9ff2509c54e11cd7d6d181128888eeb9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

9ff2509c54e11cd7d6d181128888eeb9_JaffaCakes118
Size

292KB
MD5

9ff2509c54e11cd7d6d181128888eeb9
SHA1

a25363d01ba32773abc2a1cf97bb1efe0c16f966
SHA256

0391b1aea98e1af69fbe03a7093ad763251ff308e82d6a8d9f5af4b22bb5a6f9
SHA512

656b041b2c57f7ddcda02569db54a6f4a825dc02a86e82a20cb19b622b1fa563f5d1e2282d06430156d19355ebf646753ab3a68b4722433427923ed725b45d7d
SSDEEP

6144:AOWdnEnDXlxJj6ksYZvcn5wLJBV2nOBNifyc+hE86JhoVk0:zWdnED1xJ6ksevcn5uBVMOniyRuJho5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9ff2509c54e11cd7d6d181128888eeb9_JaffaCakes118

Files

9ff2509c54e11cd7d6d181128888eeb9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7356ce508d74cb583493a564c5361240

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Msa2\Build\msa\win\Release\FrmInst.pdb

Imports

msi

ord32
ord159
ord160
ord118
ord205
ord8
ord92

kernel32

DeleteFileA
GetCommandLineW
GetUserDefaultLangID
CloseHandle
GetCurrentProcessId
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
RaiseException
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
CompareStringA
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
GetLastError
SetLastError
MoveFileA
ReleaseMutex
CreateFileA
LocalAlloc
FlushFileBuffers
SetStdHandle
GetOEMCP
LocalFree
IsBadReadPtr
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetExitCodeProcess
OpenProcess
GetCurrentThread
GetCurrentProcess
Sleep
ReadFile
WriteFile
SetFilePointer
GetVersion
lstrlenA
QueryPerformanceCounter
WaitForSingleObject
GetLocalTime
HeapFree
HeapAlloc
SetHandleInformation
CreatePipe
GetSystemInfo
SetEndOfFile
TerminateProcess
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
ExitProcess
GetVersionExA
GetSystemTimeAsFileTime
LCMapStringA
GetStringTypeA
GetCurrentThreadId
GetTickCount
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
VirtualQuery
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
HeapSize
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
SetUnhandledExceptionFilter
VirtualProtect
IsBadCodePtr

user32

GetWindowThreadProcessId
EnumWindows

ole32

CoUninitialize
CoInitializeEx

Sections

.text
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7356ce508d74cb583493a564c5361240

Headers

File Characteristics

PDB Paths

Imports

msi

kernel32

user32

ole32

Sections

.text Size: 208KB - Virtual size: 205KB

.rdata Size: 64KB - Virtual size: 62KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 208KB - Virtual size: 205KB

.rdata
Size: 64KB - Virtual size: 62KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 8KB - Virtual size: 8KB