d5fccbc76a9f843289dea1e4d5975045_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d5fccbc76a9f843289dea1e4d5975045_JaffaCakes118
Size

532KB
MD5

d5fccbc76a9f843289dea1e4d5975045
SHA1

0ca30aff5ef3c561aa36f56213d866b87d1cdd5e
SHA256

d8d32806e144d5846824bf820af951e5b8d8802bcbded29a7d4974f02006368b
SHA512

942f56f003c0b8112443fd94c00b63b1f3166e15f71155a542359b601a900f9408f11e704053b272e5318fb62de234fcc85ca9e29be4629aa0d5f1db93e9db34
SSDEEP

6144:yhJnJbW8whrc/nsMRB2O0KpalW2NUM/9LPWiJ8Pzs:y3Y8whrQRBn0kadNpgzs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5fccbc76a9f843289dea1e4d5975045_JaffaCakes118

Files

d5fccbc76a9f843289dea1e4d5975045_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d00bd3bc99e8e769b37a0da819ae04a3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\release\release_1_18_20_1\hurricane-sw-development\activities\ue\lslauncher\release\LSLauncher.pdb

Imports

kernel32

FindResourceA
FindResourceExA
CompareStringA
lstrlenW
CompareStringW
lstrlenA
LoadResource
GetLocaleInfoA
GetUserDefaultUILanguage
SetEnvironmentVariableA
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
GetLocaleInfoW
GetTimeZoneInformation
LoadLibraryA
CloseHandle
SetFilePointer
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetACP
GetThreadLocale
GetVersionExA
RaiseException
VirtualAlloc
GetProcAddress
GetModuleHandleA
RtlUnwind
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
GetCPInfo
LCMapStringA
LCMapStringW
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetFullPathNameA
GetCurrentDirectoryA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile

user32

MessageBoxExA
UnregisterClassA

advapi32

ReportEventA
DeregisterEventSource
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegisterEventSourceA

shell32

SHGetFolderPathW
ShellExecuteA

oleaut32

SysAllocStringLen
SysFreeString
SysStringLen

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d00bd3bc99e8e769b37a0da819ae04a3

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

oleaut32

Sections

.text Size: 120KB - Virtual size: 119KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 376KB - Virtual size: 375KB

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 376KB - Virtual size: 375KB