62902db8994a5807c218009e89450b03_JaffaCakes118

General

Target

62902db8994a5807c218009e89450b03_JaffaCakes118
Size

216KB
MD5

62902db8994a5807c218009e89450b03
SHA1

4671392157e62707ca6eb8b1af3091be68669465
SHA256

f31210786cbabbdea7382aeab2b4b52083c0f089b42bc9afd646c262eef68236
SHA512

4c5ef75020e15e28c7ae076ad7061ff0a231fcb50e2a38264ac6e4910c732b475cd79cfe2a7cb185acfb325adffdd4f446f2ec7ab153d4f6bc7d3c98bf8e84af
SSDEEP

3072:TMpb5LjxcYtMgUeVKFlqOngFIzNKPMWhSA+FudyiJEDyJ:T2b5LY7IilqlCsK7FuDEmJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
62902db8994a5807c218009e89450b03_JaffaCakes118

Files

62902db8994a5807c218009e89450b03_JaffaCakes118
.exe windows:4 windows x86 arch:x86

345a2c7ad14905863e5cf4268b97b83b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Антон\Desktop\adware\UnpackEXE\release\UnpackEXE.pdb

Imports

kernel32

FindResourceW
LoadResource
SizeofResource
LockResource
CreateFileW
SetFilePointer
FindResourceExW
WriteFile
CloseHandle
LCMapStringW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetStartupInfoW
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
RtlUnwind
Sleep
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
GetStringTypeW
LCMapStringA

shell32

ShellExecuteW
SHGetSpecialFolderPathW

user32

UnregisterClassA

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

345a2c7ad14905863e5cf4268b97b83b

Headers

File Characteristics

PDB Paths

Imports

kernel32

shell32

user32

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 160KB - Virtual size: 159KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 160KB - Virtual size: 159KB