fc593c3af926605a169f6fe063b78735_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fc593c3af926605a169f6fe063b78735_JaffaCakes118
Size

494KB
MD5

fc593c3af926605a169f6fe063b78735
SHA1

1fe9c21656887ac4ea4569388ec600475821b2e8
SHA256

c4a32017ae09f6f54c33e455300b2f5f10bfa428bc70b48657a91c1509ef28b5
SHA512

6ab511708aa50d58f23aaa1bbb11e42aeb3cb6c95df7f85be43a371fffa88902075ab15ca8e37aa2a963c9a842dd3309164b0e37e2325b327798dcaecb67cace
SSDEEP

6144:X1Z98bZr36CV5dl0jwdR050J+EESiMrt7pcTdjSkbUQCD18BtwtEkbv29FOnYDlw:X1slrKCLH05a+lch6xmro4YDq/39V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc593c3af926605a169f6fe063b78735_JaffaCakes118

Files

fc593c3af926605a169f6fe063b78735_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bdd739d8c6bda007812b9fa8b1965e47

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\ekcss\eta\dteo.pdb

Imports

user32

DdeCreateStringHandleA
RegisterClassExA
RegisterClassA
InsertMenuA

kernel32

EnumDateFormatsA
WideCharToMultiByte
AddAtomA
UnhandledExceptionFilter
SetLastError
CreatePipe
GetModuleFileNameA
GetModuleHandleA
lstrcpyW
TlsGetValue
GetThreadContext
OpenMutexA
HeapSize
TlsFree
LCMapStringA
VirtualAlloc
CreateMutexA
SetEnvironmentVariableA
GetACP
VirtualQuery
FreeEnvironmentStringsA
GetLocaleInfoA
GetCurrentProcess
GetLastError
GetProcAddress
GetEnvironmentStringsW
GetVersionExW
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
GetSystemTimeAsFileTime
LoadLibraryA
ReadFile
GetTickCount
GetStartupInfoW
WriteConsoleInputA
VirtualUnlock
GetVersionExA
CompareStringW
HeapAlloc
EnumSystemLocalesA
GetCommandLineW
GetCurrentThread
CloseHandle
EnterCriticalSection
GetProfileIntW
GetOEMCP
GetCPInfo
IsValidLocale
VirtualFree
SetHandleCount
HeapFree
InitializeCriticalSection
GetStartupInfoA
GetFileType
VirtualProtect
FlushFileBuffers
GetCurrentThreadId
TerminateProcess
GetSystemInfo
GetCurrentProcessId
HeapDestroy
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
SetFileAttributesW
CompareStringA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
GetStringTypeA
GetLocaleInfoW
lstrcmpW
WritePrivateProfileStringA
GetProfileIntA
QueryPerformanceCounter
ReadConsoleOutputAttribute
InterlockedExchange
GetStringTypeW
SetFilePointer
TlsAlloc
SetStdHandle
IsBadWritePtr
GetCommandLineA
GetTimeFormatA
RtlUnwind
TlsSetValue
HeapReAlloc
GetUserDefaultLCID
ExitProcess
EnumResourceNamesA
GetStdHandle
WriteFile
RtlZeroMemory
GetModuleFileNameW
WaitNamedPipeA
DeleteCriticalSection
CompareFileTime
LockFileEx
FlushConsoleInputBuffer
GetDateFormatA
HeapCreate

gdi32

PolylineTo
GetCharABCWidthsFloatW

advapi32

LookupPrivilegeDisplayNameW
RegSetValueExW
CryptSignHashA
RegCreateKeyExA
DuplicateTokenEx
RegConnectRegistryA
RegReplaceKeyW

shell32

SHInvokePrinterCommandA
ShellExecuteA
SHGetPathFromIDList
SHChangeNotify
SHGetSpecialFolderLocation

comctl32

InitCommonControlsEx

comdlg32

GetFileTitleA
GetOpenFileNameW
GetOpenFileNameA
PageSetupDlgA

Sections

.text
Size: 334KB - Virtual size: 333KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bdd739d8c6bda007812b9fa8b1965e47

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

gdi32

advapi32

shell32

comctl32

comdlg32

Sections

.text Size: 334KB - Virtual size: 333KB

.rdata Size: 44KB - Virtual size: 75KB

.data Size: 102KB - Virtual size: 102KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 334KB - Virtual size: 333KB

.rdata
Size: 44KB - Virtual size: 75KB

.data
Size: 102KB - Virtual size: 102KB

.rsrc
Size: 12KB - Virtual size: 11KB