aad04d8a6ddad414861dafa979f69e8f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aad04d8a6ddad414861dafa979f69e8f_JaffaCakes118
Size

153KB
MD5

aad04d8a6ddad414861dafa979f69e8f
SHA1

9300ab669a0ccfffd4767d7f254d81c2dca36b2b
SHA256

c3d84e8f63e7ae770611549411ec3917f5bb348a9468221457ee92119c451a7c
SHA512

63e7c329b173b9d1a65985893af20380aa32fdf7ade0c581f60e71aef83228dc9ea3d32299dd74e33bb426720f7f0f53c72f5393175bfc496bf0d467a90ae3b3
SSDEEP

3072:yNbdbxK6mCWIPJ4AgYJ11ATvlW4i8OWbj8YHPUPCqVjpwfCF:edVbPi1YplpPCmdwfCF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aad04d8a6ddad414861dafa979f69e8f_JaffaCakes118

Files

aad04d8a6ddad414861dafa979f69e8f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6976672a01a1520c95633f608297077d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\ITripoli\Self Extract Utility\Src\SelfExtractTool\SelfExtractorTemplEx\Release\SelfExtractorTemplEx.pdb

Imports

comctl32

ImageList_GetIcon

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
MultiByteToWideChar
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
FreeLibrary
LoadLibraryA
SetLastError
LocalFree
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
CloseHandle
GetVolumeInformationA
ExpandEnvironmentStringsA
CreateFileA
ReadFile
WriteFile
SetFilePointer
CreateDirectoryA
GetProcAddress
GetModuleFileNameA
GetComputerNameA
DeleteFileA
RemoveDirectoryA
FindClose
FindNextFileA
FindFirstFileA
GetDriveTypeA
GetTickCount
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
IsBadWritePtr
VirtualFree
HeapCreate
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
LocalAlloc
HeapDestroy
HeapReAlloc
HeapSize
ExitProcess
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetModuleHandleA
TerminateProcess
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter

user32

CreateWindowExA
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
RegisterClassExA
CallWindowProcA
GetWindowLongA
DefWindowProcA
DestroyIcon
DestroyWindow
LoadCursorA
wsprintfA
GetClassInfoExA
IsWindow
SetWindowLongA
UnregisterClassA

shell32

SHGetFileInfoA
Shell_NotifyIconA

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6976672a01a1520c95633f608297077d

Headers

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

shell32

Sections

.text Size: 72KB - Virtual size: 70KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 16KB - Virtual size: 12KB

.text
Size: 72KB - Virtual size: 70KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 16KB - Virtual size: 12KB