b36fca0dccf01d152fab633ef55d1ec3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b36fca0dccf01d152fab633ef55d1ec3_JaffaCakes118
Size

220KB
MD5

b36fca0dccf01d152fab633ef55d1ec3
SHA1

f73e5a58321560cb88482b34ffd33cc6f9beb809
SHA256

9008480323e8da431ad55ef474323124a74ed5399c9a00b428f8cd324839d8a2
SHA512

bbafee5c096c47283c9977590f80e3b52a14a8379b2babd89ae82b8897219444f3d7297b16cceec96f1118a672c508b06d07485b1300aa84bdfa9f889444cea7
SSDEEP

3072:U4dXREXCKZrWsHGTm5okNhazl7UGMi3MmdJlIT8NkgRNqRrQuUrYlmf:BHxirzHGCha9VMicmq+Rzf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b36fca0dccf01d152fab633ef55d1ec3_JaffaCakes118

Files

b36fca0dccf01d152fab633ef55d1ec3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

af82e1b397cf7df93aac7b537ec39e09

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\_project_new\Products\SCRproject\Sc\CWriter_v2\cwriter_v2\Release\cwriter_v2.pdb

Imports

kernel32

LoadResource
FindResourceA
FindResourceExA
lstrlenA
GetSystemTime
CompareStringA
CompareStringW
GetTimeFormatA
GetDateFormatA
DisconnectNamedPipe
CreateNamedPipeA
CloseHandle
SetNamedPipeHandleState
CreateFileA
GetModuleFileNameA
GetPrivateProfileStringA
WriteFile
ReadFile
CreateEventA
LockResource
Sleep
WaitForSingleObject
TerminateProcess
GetCommandLineA
LocalFree
GetCurrentProcess
MapViewOfFileEx
CreateFileMappingA
GetFileSize
UnmapViewOfFile
GetPrivateProfileSectionNamesA
lstrcpyA
lstrcmpA
lstrcpynA
GetPrivateProfileIntA
SetEndOfFile
GetLocaleInfoW
SetStdHandle
LoadLibraryA
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
InterlockedExchange
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
SetEvent
GetUserDefaultLCID
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetTimeZoneInformation
SetFilePointer
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime
GetModuleHandleA
GetStartupInfoA
LCMapStringA
LCMapStringW
GetCPInfo
HeapCreate
VirtualFree
IsBadWritePtr
GetProcAddress
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
SetUnhandledExceptionFilter
GetOEMCP
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableA

user32

wsprintfA
LoadStringA

advapi32

CreateProcessAsUserA
OpenProcessToken
DuplicateTokenEx
ConvertStringSidToSidA
GetLengthSid
SetTokenInformation
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA

shell32

SHGetFolderPathA
SHGetSpecialFolderPathA

shlwapi

PathAppendA
PathRemoveFileSpecA
PathAddBackslashA

wininet

InternetSetCookieA
InternetGetCookieA

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af82e1b397cf7df93aac7b537ec39e09

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

shlwapi

wininet

Sections

.text Size: 168KB - Virtual size: 167KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 12KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 996B

.text
Size: 168KB - Virtual size: 167KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 12KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 996B