752217874a631d0db8b9ce0af4e4c9b2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

752217874a631d0db8b9ce0af4e4c9b2_JaffaCakes118
Size

452KB
MD5

752217874a631d0db8b9ce0af4e4c9b2
SHA1

2bafe033bd7e3c58f03c197003b5697e69353abc
SHA256

74cf615ce8def144a0470f32df94bd057bc99fd9c67b36c935a6cedf08346461
SHA512

20063637988c7a6e05367c68bc53cba0f3c47add6f24450778fc57d7054486ec92ca1c228bb542e04d80001ff514b8299195c710eb709a2016e19f3f4c9214ac
SSDEEP

12288:vlvBYhp1Xk9aTg92pZDtiTIpL7U/ik7gZbrjY+gTwwgd:NBYhp1Xk9aUIZDtimL7Uakabr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
752217874a631d0db8b9ce0af4e4c9b2_JaffaCakes118

Files

752217874a631d0db8b9ce0af4e4c9b2_JaffaCakes118
.exe windows:6 windows x86 arch:x86

f54c2384d05efafb6d82c855f205fa92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

imagex.pdb

Imports

kernel32

GetProcAddress
GetSystemInfo
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
UnlockFileEx
LockFileEx
GetVolumeInformationW
GetOverlappedResult
GetFileInformationByHandle
WaitForMultipleObjects
LocalAlloc
CreateEventW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEndOfFile
SetFilePointerEx
CreateToolhelp32Snapshot
GetLongPathNameW
Module32FirstW
Module32NextW
GetLogicalDriveStringsW
QueryDosDeviceW
GetVolumePathNameW
HeapReAlloc
LoadLibraryW
CreateDirectoryW
SetCurrentDirectoryW
DeviceIoControl
GetFileSizeEx
RemoveDirectoryW
SetFileAttributesW
CreateThread
WaitForSingleObject
SetEvent
ResetEvent
GetCommandLineW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetModuleFileNameW
SetConsoleCtrlHandler
WriteFile
GetDriveTypeW
GetTempPathW
DeleteFileW
GetLogicalDrives
GetTempFileNameW
CreateFileW
GetFileSize
SetFilePointer
ReadFile
CloseHandle
lstrcmpW
GetSystemWindowsDirectoryW
lstrcmpiW
GetFileAttributesW
CompareStringW
FindFirstFileW
FindNextFileW
FindClose
GetFullPathNameW
HeapAlloc
SetLastError
GetLastError
GetProcessHeap
HeapFree
FormatMessageW
LocalFree
InitializeCriticalSection
GetStdHandle
EnterCriticalSection
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
LeaveCriticalSection
FillConsoleOutputCharacterW
lstrlenW
WriteConsoleW
GetCurrentDirectoryW

msvcrt

_onexit
_lock
__dllonexit
_unlock
_controlfp
free
malloc
memmove
memcpy
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_amsg_exit
_initterm
__winitenv
exit
_XcptFilter
_exit
__wgetmainargs
wcschr
_putws
strlen
_wfullpath
_wtol
wcsrchr
memset
wprintf
_vsnwprintf
_wcsnicmp
wcstoul
??3@YAXPAX@Z
??2@YAPAXI@Z
_purecall
iswspace
qsort
_cexit
__setusermatherr
bsearch

ntdll

RtlInitUnicodeString
NtQueryInformationFile
RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlReAllocateHeap
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlRaiseStatus
DbgUserBreakPoint
NtYieldExecution
RtlAllocateHeap
NtQueryDirectoryFile
NtClose
RtlNtStatusToDosError
NtSetInformationFile
RtlDosPathNameToNtPathName_U
RtlFreeHeap
RtlAdjustPrivilege
RtlUnwind
NtOpenFile

user32

LoadStringW
CharNextW
CharPrevW

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

shlwapi

StrStrIW
PathMatchSpecW

setupapi

SetupFindNextLine
SetupCloseInfFile
SetupOpenInfFileW
SetupFindFirstLineW
SetupGetLineTextW

advapi32

AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegFlushKey
RegLoadKeyW
RegUnLoadKeyW
SetSecurityInfo
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
CloseEncryptedFileRaw
WriteEncryptedFileRaw
OpenEncryptedFileRawW
ReadEncryptedFileRaw
GetSecurityDescriptorLength
GetSecurityInfo

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 95KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f54c2384d05efafb6d82c855f205fa92

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

ntdll

user32

rpcrt4

shlwapi

setupapi

advapi32

version

Sections

.text Size: 320KB - Virtual size: 319KB

.data Size: 2KB - Virtual size: 8KB

.rsrc Size: 34KB - Virtual size: 33KB

.reloc Size: 95KB - Virtual size: 96KB

.text
Size: 320KB - Virtual size: 319KB

.data
Size: 2KB - Virtual size: 8KB

.rsrc
Size: 34KB - Virtual size: 33KB

.reloc
Size: 95KB - Virtual size: 96KB