70e1b6fa169e53b7abff6941e0dc0c83_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

70e1b6fa169e53b7abff6941e0dc0c83_JaffaCakes118
Size

491KB
MD5

70e1b6fa169e53b7abff6941e0dc0c83
SHA1

8cd036713869ca87cb6545fe8349703d6d0efe39
SHA256

9ef021ba22085f7c653b33da354ceaebfaa1bc93324979d8bc4d3f53b26a29f6
SHA512

20a0ed09c53782aa805334f6389125f7dbfb83ff67f7ba3d33b721b21b0f787a2ef085b5084ded170caebcde2b34834850004e59601b9168b6292b4ef4152706
SSDEEP

12288:KH0BB74RPGmZjTMwP5p4nT6mfQHkhvCdHNF4iN:40BV4RPtcsQTnQwv2P5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70e1b6fa169e53b7abff6941e0dc0c83_JaffaCakes118

Files

70e1b6fa169e53b7abff6941e0dc0c83_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ff477341e2ec13edbec5a0d8f63900bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\oyt\elegkox\ieueeyp\yay\vifw\wfgtj.pdb

Imports

user32

RegisterClassExA
MoveWindow
RegisterClassA
GetTabbedTextExtentW
IsDialogMessage

comctl32

InitCommonControlsEx

shell32

DragAcceptFiles
SHBrowseForFolderA
SHFileOperationW
SHChangeNotify

kernel32

SetStdHandle
InitializeCriticalSection
DeleteCriticalSection
FlushFileBuffers
LCMapStringA
GetACP
WideCharToMultiByte
HeapReAlloc
SetEnvironmentVariableA
CompareStringA
LoadLibraryA
GetEnvironmentStringsW
TerminateProcess
ExitProcess
CompareStringW
WriteFile
GetOEMCP
RtlUnwind
GetCurrentProcess
GetCPInfo
FreeEnvironmentStringsA
GetLastError
GetStdHandle
GetSystemTime
UnhandledExceptionFilter
LeaveCriticalSection
HeapCreate
VirtualFree
HeapFree
GetTickCount
VirtualAlloc
EnterCriticalSection
TlsGetValue
GetProcAddress
GetCurrentThreadId
LCMapStringW
FreeEnvironmentStringsW
GetLocalTime
OpenMutexA
GetEnvironmentStrings
GetTimeZoneInformation
GetStartupInfoA
GetModuleHandleA
QueryPerformanceCounter
GetProcAddress
ReadFile
HeapDestroy
GetCurrentThread
GetModuleFileNameA
InterlockedIncrement
IsBadWritePtr
GetStringTypeA
SetFilePointer
InterlockedExchange
SetLastError
CreateMutexA
TlsSetValue
GetSystemTimeAsFileTime
MultiByteToWideChar
GetCurrentProcessId
GetCommandLineA
GetFileType
TlsFree
CloseHandle
GetVersion
InterlockedDecrement
GetStringTypeW
SetHandleCount
VirtualQuery
HeapAlloc
TlsAlloc

Sections

.text
Size: 323KB - Virtual size: 322KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff477341e2ec13edbec5a0d8f63900bd

Headers

File Characteristics

PDB Paths

Imports

user32

comctl32

shell32

kernel32

Sections

.text Size: 323KB - Virtual size: 322KB

.rdata Size: 47KB - Virtual size: 55KB

.data Size: 103KB - Virtual size: 103KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 323KB - Virtual size: 322KB

.rdata
Size: 47KB - Virtual size: 55KB

.data
Size: 103KB - Virtual size: 103KB

.rsrc
Size: 16KB - Virtual size: 16KB