fc481eef55550690716a35ccef072428_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fc481eef55550690716a35ccef072428_JaffaCakes118
Size

248KB
MD5

fc481eef55550690716a35ccef072428
SHA1

ca8c32164c615e179608a91ebae2c9dcc6662824
SHA256

263557f3ad580d4416c30aa31da0f72f817d72545cf923725e1a12231c9b06c7
SHA512

1941c62215faf76abc5aa62612d3a56498fc2dd675a1ef4fa4df36f77a1368f44c97ebc22aa1136319aee62667f53ec172ec41dc5efe346db5206ecf7c270d22
SSDEEP

3072:gLiF91QlWBybXxlXfsYKFLS0Xru2P/rOC0T8ojeotY:QiD11uXf1KUSvXrOCijT+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc481eef55550690716a35ccef072428_JaffaCakes118

Files

fc481eef55550690716a35ccef072428_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9ff7096f392f1ee7e176fc9d53f8d761

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\myapp\stsapp.pdb

Imports

kernel32

PulseEvent
LeaveCriticalSection
WaitForSingleObject
Sleep
GetModuleHandleA
CloseHandle
VirtualFree
VirtualAlloc
LoadLibraryA
VirtualProtect
GetProcAddress
GetFileType
VirtualAllocEx
GetProcessHeap
GetLastError
GetLocaleInfoA
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapSize
GetSystemTimeAsFileTime
GetCurrentProcessId
GetStartupInfoA
GetCommandLineA
GetVersionExA
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
HeapDestroy
HeapCreate
HeapFree
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
FlushFileBuffers
SetFilePointer
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemInfo

user32

LoadBitmapA
UpdateWindow
LoadCursorA
InSendMessage
EnableWindow

shell32

DuplicateIcon

winscard

SCardForgetReaderW

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 188KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dbg
Size: 4KB - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.relc
Size: 4KB - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9ff7096f392f1ee7e176fc9d53f8d761

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

winscard

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 188KB - Virtual size: 213KB

.dbg Size: 4KB - Virtual size: 512B

.relc Size: 4KB - Virtual size: 512B

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 188KB - Virtual size: 213KB

.dbg
Size: 4KB - Virtual size: 512B

.relc
Size: 4KB - Virtual size: 512B