752e2a56dcf1581e55cca716087a9d44_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

752e2a56dcf1581e55cca716087a9d44_JaffaCakes118
Size

477KB
MD5

752e2a56dcf1581e55cca716087a9d44
SHA1

ed1792c8c4f359341dd5d15b2f0c296fde954d45
SHA256

b9a629d666ea1deaa2d2662f396e9fed4074c73a9b12ff81ef5c301b9116281e
SHA512

22f75b29e881c3afb5e305e1f88ded0ad34d7c780ba05844952400272dea70b838834cf4724f0803cb21bffadaa7d81b99fef6b331a3fd152dd83b63b42f6308
SSDEEP

6144:roE8bJYIisBuKZTWW2CGt2IATULfkYdFJnlI/DAN33m9/ZvKcEb4VKk95azRsosu:rXVKZoT7lCdKd8KkfysoB0ll5T4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
752e2a56dcf1581e55cca716087a9d44_JaffaCakes118

Files

752e2a56dcf1581e55cca716087a9d44_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9afc16b5610fb93c5596f94b1edfed3b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\lxaanlvqej\bwq.pdb

Imports

shell32

SHGetDesktopFolder
SHGetFileInfoW

comctl32

InitCommonControlsEx

comdlg32

GetSaveFileNameA
PrintDlgW

kernel32

IsBadWritePtr
GetSystemTimeAsFileTime
CloseHandle
InterlockedExchange
TerminateProcess
TlsGetValue
CreateRemoteThread
SetStdHandle
GetFullPathNameA
GetThreadLocale
WideCharToMultiByte
WaitForMultipleObjectsEx
TlsFree
ResetEvent
LoadLibraryA
FillConsoleOutputAttribute
GetThreadPriorityBoost
ReadConsoleOutputCharacterA
InitializeCriticalSection
GetTimeZoneInformation
GetCPInfo
GetEnvironmentStringsW
HeapDestroy
FreeEnvironmentStringsW
HeapReAlloc
HeapLock
SetHandleCount
ExitProcess
SetConsoleCP
OpenMutexW
SetEnvironmentVariableA
HeapAlloc
GetPrivateProfileStringW
GetCurrentThreadId
GetModuleHandleA
CreateMutexA
VirtualQuery
FlushFileBuffers
GetACP
ReadFile
GetStringTypeA
LocalHandle
GetProfileSectionW
GetCurrentThread
GetTickCount
GetCurrentProcess
GetSystemTime
VirtualFree
CompareStringW
InterlockedDecrement
OpenMutexA
SetLastError
lstrcpyW
EnterCriticalSection
LeaveCriticalSection
GetStartupInfoA
GetStringTypeW
GetLastError
VirtualAlloc
UnhandledExceptionFilter
InterlockedIncrement
EnumCalendarInfoA
GetEnvironmentStrings
LCMapStringA
GetStdHandle
GetFileAttributesExW
DeleteCriticalSection
FreeEnvironmentStringsA
GetFileType
TlsAlloc
GetCurrentProcessId
GetLocalTime
WriteFile
ReadConsoleOutputA
QueryPerformanceCounter
IsBadReadPtr
RtlUnwind
HeapCreate
GetOEMCP
GetModuleFileNameA
GetVersion
MoveFileW
TlsSetValue
HeapFree
GetProcAddress
SetFilePointer
lstrcmpi
MultiByteToWideChar
EnumResourceTypesW
GetCommandLineA
GetDriveTypeW
CompareStringA
LCMapStringW

wininet

SetUrlCacheEntryGroupA
GopherCreateLocatorW

advapi32

CryptReleaseContext
LogonUserA
RegOpenKeyExA
StartServiceW
CryptDestroyKey
RegEnumValueA
RegOpenKeyExW
CryptDuplicateHash
LookupPrivilegeNameW
CreateServiceA

user32

RegisterClassExA
GetNextDlgGroupItem
MapVirtualKeyExA
CreateIconFromResourceEx
RegisterClassA
SetSystemCursor

Sections

.text
Size: 326KB - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9afc16b5610fb93c5596f94b1edfed3b

Headers

File Characteristics

PDB Paths

Imports

shell32

comctl32

comdlg32

kernel32

wininet

advapi32

user32

Sections

.text Size: 326KB - Virtual size: 325KB

.rdata Size: 31KB - Virtual size: 57KB

.data Size: 103KB - Virtual size: 102KB

.rsrc Size: 15KB - Virtual size: 15KB

.text
Size: 326KB - Virtual size: 325KB

.rdata
Size: 31KB - Virtual size: 57KB

.data
Size: 103KB - Virtual size: 102KB

.rsrc
Size: 15KB - Virtual size: 15KB