b552d09a3bf754629000e32ee184c053_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b552d09a3bf754629000e32ee184c053_JaffaCakes118
Size

473KB
MD5

b552d09a3bf754629000e32ee184c053
SHA1

038842c4cde043aefe25c6add99f62b06f971407
SHA256

7de0e0d08b88b81c7c666b9d579ac3e4fb3c01ff1ae119279a532965a19e25b6
SHA512

70474d8bec40b099b760f1c5ca3212f259b6e2aef2f2ac2adc04ab5a9ab5e7f6cffebffda7753c2ce99f64db557619636b63e1a804164f0747ef76e4c6e7b1bf
SSDEEP

6144:HE0Ow7uPoa0uiNBcP0x6J2yQq722eK7K26/utsmJlM2Pvxsz4iDHxE:wAauRYJ2AvltsM4e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b552d09a3bf754629000e32ee184c053_JaffaCakes118

Files

b552d09a3bf754629000e32ee184c053_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0a01c8148f9760289a5cb6ab5d50d137

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\bld_area\Consumer_Licensing_Technologies_r8.0\bin.iru\cltUAC.pdb

Imports

kernel32

GetCurrentThreadId
LoadLibraryExA
lstrlenA
GetModuleHandleA
lstrcpyA
GetCurrentProcessId
GetVersionExW
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
Sleep
RaiseException
LoadLibraryA
GetLastError
InterlockedExchange
FreeLibrary
GetProcAddress
LocalAlloc
GetSystemTimeAsFileTime

user32

wsprintfA

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA

shell32

SHGetSpecialFolderPathA

shlwapi

PathAddBackslashA
PathRemoveBackslashA

msvcr80

_exit
_XcptFilter
exit
_cexit
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_stricmp
_splitpath_s
strcat_s
memset
??3@YAXPAX@Z
_wcmdln

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 384KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.crdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0a01c8148f9760289a5cb6ab5d50d137

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

shlwapi

msvcr80

Sections

.text Size: 8KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 384KB - Virtual size: 380KB

.reloc Size: 4KB - Virtual size: 1KB

.crdata Size: 60KB - Virtual size: 60KB

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 384KB - Virtual size: 380KB

.reloc
Size: 4KB - Virtual size: 1KB

.crdata
Size: 60KB - Virtual size: 60KB