a9b4b3d741d6264db0fca4f8400e6537_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a9b4b3d741d6264db0fca4f8400e6537_JaffaCakes118
Size

501KB
MD5

a9b4b3d741d6264db0fca4f8400e6537
SHA1

f18c46683b49015a49be50ea0afd1695a59c60d4
SHA256

44dfe12a9660ba9fbb0a5cf5f72fbb24b6fb8b9c6a3dddf4451b602060a06758
SHA512

ed11a39b34c11712d70fe37eb65b26799cae6050ba0c72af7b3ad93a03cad6bc615aad2616d42f560fdf8e88fcfb53affc85ddbcd2d27c940875399136132dc3
SSDEEP

6144:8cFBVn8qgdlOadiBACNWXx4IeSQAgzIL2EHrS6v7yYcZdphPVx:8c7x8q8lvdiBAsWXjQMHrS6OzZdTVx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9b4b3d741d6264db0fca4f8400e6537_JaffaCakes118

Files

a9b4b3d741d6264db0fca4f8400e6537_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5a09a2375f88f030cbc9d32e4802c327

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Build\WinClient\tools\wdman\build\release\wdman.pdb

Imports

comctl32

InitCommonControlsEx

kernel32

Sleep
GetTickCount
GetProcAddress
LoadLibraryA
CreateProcessA
LocalFree
GetVersion
GetWindowsDirectoryA
LocalAlloc
GetCurrentDirectoryA
GetModuleFileNameA
GetSystemDefaultLangID
SetCurrentDirectoryA
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CreateFileW
GetProcessHeap
SetEndOfFile
GetStringTypeW
LCMapStringW
HeapReAlloc
SizeofResource
FreeLibrary
LoadLibraryW
InterlockedExchange
SetConsoleCtrlHandler
CreateFileA
FlushFileBuffers
SetStdHandle
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FatalAppExitA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
SetFilePointer
ReadFile
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
GetModuleFileNameW
CreateDirectoryA
GetFileAttributesA
RemoveDirectoryA
GetModuleHandleA
FindResourceA
LoadResource
GetLocaleInfoW
LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
WriteConsoleW
WriteFile
IsValidLocale
ExitProcess
HeapDestroy
HeapCreate
RaiseException
RtlUnwind
GetLastError
HeapFree
HeapAlloc
EncodePointer
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
CloseHandle
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection

user32

ReleaseDC
LoadCursorA
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
EnumWindows
GetWindowTextA
GetLastActivePopup
SetForegroundWindow
DefWindowProcA
PostQuitMessage
GetKeyState
BeginPaint
EndPaint
MessageBoxA
GetDesktopWindow
SetWindowPos
DialogBoxParamA
GetWindowRect
GetWindowLongA
SetWindowLongA
ShowWindow
InvalidateRect
UpdateWindow
RedrawWindow
EndDialog
GetDlgItem
LoadStringA
SetWindowTextA
SetFocus
GetDC

gdi32

CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
DeleteObject
GetDeviceCaps
CreateCompatibleDC

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegCreateKeyA

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture
SysFreeString

Sections

.text
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a09a2375f88f030cbc9d32e4802c327

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Sections

.text Size: 210KB - Virtual size: 209KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 7KB - Virtual size: 1.1MB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 40KB - Virtual size: 39KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 210KB - Virtual size: 209KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 7KB - Virtual size: 1.1MB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 40KB - Virtual size: 39KB

.reloc
Size: 11KB - Virtual size: 11KB