892ad9bb2510c2ce175ab78e355ee52d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

892ad9bb2510c2ce175ab78e355ee52d_JaffaCakes118
Size

457KB
MD5

892ad9bb2510c2ce175ab78e355ee52d
SHA1

f90448ed72655a3fd6c3c092827e9156027e9ee0
SHA256

faffce553d79cd01a52c9d16b271175885c78e4e05f366339e23958698362f17
SHA512

31c12d48bf3b2c8fdb188feb29daebe69c751c534a302a71747afd018f7889fb2edb445e6276c7fe60ea8d5ba3dd621d912dc67ba7246636ac08ede590a002c4
SSDEEP

12288:le2bofYSOkhbCV1fhCHURBuw/ACYp2fe6Qri2JoX:ltb1fhN/A/oG6T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
892ad9bb2510c2ce175ab78e355ee52d_JaffaCakes118

Files

892ad9bb2510c2ce175ab78e355ee52d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8a452e9497389b10bfcad391cd1b3369

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Source\OCTANE\BUSAutostart\Release\Nero Bus info1.pdb

Imports

kernel32

LockResource
SizeofResource
LoadResource
GetSystemDefaultLangID
FindResourceExW
GetUserDefaultLangID
FindResourceW
FreeResource
CreateDirectoryW
GetTempPathW
FormatMessageW
GetModuleFileNameW
CompareStringW
CompareStringA
GetOEMCP
WriteFile
CreateFileW
GetLastError
CloseHandle
GetACP
FlushFileBuffers
WideCharToMultiByte
MultiByteToWideChar
ExitProcess
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
RtlUnwind
RaiseException
HeapFree
GetModuleHandleA
GetStartupInfoW
GetVersionExA
HeapAlloc
LCMapStringA
LCMapStringW
GetCPInfo
GetProcAddress
TerminateProcess
GetCurrentProcess
GetStringTypeA
GetStringTypeW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetFullPathNameW
GetCurrentDirectoryA
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
HeapSize
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
GetLocaleInfoA
VirtualProtect
GetSystemInfo
VirtualQuery
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
LoadLibraryA
InterlockedExchange
GetTimeZoneInformation
GetCurrentDirectoryW
SetFilePointer
GetLocaleInfoW
GetDriveTypeA
SetStdHandle
SetEnvironmentVariableA

user32

GetDesktopWindow
MessageBoxW

advapi32

RegOpenKeyW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteW

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 348KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8a452e9497389b10bfcad391cd1b3369

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 348KB - Virtual size: 348KB

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 348KB - Virtual size: 348KB