016fb928ddb55c1bb5e1e41393029e9a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

016fb928ddb55c1bb5e1e41393029e9a_JaffaCakes118
Size

252KB
MD5

016fb928ddb55c1bb5e1e41393029e9a
SHA1

86a97acc5fb2c50acd321cc8fb9a54d8d6104296
SHA256

ddec5df502b724d2b06ebc652ac9230a07285f06d6376e480c409dfb4829d28c
SHA512

e771350d94e4639a608b90f1eb8472fa032575c53157448e9bca5fe72b638f24755afbc64c235c3aaf2200592da9eda4044d278ed75b3786360716476808af5d
SSDEEP

6144:I7FIafq7vzlS4B8wRNQWasM+IIeTNvrEalNI0j8M:2FICsvM+DuZNI0H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
016fb928ddb55c1bb5e1e41393029e9a_JaffaCakes118

Files

016fb928ddb55c1bb5e1e41393029e9a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

29ef2e6d5b99aace9476d35fc8afe14c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Program Files\Microsoft Visual Studio\Eda\Voli\Wuxu.pdb

Imports

user32

GetCursorPos
SystemParametersInfoA
FrameRect
ClientToScreen
GetClassNameA
IsWindowEnabled
SetFocus
RegisterClassExA
GetKeyNameTextA
GetWindowTextLengthA
GetClassInfoExA
CallWindowProcA
GetMessageA
SetWindowsHookExA
GetFocus
AppendMenuA
CheckMenuRadioItem
LoadImageA
DrawIcon
CheckMenuItem
DispatchMessageA

ole32

OleInitialize
CoInitialize
CLSIDFromString
CoCreateInstance
OleSetContainedObject

kernel32

SetLastError
SetEnvironmentVariableA
CompareStringW
CompareStringA
CloseHandle
FlushFileBuffers
GetLocaleInfoW
SetStdHandle
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
GetTimeZoneInformation
SetFilePointer
GetOEMCP
GetACP
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCPInfo
GetTimeFormatA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
VirtualQuery
QueryPerformanceCounter
CreateFileA
GetWindowsDirectoryA
GetSystemTime
OpenProcess
GetVersionExA
GetModuleHandleA
GetDateFormatA
FindResourceA
SetEvent
GetCurrentProcess
LoadLibraryA
CreateProcessA
SetFileAttributesA
GetSystemInfo
ExpandEnvironmentStringsA
GetVolumeInformationA
SetTapePosition
VirtualProtect
ExitProcess
GetProcAddress
TerminateProcess
HeapAlloc
GetCommandLineA
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
TlsAlloc
GetCurrentThreadId
GetLastError
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
HeapFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
InitializeCriticalSection
RtlUnwind
HeapSize
InterlockedExchange

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 390KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

29ef2e6d5b99aace9476d35fc8afe14c

Headers

File Characteristics

PDB Paths

Imports

user32

ole32

kernel32

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 112KB - Virtual size: 110KB

.data Size: 80KB - Virtual size: 390KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 112KB - Virtual size: 110KB

.data
Size: 80KB - Virtual size: 390KB