypeW
ExitProcess
InterlockedDecrement
ReadFile
RtlUnwind
GetProcAddress
TlsSetValue
IsValidLocale
LCMapStringA
FreeLibrary
IsDebuggerPresent
DeleteCriticalSection
HeapSize
GetTimeFormatA
GetOEMCP
GlobalGetAtomNameA
WriteConsoleW
HeapCreate
GetACP
SetUnhandledExceptionFilter
GetStdHandle
HeapReAlloc
CreateFileA
MultiByteToWideChar
CompareStringW
GetModuleHandleA
FreeEnvironmentStringsA
GetEnvironmentStrings
HeapDestroy
GetUserDefaultLCID
WriteConsoleA
EnterCriticalSection
LeaveCriticalSection
GetLocaleInfoA
GetCurrentProcess
GetCurrentThreadId
UnhandledExceptionFilter
GetCurrentProcessId
IsValidCodePage
CloseHandle
OpenMutexA
VirtualQuery
LCMapStringW
TlsAlloc
CreateNamedPipeW
GetConsoleCP
SetFilePointer
SetEnvironmentVariableA
GetSystemTimeAsFileTime
GetEnvironmentStringsW
GetFileType
WideCharToMultiByte
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
VirtualAlloc
WaitNamedPipeA
TlsGetValue
GetPrivateProfileSectionA
TlsFree
GetModuleFileNameA
CopyFileA
GetLocaleInfoW
GetNamedPipeHandleStateA
InitializeCriticalSection
SetConsoleCtrlHandler
GetConsoleOutputCP
Sleep
QueryPerformanceCounter
GetLastError
WriteFile
SleepEx
CreateMutexA
VirtualFree
GetStringTypeA
HeapFree
SetHandleCount
lstrcpyW
InterlockedExchange
SetLastError
LoadLibraryA
GetTickCount

comdlg32

PageSetupDlgW
ChooseColorA
ReplaceTextA

user32

DialogBoxIndirectParamW
ExcludeUpdateRgn
RealChildWindowFromPoint
BroadcastSystemMessage
RegisterClassExA
SendMessageW
AnimateWindow
WinHelpW
SetClassLongA
SetPropA
DdeConnectList
RegisterClassA
EnumPropsA
EditWndProc
RemovePropW
TileWindows
GetKBCodePage
SetMenuDefaultItem
DdeQueryStringW
MonitorFromWindow
FrameRect
GetWindowThreadProcessId
DragDetect

comctl32

InitCommonControlsEx

Sections

.text
Size: 355KB - Virtual size: 354KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53de51a9dba0d5ff08ca2ef4edc6da01

Headers

File Characteristics

PDB Paths

Imports

kernel32

comdlg32

user32

comctl32

Sections

.text Size: 355KB - Virtual size: 354KB

.rdata Size: 56KB - Virtual size: 67KB

.data Size: 107KB - Virtual size: 106KB

.rsrc Size: 21KB - Virtual size: 21KB

.text
Size: 355KB - Virtual size: 354KB

.rdata
Size: 56KB - Virtual size: 67KB

.data
Size: 107KB - Virtual size: 106KB

.rsrc
Size: 21KB - Virtual size: 21KB