06c237d55c0d27eadbd78060604f0b50_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

06c237d55c0d27eadbd78060604f0b50_JaffaCakes118
Size

332KB
MD5

06c237d55c0d27eadbd78060604f0b50
SHA1

a1a67cea67433d8f0ab17d18a39d3c65775973c0
SHA256

dd19b1eccd6ec41e99152a6c8aadee5872f8cda98b7e03f786fedeeb04a07991
SHA512

e662ab6fffb827863e4714306728c39eecc314a34655f10c969ec2ff5b240a26f2aeb23c5bafdc9add7ec31f46c09f1c421ae091bad04d0309bc19be68aa7e48
SSDEEP

6144:5vRQL2X8+2dMHSnp1X4UjxAB2aeU+fqNQn3ucpZvk:xk2X8+2d4SLXNDan+fqNnGc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06c237d55c0d27eadbd78060604f0b50_JaffaCakes118

Files

06c237d55c0d27eadbd78060604f0b50_JaffaCakes118
.exe windows:4 windows x86 arch:x86

92256076bb8dce5afb9023010ba70ba2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\zaeeedyoe\ehkoeoe\eovadesae\iahpfazef.PDB

Imports

user32

RegisterClassA
MessageBoxExW
IsCharAlphaNumericA
InsertMenuW
FindWindowExA
LookupIconIdFromDirectory
CreateWindowStationA
DestroyCaret
DestroyWindow
LookupIconIdFromDirectoryEx
DispatchMessageA
GetListBoxInfo
CharNextW
RegisterClassExA
InvalidateRect
GetMessagePos
InsertMenuItemW
CharNextExA
EnumDisplaySettingsExA
CreateCaret

kernel32

GetStartupInfoA
HeapFree
CreateMutexA
HeapAlloc
FlushFileBuffers
CloseHandle
HeapLock
GetStringTypeA
LoadLibraryA
GetTimeFormatA
GetCommandLineA
GetLastError
GetCurrentProcess
RtlZeroMemory
GetFileType
DeleteCriticalSection
TlsAlloc
SetEnvironmentVariableA
GetModuleFileNameW
GetTempFileNameA
GetStringTypeW
FreeEnvironmentStringsW
SetLastError
TerminateProcess
FreeEnvironmentStringsA
TlsGetValue
MultiByteToWideChar
SetConsoleCtrlHandler
IsBadReadPtr
GetCommandLineW
WriteConsoleW
GetLocaleInfoW
GetTickCount
WideCharToMultiByte
GetModuleHandleA
EnterCriticalSection
SetStdHandle
EnumSystemLocalesA
GetStdHandle
LeaveCriticalSection
GetSystemTimeAsFileTime
GetProcAddress
InterlockedIncrement
GetModuleFileNameA
VirtualProtect
DebugBreak
WriteFile
OpenMutexA
GetDateFormatA
HeapReAlloc
SetHandleCount
HeapValidate
GetVersionExA
IsValidCodePage
IsBadWritePtr
GetTimeZoneInformation
RtlUnwind
CompareStringA
HeapDestroy
GetStartupInfoW
OutputDebugStringA
LCMapStringA
InitializeCriticalSection
VirtualAlloc
VirtualQuery
InterlockedExchange
GetACP
ReadFile
GetCurrentThreadId
TlsSetValue
GetEnvironmentStringsW
InterlockedDecrement
VirtualLock
GetCPInfo
GetLocaleInfoA
GetSystemInfo
GetCurrentProcessId
GetEnvironmentStrings
ExitProcess
VirtualFree
GetUserDefaultLCID
LCMapStringW
QueryPerformanceCounter
IsValidLocale
SetFilePointer
GetOEMCP
UnhandledExceptionFilter
TlsFree
GetCurrentThread
HeapCreate
CompareStringW

comctl32

InitCommonControlsEx

shell32

ShellExecuteExW
DragAcceptFiles
SHGetPathFromIDList

advapi32

CryptGenRandom
InitiateSystemShutdownW
RegEnumValueA
InitiateSystemShutdownA
RegEnumKeyA
RegQueryValueA
CryptDuplicateKey
RegEnumKeyExA
RegDeleteValueW
GetUserNameW
LookupAccountNameA
RegLoadKeyA
RegQueryValueW
CreateServiceA
RegCreateKeyExA
CryptEncrypt
CryptDuplicateHash

Sections

.text
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92256076bb8dce5afb9023010ba70ba2

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

comctl32

shell32

advapi32

Sections

.text Size: 205KB - Virtual size: 204KB

.rdata Size: 28KB - Virtual size: 56KB

.data Size: 87KB - Virtual size: 87KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 205KB - Virtual size: 204KB

.rdata
Size: 28KB - Virtual size: 56KB

.data
Size: 87KB - Virtual size: 87KB

.rsrc
Size: 10KB - Virtual size: 10KB