0c26c4950d6e89655f2c7e3bf44dda2e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0c26c4950d6e89655f2c7e3bf44dda2e_JaffaCakes118
Size

459KB
MD5

0c26c4950d6e89655f2c7e3bf44dda2e
SHA1

e95960e8ff6bed7b483676a1ce19cd81d02f3f0b
SHA256

2712304fa219025576273a5ed66bbe42c45a976208ed01562cb88e5c260905dc
SHA512

1a218e751d2f190be35322dcdafeafbd3ebcce2ce14ba7b004d49974469d5bc1a72f1425c41b339f9cc94aebfcb61745001960b465fde76d67e4b0aa67291f2b
SSDEEP

12288:YVtSIy0tQxh2ckKBg5/D96FlrjBB+XWD0Vs:YVtSIy0m72ckKBqQ7rj7+XWD8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c26c4950d6e89655f2c7e3bf44dda2e_JaffaCakes118

Files

0c26c4950d6e89655f2c7e3bf44dda2e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6749ddef978a09ab9fbeb95c60bb3e64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\uaoaaedks\wlsex\cajoe.pdb

Imports

kernel32

FreeEnvironmentStringsA
GetStringTypeW
WriteFile
LocalFree
GetModuleFileNameW
RtlUnwind
UnhandledExceptionFilter
ResetEvent
InterlockedExchange
HeapAlloc
DeleteCriticalSection
VirtualQuery
GetStringTypeA
GetCurrentProcessId
GetLastError
HeapReAlloc
WideCharToMultiByte
SetLastError
CreateMutexA
InterlockedDecrement
HeapCreate
VirtualFree
ExitProcess
GetSystemTimeAsFileTime
WriteConsoleOutputW
QueryPerformanceCounter
GetTimeZoneInformation
GetCurrentThreadId
GetStdHandle
TlsSetValue
GetModuleHandleA
HeapDestroy
LCMapStringA
IsBadWritePtr
ReadFile
InitializeCriticalSection
InterlockedIncrement
CompareStringW
GetProcAddress
TlsGetValue
TlsFree
GetFileType
HeapFree
GetCommandLineW
GetModuleFileNameA
LoadLibraryA
GetVersion
FreeEnvironmentStringsW
GetCommandLineA
CompareStringA
SetStdHandle
EnterCriticalSection
GetEnvironmentStringsW
LCMapStringW
OpenMutexA
SetHandleCount
SetFilePointer
TerminateProcess
FlushFileBuffers
CloseHandle
VirtualQueryEx
GetSystemTime
GetStartupInfoA
TlsAlloc
GetEnvironmentStrings
LeaveCriticalSection
GetCurrentProcess
GetTickCount
SetEnvironmentVariableA
GetStartupInfoW
MultiByteToWideChar
GetLocalTime
VirtualAlloc
GetSystemTimeAdjustment
GetCurrentThread
ReadConsoleOutputA
GetSystemInfo
GetCPInfo

wininet

InternetWriteFileExA

gdi32

GetArcDirection

comctl32

InitCommonControlsEx

shell32

SheSetCurDrive
ShellExecuteExA
SHGetSettings
ShellExecuteA
SHGetFileInfoW

user32

RegisterClassExA
RegisterClassA
GetKeyState
SetWindowsHookExW

Sections

.text
Size: 283KB - Virtual size: 283KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6749ddef978a09ab9fbeb95c60bb3e64

Headers

File Characteristics

PDB Paths

Imports

kernel32

wininet

gdi32

comctl32

shell32

user32

Sections

.text Size: 283KB - Virtual size: 283KB

.rdata Size: 51KB - Virtual size: 69KB

.data Size: 100KB - Virtual size: 99KB

.rsrc Size: 23KB - Virtual size: 22KB

.text
Size: 283KB - Virtual size: 283KB

.rdata
Size: 51KB - Virtual size: 69KB

.data
Size: 100KB - Virtual size: 99KB

.rsrc
Size: 23KB - Virtual size: 22KB