d3d7197b07468f3aea886a5a38d78de8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d3d7197b07468f3aea886a5a38d78de8_JaffaCakes118
Size

156KB
MD5

d3d7197b07468f3aea886a5a38d78de8
SHA1

99286aa234a66463cf65798b93de83ee0f418a6d
SHA256

059fd61c1be0b5068251c18327448dea05ce6bb1b35b3d5a3bd860869a5c9840
SHA512

eafd279dec8fc221b94373f8a9e53a01da6c90c42f7b0cc12b9016ca2b79c021ab8697b92a4c2b016ff0c958634077c65e9589984fc2bae3582711d011d86b97
SSDEEP

1536:hn9Lb549y0QLHd/gIbT4fcimNRGbQZLKvHxDiojKVSV5npg2S2ft0:3Zay0QDd54flLbQZ4DiUDnV1t0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3d7197b07468f3aea886a5a38d78de8_JaffaCakes118

Files

d3d7197b07468f3aea886a5a38d78de8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

24b88e200dd206186adc976c110d7e1a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\myfile\vs\tangXoffice\debug\Execl.pdb

Imports

kernel32

GetFileAttributesA
WinExec
CopyFileA
GetModuleFileNameA
GetSystemDirectoryA
CompareStringW
CompareStringA
HeapAlloc
GetCommandLineA
HeapFree
GetVersionExA
GetProcessHeap
GetStartupInfoA
GetLastError
CloseHandle
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetProcAddress
GetModuleHandleA
ExitProcess
GetStdHandle
MultiByteToWideChar
ReadFile
SetFilePointer
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
FlushFileBuffers
Sleep
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
InitializeCriticalSection
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
CreateFileA
GetCPInfo
GetACP
GetOEMCP
HeapSize
GetLocaleInfoA
GetLocaleInfoW
SetEndOfFile
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetTimeZoneInformation
SetEnvironmentVariableA

shell32

ShellExecuteA

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24b88e200dd206186adc976c110d7e1a

Headers

File Characteristics

PDB Paths

Imports

kernel32

shell32

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 116KB - Virtual size: 113KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 8KB - Virtual size: 14KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 8KB - Virtual size: 5KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 116KB - Virtual size: 113KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 14KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 8KB - Virtual size: 5KB