d603f4b2e8eaf7fe220e905b8d20aef1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d603f4b2e8eaf7fe220e905b8d20aef1_JaffaCakes118
Size

86KB
MD5

d603f4b2e8eaf7fe220e905b8d20aef1
SHA1

bf74c788cc138f897c28b1fa32581df6bcd1af0c
SHA256

30b659a3c5332f95d7a7d97ff10aad1148951a03e3cd413fd7bf37a76b228e7a
SHA512

5c720f8b61554483d237601d1ca34ef1771327bb65393aee77cb4a39c5503d5e1bbc7fc7cef8111577ee7dac69991046f02d1c7557f402db607b0064616c03af
SSDEEP

1536:s+PEmzHfpx6pBRwEry30c5hfYAZ5sR+8r3EvlzRL+Qo/X4aY9x:ssEmNx6pBRTml5VYKsnyzF+Q84v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d603f4b2e8eaf7fe220e905b8d20aef1_JaffaCakes118

Files

d603f4b2e8eaf7fe220e905b8d20aef1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ae017d93ff6a6f7eaf15f5a24d51c0a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

W:\locker\locker\Release\locker.pdb

Imports

kernel32

CompareFileTime
GetSystemWindowsDirectoryW
WaitForSingleObject
SetEvent
GetModuleHandleW
GetTickCount
SetFileTime
WriteFile
OpenProcess
Thread32First
WideCharToMultiByte
LoadLibraryW
CopyFileW
GetVersionExW
TerminateProcess
Thread32Next
ReadFile
GetModuleFileNameW
CreateFileW
lstrcmpW
GetTempPathW
GetProcAddress
SystemTimeToFileTime
OpenThread
CreateEventW
Process32NextW
lstrcmpiW
CreateToolhelp32Snapshot
GetFileTime
CloseHandle
GetSystemTime
SuspendThread
lstrcpyW
GetVolumeInformationW
CreateThread
HeapAlloc
InterlockedIncrement
InterlockedDecrement
HeapFree
GetProcessHeap
InitializeCriticalSection
LeaveCriticalSection
lstrcmpiA
EnterCriticalSection
DeleteCriticalSection
CreateProcessW
lstrlenA
lstrcmpA
GetEnvironmentVariableW
ExitProcess
lstrlenW
Process32FirstW
Sleep

user32

EndPaint
UpdateWindow
DispatchMessageW
SetTimer
DestroyWindow
GetWindowRect
SetWindowLongW
CallWindowProcW
DefWindowProcW
GetMessageW
PostQuitMessage
KillTimer
LoadCursorW
BeginPaint
TranslateMessage
RegisterClassExW
ShowWindow
FrameRect
CreateWindowExW
wsprintfW
GetSystemMetrics

gdi32

GetStockObject

advapi32

RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
RegSetValueExW

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

OleUninitialize
OleInitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

wininet

InternetCrackUrlW
InternetReadFile
InternetConnectW
HttpSendRequestW
HttpOpenRequestW
InternetCloseHandle
InternetOpenW

shlwapi

PathFileExistsW
StrStrW
PathAppendW
StrCmpNW

urlmon

CoInternetGetSession
CoInternetSetFeatureEnabled

Sections

.text
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 387B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data1
Size: 67KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ae017d93ff6a6f7eaf15f5a24d51c0a0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

shlwapi

urlmon

Sections

.text Size: 10KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 8KB

.data Size: 387B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 4KB

.data1 Size: 67KB - Virtual size: 68KB

.text
Size: 10KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 8KB

.data
Size: 387B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 4KB

.data1
Size: 67KB - Virtual size: 68KB