a3203cb1eb53d1bcb14bb224d1dd85ff_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a3203cb1eb53d1bcb14bb224d1dd85ff_JaffaCakes118
Size

685KB
MD5

a3203cb1eb53d1bcb14bb224d1dd85ff
SHA1

94eca346cdce795e1f09167629d70cbbb6340a4d
SHA256

c07474ae18bcfa091760da1603495eb59abf0f71dd911a2c9e732dd944de73d3
SHA512

49bbe4df7a06128ecc4045fa9bda6a210897bec5e1c6fd7716ecdf589dae6af495c3ae316f2a2ab5ef748c8dbeb1a9ea3d1a7b4a86a4d271d23a76a8d42a9765
SSDEEP

12288:pXtyhdQ7tc/Eod8Wb49yNLY3A6KFylZwq7cKcwYRyHFZlxJmNY5B5:RtyDstatb49yNU3XWscKcwYkT1t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3203cb1eb53d1bcb14bb224d1dd85ff_JaffaCakes118

Files

a3203cb1eb53d1bcb14bb224d1dd85ff_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0150df3e258c922fa1404564248a0cd0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\www\talk\bin\update.pdb

Imports

ws2_32

ntohl

kernel32

OpenProcess
WaitForSingleObject
GetProcAddress
WideCharToMultiByte
CloseHandle
DeleteFileW
GetModuleHandleA
CreateProcessW
Sleep
CopyFileW
GetPrivateProfileStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetLocaleInfoW
GetTimeZoneInformation
GetConsoleOutputCP
WriteConsoleA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidCodePage
GetModuleHandleW
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetCommandLineW
GetCommandLineA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetEnvironmentVariableA
LCMapStringW
LCMapStringA
GetFullPathNameW
LoadLibraryW
OutputDebugStringW
WriteConsoleW
OutputDebugStringA
DebugBreak
CompareStringA
MultiByteToWideChar
CompareStringW
IsValidLocale
GetFileAttributesW
RaiseException
CreateFileW
HeapValidate
IsBadReadPtr
EnterCriticalSection
LeaveCriticalSection
GetLastError
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
GetFileType
CreateFileA
InterlockedIncrement
InterlockedDecrement
ExitProcess
GetFileInformationByHandle
PeekNamedPipe
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetDriveTypeW
FindFirstFileW
SetFileAttributesW
CreateThread
GetCurrentThreadId
ExitThread
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateDirectoryW
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
DeleteCriticalSection
FatalAppExitA
GetModuleFileNameA
HeapReAlloc
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
WriteFile
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetStartupInfoA
SetFilePointer
GetCurrentDirectoryA
RtlUnwind
ReadFile
SetStdHandle
SetEndOfFile
FlushFileBuffers
LoadLibraryA
InitializeCriticalSection

user32

FindWindowA
GetWindowThreadProcessId
LoadIconW
KillTimer
OffsetRect
DestroyWindow
CallWindowProcW
GetMessageW
ShowWindow
CopyRect
GetDlgItem
SendMessageW
InvalidateRect
PostQuitMessage
TranslateMessage
CreateDialogParamW
GetWindowLongW
SetWindowLongW
EndDialog
SetTimer
GetClientRect
UpdateWindow
GetWindowRect
EnableWindow
LoadImageW
GetDesktopWindow
DispatchMessageW
SetWindowPos
CreateWindowExW
SetWindowTextW

gdi32

DeleteObject

advapi32

DuplicateTokenEx
OpenProcessToken

shell32

ShellExecuteW

Sections

.text
Size: 288KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0150df3e258c922fa1404564248a0cd0

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 288KB - Virtual size: 286KB

.rdata Size: 64KB - Virtual size: 62KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 312KB - Virtual size: 312KB

.text
Size: 288KB - Virtual size: 286KB

.rdata
Size: 64KB - Virtual size: 62KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 312KB - Virtual size: 312KB