0c012e1e4d901a82053ddc55e98b12eb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0c012e1e4d901a82053ddc55e98b12eb_JaffaCakes118
Size

331KB
MD5

0c012e1e4d901a82053ddc55e98b12eb
SHA1

3571f66cbc07317978edf1cd25a0d806a794e6d4
SHA256

cc20c6bdf5f69754e8452ac36f24d8836c3580d7f155fbae100e14108af75f2e
SHA512

139ff37c6b6e58877410afacb3ccc5fe062b6310a5d6a6b31701f6f920b225ed59c789fc6f811e08e14875e00b16dd9ec58305698ccba15ee67440c66a2e4663
SSDEEP

6144:808EgrfRwZITCrj52JqEO+LPTEWKvkqBzS+YBSTk3f:823P5ObLYW1q12M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c012e1e4d901a82053ddc55e98b12eb_JaffaCakes118

Files

0c012e1e4d901a82053ddc55e98b12eb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

33b816dab6ab47d2360125cffbb4cc5a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenEventA
GetFileType
PulseEvent
SetEndOfFile
IsDBCSLeadByte
GetCommandLineA
LoadLibraryExA
WaitForSingleObject
lstrlenA
GetCurrentThreadId
LCMapStringA
GetCurrentDirectoryA
MoveFileA
GetOEMCP
SetHandleCount
SetFilePointer
GetStdHandle
ReadFile
CreateThread
SetStdHandle
lstrcpyA
HeapAlloc
EnterCriticalSection
FindResourceA
TlsGetValue
FlushFileBuffers
HeapFree
DeleteCriticalSection
FileTimeToSystemTime
WriteFile
TlsFree
FindFirstFileA
LCMapStringW
GetModuleHandleA
GetDriveTypeA
GetProcessHeap
GetACP
FreeLibrary
CloseHandle
GetFullPathNameA
LockResource
GetSystemTimeAsFileTime
GetThreadLocale
SetEnvironmentVariableA
RaiseException
lstrlenW
RtlUnwind
CompareStringW
EnumSystemLocalesA
SetUnhandledExceptionFilter
LoadResource
VirtualProtect
FindClose
UnhandledExceptionFilter
TlsAlloc
SetLastError
SizeofResource
lstrcmpiA
FreeEnvironmentStringsA
IsValidLocale
CreateFileA
GetTimeZoneInformation
CompareStringA
GetUserDefaultLCID
IsValidCodePage
HeapReAlloc
LocalFree
VirtualQuery
HeapSize
IsBadCodePtr
HeapDestroy
TlsSetValue
LeaveCriticalSection
GetSystemInfo
lstrcatA
VirtualFree
WideCharToMultiByte
VirtualAlloc
FormatMessageA
FreeEnvironmentStringsW
lstrcpynA
DeleteFileA
HeapCreate

ole32

CoTaskMemFree
StringFromGUID2
ProgIDFromCLSID
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

advapi32

RegDeleteKeyA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
RegEnumKeyExA

user32

CharNextA
wsprintfA
LoadStringA
CharUpperBuffA

shlwapi

PathFindExtensionA

oleaut32

SafeArrayDestroy
SetErrorInfo
SysFreeString
SysAllocString
CreateErrorInfo
SafeArrayGetUBound
RegisterTypeLi
LoadTypeLi
VariantInit
SafeArrayUnlock
UnRegisterTypeLi
GetErrorInfo
SysAllocStringLen
SafeArrayCreate
VarUI4FromStr
SysStringByteLen
SafeArrayCopy
SafeArrayGetVartype
VariantCopy
DispCallFunc
VariantCopyInd
SysAllocStringByteLen
SafeArrayGetLBound
LoadRegTypeLi
VariantChangeType
VarBstrCmp
VariantClear
SafeArrayLock
SysStringLen
SafeArrayRedim

cmutil

CmAtolW
CmLoadImageW
CmFmtMsgW
CmStripPathAndExtW
CmStrStrA
CmStrCpyAllocA
CmStripFileNameW

mycomput

DllRegisterServer
DllCanUnloadNow

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 308KB - Virtual size: 683KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33b816dab6ab47d2360125cffbb4cc5a

Headers

File Characteristics

Imports

kernel32

ole32

advapi32

user32

shlwapi

oleaut32

cmutil

mycomput

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 308KB - Virtual size: 683KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 308KB - Virtual size: 683KB

.rsrc
Size: 512B - Virtual size: 4KB