70933b7e5eff232de59563f6d2ed5851_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

70933b7e5eff232de59563f6d2ed5851_JaffaCakes118
Size

368KB
MD5

70933b7e5eff232de59563f6d2ed5851
SHA1

64695bcbf6385e4cba622d475d14045a76b583c6
SHA256

cbbef67da2ec340ddb2fb2f19e569442bdd59f607d20683619debf5cac40d8e5
SHA512

a0d147a0bb2d917ca533ea9ad3e53481f36a73449dcc8057cc2722ea3b23db0fa78b41f0090e8bf2020ac240fdfa413f2513d7a021a76604d1e9332c1bb665a2
SSDEEP

6144:vOWdnEnDXlxJj6ksYZvcn5wLJBS2nOBNifyc+hE86JhoVk02jze4P7qTYYTkvX5H:GWdnED1xJ6ksevcn5uBSMOniyRuJho5m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70933b7e5eff232de59563f6d2ed5851_JaffaCakes118

Files

70933b7e5eff232de59563f6d2ed5851_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7356ce508d74cb583493a564c5361240

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Msa2\Build\msa\win\Release\FrmInst.pdb

Imports

msi

ord32
ord159
ord160
ord118
ord205
ord8
ord92

kernel32

DeleteFileA
GetCommandLineW
GetUserDefaultLangID
CloseHandle
GetCurrentProcessId
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
RaiseException
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
CompareStringA
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
GetLastError
SetLastError
MoveFileA
ReleaseMutex
CreateFileA
LocalAlloc
FlushFileBuffers
SetStdHandle
GetOEMCP
LocalFree
IsBadReadPtr
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetExitCodeProcess
OpenProcess
GetCurrentThread
GetCurrentProcess
Sleep
ReadFile
WriteFile
SetFilePointer
GetVersion
lstrlenA
QueryPerformanceCounter
WaitForSingleObject
GetLocalTime
HeapFree
HeapAlloc
SetHandleInformation
CreatePipe
GetSystemInfo
SetEndOfFile
TerminateProcess
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
ExitProcess
GetVersionExA
GetSystemTimeAsFileTime
LCMapStringA
GetStringTypeA
GetCurrentThreadId
GetTickCount
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
VirtualQuery
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
HeapSize
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
SetUnhandledExceptionFilter
VirtualProtect
IsBadCodePtr

user32

GetWindowThreadProcessId
EnumWindows

ole32

CoUninitialize
CoInitializeEx

Sections

.text
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7356ce508d74cb583493a564c5361240

Headers

File Characteristics

PDB Paths

Imports

msi

kernel32

user32

ole32

Sections

.text Size: 208KB - Virtual size: 205KB

.rdata Size: 64KB - Virtual size: 62KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 84KB - Virtual size: 84KB

.text
Size: 208KB - Virtual size: 205KB

.rdata
Size: 64KB - Virtual size: 62KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 84KB - Virtual size: 84KB