f9a73f53a842c0e3c461f9f4aa0b83dd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f9a73f53a842c0e3c461f9f4aa0b83dd_JaffaCakes118
Size

492KB
MD5

f9a73f53a842c0e3c461f9f4aa0b83dd
SHA1

ec87eaf3d378e2efe4a7adfa4d3fc3f11eacd506
SHA256

029cc0936730da11d8568af611a32125f4d289ad71ac9964a6cc9fc441291cfa
SHA512

22f3636dddba9c7a3bed072b1c4a6c7eea0e6fa74cf476067bc22eabf6e6e7260b206a5ca73aa465bcc10eb477f2692e49ba2713fd20a90402753fdf7a4e6ed6
SSDEEP

12288:4aCRcd4Ksb+vLcFYiZ5FTxgNtsmzcovDtafCvcy38QvcdjVR6c:x4KQW0ZToXzpDt59ijO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9a73f53a842c0e3c461f9f4aa0b83dd_JaffaCakes118

Files

f9a73f53a842c0e3c461f9f4aa0b83dd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a3c180cc192efa64cc47b2392a494d88

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\uedhtbeqe\tmoebeb\pcepp.pdb

Imports

comdlg32

GetFileTitleA
GetOpenFileNameW

comctl32

InitCommonControlsEx

advapi32

RegCreateKeyExA
CryptSignHashA
CryptGenKey
LookupSecurityDescriptorPartsW
CryptDuplicateKey
RegRestoreKeyA
CryptSetHashParam
RegConnectRegistryA
RegQueryMultipleValuesA

gdi32

GetTextCharset
TextOutA
CreateBitmapIndirect
CopyEnhMetaFileW
ScaleWindowExtEx
GetCharABCWidthsFloatA
OffsetClipRgn
EnableEUDC
UpdateICMRegKeyA
RestoreDC
SelectPalette
GetTextFaceA
GetCharacterPlacementA
SetICMProfileA
SetBrushOrgEx
GetGlyphOutline
CreateFontIndirectW
GetCharABCWidthsW
SetPixelV
GetEnhMetaFileHeader
CreateRectRgnIndirect
ExtFloodFill
SetICMMode
GetBitmapDimensionEx

user32

GetWindow
GetDC
InsertMenuItemW
ScrollDC
RegisterClassA
RegisterClassExA

wininet

InternetGetConnectedStateExW
InternetWriteFileExA
HttpQueryInfoA

kernel32

VirtualQuery
GetProcessHeaps
ReadFile
GetEnvironmentStringsW
VirtualFree
HeapAlloc
LCMapStringW
IsBadWritePtr
GetCPInfo
IsValidLocale
GetModuleFileNameW
GetSystemTimeAsFileTime
GetModuleFileNameA
GetOEMCP
GetVersionExA
GetStdHandle
FreeEnvironmentStringsA
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeW
DeleteCriticalSection
CompareStringA
HeapFree
TlsAlloc
HeapCreate
GetTickCount
MultiByteToWideChar
GetCurrentThreadId
GetUserDefaultLCID
SetStdHandle
LoadLibraryA
QueryPerformanceCounter
TlsFree
TlsGetValue
VirtualAlloc
GetCurrentProcess
SetLastError
HeapReAlloc
FreeEnvironmentStringsW
GetACP
GetLastError
FlushFileBuffers
GetProcAddress
TerminateProcess
GetDateFormatA
GetCurrentProcessId
CloseHandle
OpenMutexA
SetEnvironmentVariableA
GetConsoleScreenBufferInfo
HeapSize
InterlockedExchange
ExitProcess
IsValidCodePage
GetCurrentThread
CompareStringW
GetStringTypeA
VirtualProtect
GetStartupInfoA
GetCommandLineW
LCMapStringA
SetFilePointer
WriteFile
EnterCriticalSection
GetTimeZoneInformation
InitializeCriticalSection
EnumSystemLocalesA
SetHandleCount
LeaveCriticalSection
GetStartupInfoW
UnhandledExceptionFilter
GetCommandLineA
CreateMutexA
GetTimeFormatA
GetLocaleInfoW
GetFileType
GetModuleHandleA
TlsSetValue
GetSystemInfo
GetEnvironmentStrings
HeapDestroy
RtlUnwind

Sections

.text
Size: 307KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3c180cc192efa64cc47b2392a494d88

Headers

File Characteristics

PDB Paths

Imports

comdlg32

comctl32

advapi32

gdi32

user32

wininet

kernel32

Sections

.text Size: 307KB - Virtual size: 306KB

.rdata Size: 68KB - Virtual size: 71KB

.data Size: 105KB - Virtual size: 105KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 307KB - Virtual size: 306KB

.rdata
Size: 68KB - Virtual size: 71KB

.data
Size: 105KB - Virtual size: 105KB

.rsrc
Size: 10KB - Virtual size: 10KB