bf54c5b4f51da69bab2c46cfa6aac76d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bf54c5b4f51da69bab2c46cfa6aac76d_JaffaCakes118
Size

180KB
MD5

bf54c5b4f51da69bab2c46cfa6aac76d
SHA1

68b667c01e0b67b203833ab91a831517e036fe63
SHA256

e74c46ccb52b3177a712f731ac5b0983ad6c9f9af7972ad8895f58cd7325b6ea
SHA512

f97d93bdf55c3059ddb1adc9ddefe133b168e52053fcd40075b3514fc2c3f4dd70efbfa80ddfe1032258f3496bb3f5f08afc592338a5683e73746f0c94188178
SSDEEP

3072:Trxo6L4yCk+ZcFzWh5EAhvTrQXmgu3ptRZV:5RNZ+EzoCorQX237R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf54c5b4f51da69bab2c46cfa6aac76d_JaffaCakes118

Files

bf54c5b4f51da69bab2c46cfa6aac76d_JaffaCakes118
.exe .vbs windows:4 windows x86 arch:x86 polyglot

59ec21acfb7289ea9e2c4aef3c24d64a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\_Components\KL03\Release\KL03.pdb

Imports

kernel32

GetLastError
CreateMutexA
GetWindowsDirectoryA
GetModuleFileNameA
DeleteFileA
GetExitCodeProcess
CreateProcessA
LockResource
LoadResource
SizeofResource
FindResourceA
Sleep
SetFilePointer
lstrcatA
HeapFree
HeapAlloc
CompareStringW
CompareStringA
GetLocaleInfoA
CreateThread
SetEndOfFile
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
VirtualQuery
GetSystemInfo
VirtualProtect
MultiByteToWideChar
LoadLibraryA
FlushFileBuffers
SetStdHandle
RaiseException
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
GetModuleHandleA
GetCurrentThreadId
GetSystemDirectoryA
CreateFileA
CloseHandle
GetFileSize
WriteFile
ReadFile
HeapSize
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetTimeZoneInformation
WideCharToMultiByte
GetCurrentProcess
TerminateProcess
GetProcAddress
GetVersionExA
GetCommandLineA
GetStartupInfoA
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime
SetEnvironmentVariableA

user32

GetKeyboardLayout
GetWindowThreadProcessId
GetForegroundWindow
AttachThreadInput
SetWindowsHookExA
UpdateWindow
ShowWindow
GetKeyboardState
GetWindowTextA
ToAsciiEx
CallNextHookEx
UnhookWindowsHookEx
LoadStringA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
LoadIconA
LoadCursorA
RegisterClassExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
BeginPaint
EndPaint
PostQuitMessage
EndDialog
CreateWindowExA

advapi32

RegOpenKeyA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteA

shlwapi

PathRemoveFileSpecA
PathFileExistsA

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59ec21acfb7289ea9e2c4aef3c24d64a

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

shlwapi

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 120KB - Virtual size: 119KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 120KB - Virtual size: 119KB