0285e6fa8bdfe6f1d0d4ab6e8c226477_JaffaCakes118

General

Target

0285e6fa8bdfe6f1d0d4ab6e8c226477_JaffaCakes118
Size

3.4MB
MD5

0285e6fa8bdfe6f1d0d4ab6e8c226477
SHA1

c2285f1da0da2bcb3a39e0f2edc409db34b5f89e
SHA256

990846df47d3be9bd4bb9d4adb2dba363f0bfec0edb94b3a87b60157031b9866
SHA512

d7430fdc9070484e19e2ed2d5756c469acb34132ce0ed193d6d0606612a3d91b856beef4afc838888e821a3faaac149663f4e779d7588e77033c6f31e62016f8
SSDEEP

98304:ZHpYHiGq3YRkNXJ2Kk5UY/XqksujixcNgmJ9:ZHuCGq3hJVk5U4Xs2ixG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0285e6fa8bdfe6f1d0d4ab6e8c226477_JaffaCakes118

Files

0285e6fa8bdfe6f1d0d4ab6e8c226477_JaffaCakes118
.exe windows:4 windows x86 arch:x86

695ab0136786c560ceaebce78e38a5da

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\ePocketSetup4\SetupProgram\SetupLoader\Release\SetupLoader.pdb

Imports

kernel32

GetModuleFileNameA
CreateFileA
SetFilePointer
GetTempPathA
GetFileAttributesA
DeleteFileA
WriteFile
CloseHandle
CreateProcessA
ReadFile
FindResourceA
LoadResource
LockResource
GetSystemInfo
VirtualProtect
GetLocaleInfoA
RtlUnwind
HeapAlloc
HeapFree
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
HeapSize
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualQuery

user32

LoadStringA
MsgWaitForMultipleObjects
MessageBoxA

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 505KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

695ab0136786c560ceaebce78e38a5da

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 505KB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 505KB

.rsrc
Size: 8KB - Virtual size: 7KB