a17cb611b4f7f8afd4fb46812935aaea_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a17cb611b4f7f8afd4fb46812935aaea_JaffaCakes118
Size

3.8MB
MD5

a17cb611b4f7f8afd4fb46812935aaea
SHA1

20c4590dcc1b58af6c178fb8ddde66da3a27eecf
SHA256

143f3c4e5735d780f0dc5542abb68619837713b6f74720300f374a40e43611fe
SHA512

8905a229ca0a26591681b055d1f9fb51c05f16b4ac4b98c885bb70a4da18bf629c78e029dd358346f18a2910e3ec67932f40644db5d20724be1d1419252657d4
SSDEEP

98304:lqje5UuMD/VrL/q8WduPfXEvQShYXqn1cHeGWNP650hriZs8:0je5UuM5rY8EvtCanWENS50huZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a17cb611b4f7f8afd4fb46812935aaea_JaffaCakes118

Files

a17cb611b4f7f8afd4fb46812935aaea_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b6f8e7e5057e1075f4bd4663046d2e69

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Temp\rep_TESTER\reparador\DownloadInfra\Release\DownloadInfra.pdb

Imports

kernel32

VirtualProtect
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetSystemInfo
GetLocaleInfoA
IsBadCodePtr
InitializeCriticalSection
lstrcpyA
lstrcatA
GetModuleHandleA
ExitProcess
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapAlloc
RaiseException
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
HeapFree
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
SetUnhandledExceptionFilter
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
GetACP
GetOEMCP
GetCPInfo

user32

LoadStringA
MessageBoxA
GetMessageA
TranslateMessage
DispatchMessageA
LoadImageA
LoadIconA
LoadCursorA
RegisterClassExA
DefWindowProcA
DestroyWindow
PostQuitMessage
GetSystemMetrics
CreateWindowExA
ShowWindow
UpdateWindow
PostMessageA
BeginPaint
GetClientRect
DrawTextA
EndPaint

gdi32

CreateCompatibleDC
SaveDC
SelectObject
BitBlt
SetBkColor
SetTextColor
RestoreDC
CreateSolidBrush

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6f8e7e5057e1075f4bd4663046d2e69

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 3.7MB - Virtual size: 3.7MB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 3.7MB - Virtual size: 3.7MB