8437d829974fd0b9e29dfb31c3d58731_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8437d829974fd0b9e29dfb31c3d58731_JaffaCakes118
Size

437KB
MD5

8437d829974fd0b9e29dfb31c3d58731
SHA1

38793d68fac761054a352677ad2cd047ded768fb
SHA256

912b55f328ade5ede5c6e75b70cf19c41f65586eeee9f7e7c3a7f503601c1f2c
SHA512

7da86779b031a1fa555ab60d22a7a2cad745354bb75d5b42bad56011ed8ca6b620041022db1edf2d3ac856f6f7e4ce59065f1a25e3c343eed4b51a7aa1a57206
SSDEEP

6144:8gSM/lSuHgLJlP5ar3u1zVLkWdkWAOKUTw/luMs9NLZJRRKxTBqxgSDu:80XHgfMre1CWdkWAmMs9NNJ32Tsx4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8437d829974fd0b9e29dfb31c3d58731_JaffaCakes118

Files

8437d829974fd0b9e29dfb31c3d58731_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6b46b0e1506cae05c17b37c53f2b832e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\builds\dominica_client_hfa2\dominica_client_hfa2_build\Release\Header.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW
SHCreateDirectoryExW

shlwapi

PathFindFileNameW
PathFindFileNameA
PathFileExistsA
PathFindOnPathW
PathFileExistsW

kernel32

SetCurrentDirectoryW
GetModuleFileNameW
GetLastError
CreateMutexW
CreateDirectoryW
ExpandEnvironmentStringsW
GetCommandLineW
GetLocalTime
LocalFree
FormatMessageW
InitializeCriticalSection
GetCurrentProcessId
SetLastError
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
GetCurrentDirectoryW
Sleep
FindNextFileW
FindFirstFileW
GetProcAddress
FreeLibrary
RaiseException
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
WideCharToMultiByte
CopyFileW
DeleteFileA
SetFileAttributesA
CreateDirectoryA
WriteFile
ReadFile
CloseHandle
FindClose
TerminateProcess
MoveFileExW
RemoveDirectoryW
GetFileSize
GetExitCodeProcess
CreateProcessW
InterlockedDecrement
InterlockedIncrement
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
TlsSetValue
InterlockedCompareExchange
DeleteCriticalSection
TlsFree
GetModuleHandleW
ReleaseMutex
ExitProcess
DeleteFileW
InterlockedExchange
MultiByteToWideChar
GetUserDefaultLCID
GetStringTypeExW
LCMapStringA
LCMapStringW
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCPInfo
HeapCreate
GetStartupInfoW
GetStringTypeW
TlsGetValue
WriteConsoleW
SetEndOfFile
CompareStringA
CompareStringW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateFileA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetModuleHandleA
TlsAlloc
CreateFileW
GetACP
GetLocaleInfoA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetEnvironmentVariableA
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
GetStringTypeA
GetModuleFileNameA
GetStdHandle
IsValidCodePage
GetOEMCP

user32

LoadStringW
SetWindowLongW
CreateDialogParamW
UpdateWindow
ShowWindow
MessageBoxW
CreateDesktopW
SetWindowTextW
SetTimer
GetDlgItem
DestroyWindow
UnregisterClassA
CloseDesktop

advapi32

CryptReleaseContext
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash

oleaut32

SysAllocString

Sections

.text
Size: 345KB - Virtual size: 345KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b46b0e1506cae05c17b37c53f2b832e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

shell32

shlwapi

kernel32

user32

advapi32

oleaut32

Sections

.text Size: 345KB - Virtual size: 345KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 9KB - Virtual size: 17KB

.rsrc Size: 114KB - Virtual size: 114KB

.reloc Size: 39KB - Virtual size: 38KB

.text
Size: 345KB - Virtual size: 345KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 114KB - Virtual size: 114KB

.reloc
Size: 39KB - Virtual size: 38KB