c13915f351bab58758ad3538b9f26e83_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c13915f351bab58758ad3538b9f26e83_JaffaCakes118
Size

476KB
MD5

c13915f351bab58758ad3538b9f26e83
SHA1

e9a607d294828a52b40c6c67b2981ee7d80fe080
SHA256

fa1d9716362504753d2807f301437cf1265fd45f2e379cbadd5550a93f4edf70
SHA512

a59ef4f2abb1bde85cb761bd2012942ed6226fc9c9e1511cd4433881406fb2616a9d796bb31ff91ec080cd3a76a6228ff856aedbfb2b43f3eab6f4e5aea91ce3
SSDEEP

6144:cglXiwuYCMoB+JQK1saIBVoQ5Y7xurS4AiMQdadOnlPppcduuHgQTmYXLmF:RRrMjBmQ0BsoQ+urcM7Rjc/gQTmYK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c13915f351bab58758ad3538b9f26e83_JaffaCakes118

Files

c13915f351bab58758ad3538b9f26e83_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fd8f89894a3845dace8ecb2b42a9c7d0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\eodfuursc.pdb

Imports

comctl32

InitCommonControlsEx

kernel32

RtlMoveMemory
CompareStringW
CreateFileMappingA
InterlockedIncrement
GetCommandLineA
EnterCriticalSection
RaiseException
CloseHandle
FindAtomA
InterlockedExchange
GetStdHandle
SetLastError
LCMapStringA
CreateToolhelp32Snapshot
InitializeCriticalSection
lstrcmpW
GetCurrentThread
GetSystemTimeAsFileTime
VirtualQuery
GetStringTypeW
GetCurrentThreadId
GetLocalTime
GetEnvironmentStrings
IsBadWritePtr
WritePrivateProfileStructW
GetTickCount
TlsAlloc
VirtualFree
VirtualAlloc
GetTimeZoneInformation
GetStartupInfoA
FileTimeToDosDateTime
TlsGetValue
SetLocalTime
GetModuleFileNameA
FreeEnvironmentStringsA
TlsSetValue
GetACP
SetEnvironmentVariableA
GlobalFix
GetCurrentProcessId
CompareStringA
TerminateProcess
lstrcatW
GetModuleHandleA
GetStringTypeA
LoadLibraryA
FlushFileBuffers
VirtualQueryEx
GetFileType
CreateFileMappingW
CompareFileTime
SetHandleCount
GetEnvironmentStringsW
GetSystemTime
LeaveCriticalSection
HeapReAlloc
HeapCreate
ExitProcess
GetModuleFileNameW
GetProfileIntA
SetFilePointer
WideCharToMultiByte
QueryPerformanceCounter
RtlUnwind
FreeEnvironmentStringsW
Sleep
GetProcAddress
CreateMutexA
OpenMutexA
SetStdHandle
HeapFree
LCMapStringW
GetOEMCP
GetPrivateProfileSectionNamesA
GetLastError
lstrlenA
WriteFile
TlsFree
HeapDestroy
DeleteCriticalSection
HeapAlloc
GetVersion
MultiByteToWideChar
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
ReadFile
GetCurrentProcess
LocalShrink
VirtualLock

user32

CharToOemA
ShowScrollBar
DlgDirListW
RegisterClassA
DefMDIChildProcW
CharLowerA
RegisterClassExA

Sections

.text
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd8f89894a3845dace8ecb2b42a9c7d0

Headers

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

Sections

.text Size: 304KB - Virtual size: 304KB

.rdata Size: 51KB - Virtual size: 66KB

.data Size: 103KB - Virtual size: 103KB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 304KB - Virtual size: 304KB

.rdata
Size: 51KB - Virtual size: 66KB

.data
Size: 103KB - Virtual size: 103KB

.rsrc
Size: 16KB - Virtual size: 15KB