b36223ae22eebcf6b6c4d9434f8b7954_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b36223ae22eebcf6b6c4d9434f8b7954_JaffaCakes118
Size

695KB
MD5

b36223ae22eebcf6b6c4d9434f8b7954
SHA1

7956ef550116d59570fc183dd2bed488351eb5b3
SHA256

980979b84464b2a8aa54aaaed6b70aa56069c75a658b319149c3181e12000cd4
SHA512

10b2ae4c104d62f29fffd7524051e052033c4be408df73be75b455d52a69a0fc96825336b37d30a46708b7c015e22e58cc18e47d1c3f1c6b4f8cf2d9f2fbebee
SSDEEP

12288:4R05Yj3ZvdCAN2sj0jJCWtWLKwPILGWvDh3M9XoDYwgKgRxRDppzt07oP8GQ6YZ1:u0GjZvsAN21JCWtIpYGWvDh3mXoDdgGq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b36223ae22eebcf6b6c4d9434f8b7954_JaffaCakes118

Files

b36223ae22eebcf6b6c4d9434f8b7954_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3230fa79dfe19af8627b8a7c87acb786

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\trgo\taojidonh.pdb

Imports

comdlg32

ReplaceTextA
FindTextW
PageSetupDlgA

kernel32

GetStdHandle
SetTimeZoneInformation
TlsFree
RtlUnwind
OpenMutexA
GetCommandLineW
GetStringTypeA
GetLocaleInfoW
lstrcmpiW
SetFilePointer
CompareStringA
LoadLibraryW
HeapReAlloc
FreeLibrary
TlsSetValue
CloseHandle
EnterCriticalSection
ExitProcess
DeleteCriticalSection
TlsGetValue
GetStringTypeW
GetConsoleCP
HeapFree
GetConsoleCursorInfo
HeapCreate
GetCPInfo
GetProcAddress
IsDebuggerPresent
VirtualQuery
CreateFileA
WriteConsoleW
LoadLibraryA
GetACP
GetModuleFileNameW
HeapSize
DebugBreak
GetConsoleOutputCP
SetEnvironmentVariableA
lstrcmp
CreateMutexA
GlobalFindAtomW
SetConsoleMode
GetModuleFileNameA
FreeEnvironmentStringsW
SetUnhandledExceptionFilter
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
LCMapStringW
OutputDebugStringW
GetCurrentThreadId
GetConsoleTitleW
GetSystemTimeAsFileTime
GetProcessHeap
GetEnvironmentStringsW
SetLastError
WideCharToMultiByte
GetLocaleInfoA
OutputDebugStringA
CommConfigDialogA
GetTimeFormatW
GetCommandLineA
CompareStringW
TerminateProcess
TlsAlloc
GetDriveTypeW
Sleep
GetDateFormatA
LeaveCriticalSection
SetHandleCount
FlushFileBuffers
VirtualAlloc
ReadFile
InterlockedIncrement
SetFileTime
GetTimeZoneInformation
WriteConsoleA
InterlockedExchange
GetUserDefaultLCID
SetConsoleCtrlHandler
HeapDestroy
UnhandledExceptionFilter
GetCurrentThread
VirtualFree
GetFileType
MultiByteToWideChar
IsBadReadPtr
GetStartupInfoA
HeapValidate
RaiseException
WriteFile
EnumSystemLocalesA
SetConsoleCursorInfo
SetConsoleWindowInfo
HeapAlloc
IsValidCodePage
GetModuleHandleW
GetTickCount
GetStartupInfoW
SetStdHandle
GetLastError
GetCurrentProcessId
GetOEMCP
lstrcmpW
CreateFileMappingA
lstrlenA
QueryPerformanceCounter
GetTimeFormatA
LCMapStringA
GetConsoleMode
GetModuleHandleA
IsValidLocale
GetCurrentProcess
GetLogicalDriveStringsW

comctl32

InitCommonControlsEx

user32

RegisterClassA
DdeGetData
MapVirtualKeyA
RegisterClassExA
DrawEdge
GetDCEx
GetProcessWindowStation
LoadMenuIndirectW
DrawTextA

Sections

.text
Size: 504KB - Virtual size: 503KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3230fa79dfe19af8627b8a7c87acb786

Headers

File Characteristics

PDB Paths

Imports

comdlg32

kernel32

comctl32

user32

Sections

.text Size: 504KB - Virtual size: 503KB

.rdata Size: 65KB - Virtual size: 84KB

.data Size: 106KB - Virtual size: 106KB

.rsrc Size: 18KB - Virtual size: 18KB

.text
Size: 504KB - Virtual size: 503KB

.rdata
Size: 65KB - Virtual size: 84KB

.data
Size: 106KB - Virtual size: 106KB

.rsrc
Size: 18KB - Virtual size: 18KB