c91c9625b8a1fecf263daf1480922304_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c91c9625b8a1fecf263daf1480922304_JaffaCakes118
Size

149KB
MD5

c91c9625b8a1fecf263daf1480922304
SHA1

de5517a84e4b4f7d7eb10f3125285791f783cb7f
SHA256

c7263f234d8455123322f7e8b9c3a900e70d79c103762532b0eb51a58e6c15c9
SHA512

4150ebd4b3d6b1be2455b84fb537ea1e8263a0822acb6cc666670bcbd45ca988aead6eb5141a80ec27325c8426aae5cffd4278a8252b2a47368bca0f70070b5d
SSDEEP

3072:tzaE7ZKrQMh/x8orIrUCic0PglqlsvARnj1N2Nl55D8ejI1AbWxS/Cau2lPX3LMB:ZaE4rQqlrIQL8Eh2NloesObWxS/TzMB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c91c9625b8a1fecf263daf1480922304_JaffaCakes118

Files

c91c9625b8a1fecf263daf1480922304_JaffaCakes118
.exe windows:5 windows x86 arch:x86

54aaf8dc643114b5c601c5f8d229f3b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Wrote\Sea\Atom\ShopOne.pdb

Imports

kernel32

GetCurrentThreadId
CloseHandle
LocalFree
CreateThread
CompareStringW
VirtualProtect
HeapSize
LoadLibraryW
RtlUnwind
IsProcessorFeaturePresent
HeapReAlloc
GetStringTypeW
LCMapStringW
GetSystemInfo
RemoveDirectoryW
LocalAlloc
GetDiskFreeSpaceW
GetCurrentDirectoryW
GetModuleFileNameW
GetFileAttributesW
WriteConsoleW
Sleep
ReadFile
MultiByteToWideChar
GetProcessHeap
SetEndOfFile
SetFilePointer
GetConsoleMode
GetConsoleCP
RaiseException
WideCharToMultiByte
GetSystemDirectoryW
CreateProcessW
GetEnvironmentVariableW
ExitProcess
GetTimeFormatA
GetDateFormatA
GetLastError
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetFileType
CreateFileA
CreateFileW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
DecodePointer
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
GetProcAddress
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapFree
GetTimeZoneInformation
HeapAlloc
SetStdHandle
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
SetHandleCount
GetStdHandle
DeleteCriticalSection
WriteFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetEnvironmentVariableA

user32

GetClassInfoExW
CallWindowProcW
ReleaseCapture
GetCursorPos
EndDialog
GetWindowTextLengthW
CloseClipboard
GetMessageW
GetFocus
GetAncestor
SetFocus
RegisterClassExW
LoadIconW
OffsetRect
GetWindowLongW
AppendMenuW

comctl32

ord17
ImageList_DragLeave
_TrackMouseEvent

comdlg32

GetOpenFileNameW
ReplaceTextW
GetSaveFileNameW
GetFileTitleW

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemAlloc

shlwapi

PathSkipRootW

avifil32

AVIStreamRelease
AVIFileInit
AVIStreamEndStreaming
AVIMakeFileFromStreams
AVIFileExit

Sections

.text
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 610KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54aaf8dc643114b5c601c5f8d229f3b9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

comctl32

comdlg32

ole32

shlwapi

avifil32

Sections

.text Size: 115KB - Virtual size: 114KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 610KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 115KB - Virtual size: 114KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 610KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB