c0dfaa210467baaf75a95772fc62ae82_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c0dfaa210467baaf75a95772fc62ae82_JaffaCakes118
Size

188KB
MD5

c0dfaa210467baaf75a95772fc62ae82
SHA1

0fa96f5b47dd93dd4b381248adc31e8ac4b9ba2a
SHA256

766c63c54ea8cf40fd476a910c6472c68959d24cf09b877513fa73be2c75e92f
SHA512

e308ca6adfc078c7e31c1461b47b3c4065d44d2d26f688fc8597a301faf60b5119cebc2ea78b47d90bf83220ecae52917019db10b0ed8c05f8f38d77fc1d8185
SSDEEP

3072:IQ7Mb0osQxf5u6UIePV2zjmDQjroNBGbcl0s9YALT7qHE0wkT7W/:n7Mb0P6o6NetMdENgbs09OT7qM64

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0dfaa210467baaf75a95772fc62ae82_JaffaCakes118

Files

c0dfaa210467baaf75a95772fc62ae82_JaffaCakes118
.exe windows:4 windows x86 arch:x86

45083a2d38e494503c9eed4bbd1e566e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\repo2\firewall\trunk\bin\Win32\Release\setloadorder.pdb

Imports

kernel32

GetCommandLineW
GetLastError
HeapReAlloc
HeapAlloc
HeapFree
GetVersionExA
GetProcessHeap
GetStartupInfoW
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapSize
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA

advapi32

RegSetValueExW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW

shell32

CommandLineToArgvW

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

45083a2d38e494503c9eed4bbd1e566e

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 176B

.text Size: 120KB - Virtual size: 120KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 176B

.text
Size: 120KB - Virtual size: 120KB