bd73dab3f6dcc0aaa555c18759d224db_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bd73dab3f6dcc0aaa555c18759d224db_JaffaCakes118
Size

1.6MB
MD5

bd73dab3f6dcc0aaa555c18759d224db
SHA1

02f66a1776e91727c2a865482a934f64831d67c5
SHA256

f7ad1bbb7a6e2d9a7af4727457fa727c105f3f3391f3720f5f8c33bbabee2c27
SHA512

88d2e7fa73836ecf4251b0e836abd120f5160d059f88ef5026ad7c4232f7013193639e82b629d184da797e0413baa14bb148312b6dec1a0c973ed66b40b04ebc
SSDEEP

49152:Q86xqVcnTfDeH7knkfPL94kIF2TGS/pgdSQ8v8c/x:J+lnTfDeww5GS/pgdSQE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd73dab3f6dcc0aaa555c18759d224db_JaffaCakes118

Files

bd73dab3f6dcc0aaa555c18759d224db_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5c63fad59d4f52ffe50f9fddc013de6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\ITripoli\Self Extract Utility\Src\SelfExtractTool\SelfExtractorTemplEx\Release\SelfExtractorTemplEx.pdb

Imports

comctl32

ImageList_GetIcon

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
MultiByteToWideChar
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
FreeLibrary
LoadLibraryA
SetLastError
LocalFree
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
CloseHandle
GetVolumeInformationA
ExpandEnvironmentStringsA
CreateFileA
ReadFile
WriteFile
SetFilePointer
CreateDirectoryA
GetProcAddress
GetCurrentDirectoryA
GetModuleFileNameA
GetComputerNameA
RemoveDirectoryA
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetDriveTypeA
GetTickCount
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
IsBadWritePtr
VirtualFree
HeapCreate
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
LocalAlloc
HeapDestroy
HeapReAlloc
HeapSize
ExitProcess
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetModuleHandleA
TerminateProcess
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter

user32

CreateWindowExA
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
RegisterClassExA
CallWindowProcA
GetWindowLongA
DefWindowProcA
DestroyIcon
DestroyWindow
LoadCursorA
wsprintfA
GetClassInfoExA
IsWindow
SetWindowLongA
UnregisterClassA

shell32

SHGetFileInfoA
Shell_NotifyIconA

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c63fad59d4f52ffe50f9fddc013de6b

Headers

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

shell32

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 16KB - Virtual size: 13KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 16KB - Virtual size: 13KB