034b642b0fcac7dc4fef66c9fb17aec7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

034b642b0fcac7dc4fef66c9fb17aec7_JaffaCakes118
Size

5.4MB
MD5

034b642b0fcac7dc4fef66c9fb17aec7
SHA1

b9842d458a73b2c72b2f20e89e15200c9978e073
SHA256

787dd488d2d45504eeeb98a06056d3d124104097722596043a2955eaac9fd831
SHA512

a9b9343d7081b6a250ffc3135885d5652da677968fea06f98f65b71b666c32cb31532a00ae64e49f76fa95eadbf4c12f398ccd6ed71a8e038c58bc1de53b277d
SSDEEP

98304:e9wHoT2PBeQ74srFjw+M23f3nXX/NTBTefMZKlEhBsKAgp1Yl8aW:XS24q461w+n/XXFZpKmPFg8aW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
034b642b0fcac7dc4fef66c9fb17aec7_JaffaCakes118

Files

034b642b0fcac7dc4fef66c9fb17aec7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d189c94b29a11f0b07adffe2b4642502

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\PROJECT_Y\Segmento_Install\Segmento_Install.pdb

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

RaiseException
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
SetLastError
FreeLibrary
LoadLibraryA
WideCharToMultiByte
WaitForSingleObject
CloseHandle
WriteFile
CreateFileA
LockResource
LoadResource
SizeofResource
FindResourceA
DeleteFileA
MultiByteToWideChar
lstrcpyA
SetCurrentDirectoryA
GetProcAddress
CreateDirectoryA
GetWindowsDirectoryA
GetSystemDirectoryA
CreateThread
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
FlushFileBuffers
WriteConsoleW
GetStdHandle
ExitProcess
HeapSize
Sleep
SetStdHandle
GetConsoleOutputCP
WriteConsoleA
LCMapStringW
LCMapStringA
TlsFree
TlsSetValue
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
GetLastError
HeapReAlloc
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
GetModuleHandleA
TlsGetValue
TlsAlloc

user32

CallWindowProcA
IsWindow
GetDC
InflateRect
GetWindowDC
IsWindowEnabled
ReleaseDC
RedrawWindow
EndDialog
UnregisterClassA
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgItem
SetDlgItemTextA
KillTimer
SetTimer
BringWindowToTop
SendMessageA
GetWindowLongA
SetForegroundWindow
GetActiveWindow
DialogBoxParamA
SetWindowLongA
GetParent

gdi32

ExcludeClipRect

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyExA

shell32

SHGetFolderPathA
SHGetSpecialFolderPathA
ShellExecuteExA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VariantInit
VariantClear
SysStringLen

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d189c94b29a11f0b07adffe2b4642502

Headers

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 7.2MB - Virtual size: 7.2MB

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 7.2MB - Virtual size: 7.2MB