b99e72142b710381be6316a28a36ddf7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b99e72142b710381be6316a28a36ddf7_JaffaCakes118
Size

220KB
MD5

b99e72142b710381be6316a28a36ddf7
SHA1

34e345044648b6e86ba8e65127aef94723326cdf
SHA256

2f7d110efe2f8f06178a93aa03f5375ee3cb80cc361e403a7c7a76aa32d7ea88
SHA512

c6ab32dea8afd7f4acd85dd4b6e9a0f8c9e34ede098ca944f8836b1999f0028d9c2ed80cfaf90e5671b0ca295d360a1283a8aa0113bc3be05a7eb649aeae8082
SSDEEP

3072:w4dXREXCKZrWsHGTm5okNhazl7UGMi3MmdJlIT8NkgRNqRrQuUrYlm:NHxirzHGCha9VMicmq+Rz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b99e72142b710381be6316a28a36ddf7_JaffaCakes118

Files

b99e72142b710381be6316a28a36ddf7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

af82e1b397cf7df93aac7b537ec39e09

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\_project_new\Products\SCRproject\Sc\CWriter_v2\cwriter_v2\Release\cwriter_v2.pdb

Imports

kernel32

LoadResource
FindResourceA
FindResourceExA
lstrlenA
GetSystemTime
CompareStringA
CompareStringW
GetTimeFormatA
GetDateFormatA
DisconnectNamedPipe
CreateNamedPipeA
CloseHandle
SetNamedPipeHandleState
CreateFileA
GetModuleFileNameA
GetPrivateProfileStringA
WriteFile
ReadFile
CreateEventA
LockResource
Sleep
WaitForSingleObject
TerminateProcess
GetCommandLineA
LocalFree
GetCurrentProcess
MapViewOfFileEx
CreateFileMappingA
GetFileSize
UnmapViewOfFile
GetPrivateProfileSectionNamesA
lstrcpyA
lstrcmpA
lstrcpynA
GetPrivateProfileIntA
SetEndOfFile
GetLocaleInfoW
SetStdHandle
LoadLibraryA
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
InterlockedExchange
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
SetEvent
GetUserDefaultLCID
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetTimeZoneInformation
SetFilePointer
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime
GetModuleHandleA
GetStartupInfoA
LCMapStringA
LCMapStringW
GetCPInfo
HeapCreate
VirtualFree
IsBadWritePtr
GetProcAddress
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
SetUnhandledExceptionFilter
GetOEMCP
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableA

user32

wsprintfA
LoadStringA

advapi32

CreateProcessAsUserA
OpenProcessToken
DuplicateTokenEx
ConvertStringSidToSidA
GetLengthSid
SetTokenInformation
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA

shell32

SHGetFolderPathA
SHGetSpecialFolderPathA

shlwapi

PathAppendA
PathRemoveFileSpecA
PathAddBackslashA

wininet

InternetSetCookieA
InternetGetCookieA

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af82e1b397cf7df93aac7b537ec39e09

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

shlwapi

wininet

Sections

.text Size: 168KB - Virtual size: 167KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 12KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 616B

.text
Size: 168KB - Virtual size: 167KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 12KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 616B