10ce8c281537a6f604526f56a5fbd29b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

10ce8c281537a6f604526f56a5fbd29b_JaffaCakes118
Size

299KB
MD5

10ce8c281537a6f604526f56a5fbd29b
SHA1

b5dc7e31fc004cabd353169366e85896253b2226
SHA256

cf9952f969f6166d748f2db04cae19443f7fbeb4f347be69d8d4cf9511bbcaa9
SHA512

4bcf6aeace38d5c9cf4331d1c189f82c714850e62f4d4935afe6855a0af8353a3096213677f12f9ac94a20ddc5703b28f031520ba13d7ef182151d9904db40b0
SSDEEP

6144:gZF6sTPuP/0M+PnSPFOotspiK6oNE4BgWkTnV8L0wdl6:H+6llKS4TVL0u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10ce8c281537a6f604526f56a5fbd29b_JaffaCakes118

Files

10ce8c281537a6f604526f56a5fbd29b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c7aba31a0fe44bdf12e42ea888a370e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\MFWFPH\JOUATWXO\ZSDZ\IFU\EVBWOWB.PDB

Imports

comctl32

InitCommonControlsEx

shell32

ShellExecuteW
SHEmptyRecycleBinW
InternalExtractIconListA
SHGetSpecialFolderLocation
DragQueryFileA

kernel32

SetFilePointer
ReleaseSemaphore
InterlockedIncrement
OpenFileMappingA
InterlockedDecrement
FlushFileBuffers
GetUserDefaultLCID
HeapCreate
HeapReAlloc
GetLocaleInfoA
GetVersionExA
GetDateFormatA
FindAtomW
SetStdHandle
UnhandledExceptionFilter
GetTickCount
HeapDestroy
GetStartupInfoA
GetEnvironmentStringsW
GetCurrentThread
SetEnvironmentVariableA
GetOEMCP
SetConsoleTitleW
TlsAlloc
GetFileType
GetEnvironmentStrings
RtlUnwind
GetStdHandle
FreeEnvironmentStringsA
VirtualAlloc
HeapFree
MultiByteToWideChar
LeaveCriticalSection
OutputDebugStringW
HeapSize
ReadFile
WriteProfileStringA
WriteFile
lstrcmpA
LCMapStringW
QueryPerformanceCounter
SetLastError
GetStringTypeW
DeleteCriticalSection
LCMapStringA
CreateFileA
InterlockedExchange
FreeLibrary
SetUnhandledExceptionFilter
GetModuleFileNameA
VirtualQuery
WideCharToMultiByte
GetCurrentThreadId
WriteConsoleW
GetConsoleMode
CompareStringW
TlsFree
UnlockFile
GetCommandLineA
GetACP
IsDebuggerPresent
GetProcAddress
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
ReadConsoleW
GetCurrentProcess
GetCurrentProcessId
EnterCriticalSection
EnumSystemLocalesA
CreateMutexA
IsValidLocale
CreateMutexW
Sleep
WriteConsoleA
GetStringTypeA
TlsGetValue
TerminateProcess
SetConsoleCtrlHandler
GetProcessHeap
FreeEnvironmentStringsW
CloseHandle
GetCPInfo
GetTimeFormatA
SetHandleCount
OpenMutexA
GetConsoleCP
VirtualFree
ExitProcess
LockFile
InitializeCriticalSection
GetLocaleInfoW
GetModuleHandleA
FindFirstFileA
CompareStringA
IsValidCodePage
TlsSetValue
LoadLibraryA
GetSystemTimeAsFileTime
GetLastError
HeapAlloc
GetConsoleOutputCP
CreateNamedPipeW

gdi32

SetDIBitsToDevice
SetWinMetaFileBits

user32

DdeQueryNextServer
GetClipCursor
RegisterClassA
DdeNameService
DdeUninitialize
RegisterClassExA
WinHelpW

wininet

FtpSetCurrentDirectoryA
FtpSetCurrentDirectoryW
InternetShowSecurityInfoByURL
InternetCanonicalizeUrlA
InternetOpenW

Sections

.text
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7aba31a0fe44bdf12e42ea888a370e2

Headers

File Characteristics

PDB Paths

Imports

comctl32

shell32

kernel32

gdi32

user32

wininet

Sections

.text Size: 174KB - Virtual size: 174KB

.rdata Size: 23KB - Virtual size: 55KB

.data Size: 88KB - Virtual size: 88KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 174KB - Virtual size: 174KB

.rdata
Size: 23KB - Virtual size: 55KB

.data
Size: 88KB - Virtual size: 88KB

.rsrc
Size: 12KB - Virtual size: 11KB