0da7c1062d560265a5a4990f1c020f3a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0da7c1062d560265a5a4990f1c020f3a_JaffaCakes118
Size

156KB
MD5

0da7c1062d560265a5a4990f1c020f3a
SHA1

8604c5f63720aa18a5bb2401656e166a7798924f
SHA256

69397a5d622e86f97c34a73324819e66215e54d25e725197e102b4837d9f72e6
SHA512

d1240c0097335358129d7ff2fc374366b4b1bf2f4cae9abcd1d575c5a4c0773af887fd734f2ae35c14408e8d21cfa474a1881995096afcf250d8dbd74952188c
SSDEEP

3072:VOzMhJ7ZIu7tEePAekMM/mRopBeZ5/eC3ysh/:Ezw7Z/kmRopAlf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0da7c1062d560265a5a4990f1c020f3a_JaffaCakes118

Files

0da7c1062d560265a5a4990f1c020f3a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d102c49a737ccccb3ed097d58a6ec27e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\DEVROOT\SOLOMON\SRC\Release\Goober.pdb

Imports

kernel32

CloseHandle
InterlockedDecrement
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
lstrlenW
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
HeapFree
LeaveCriticalSection
GetCurrentProcess
FlushInstructionCache
GetProcessHeap
HeapAlloc
EnterCriticalSection
GetCurrentThreadId
Sleep
CreateProcessW
lstrcpyW
FreeLibrary
GetSystemDefaultLangID
GetLogicalDrives
GetDriveTypeW
GetDiskFreeSpaceExW
GlobalMemoryStatus
Process32FirstW
OpenProcess
Process32NextW
GetLastError
InterlockedIncrement
SetEvent
GetModuleHandleW
lstrcpynW
lstrcmpiW
FlushFileBuffers
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
LCMapStringW
LCMapStringA
SetFilePointer
GetOEMCP
GetStringTypeW
GetStringTypeA
GetModuleFileNameW
RaiseException
DeleteCriticalSection
InitializeCriticalSection
ReleaseMutex
CreateMutexW
GetProcAddress
LoadLibraryW
CreateToolhelp32Snapshot
GetCPInfo
SetUnhandledExceptionFilter
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetDateFormatA
GetTimeFormatA
HeapSize
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
RtlUnwind
ExitProcess
GetStartupInfoW
GetModuleHandleA
VirtualQuery
GetSystemInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
WriteFile
GetTimeZoneInformation
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetVersionExA
LocalFree
GetSystemTimeAsFileTime
HeapReAlloc
VirtualProtect
VirtualAlloc
TlsAlloc

user32

UnregisterClassW
PostThreadMessageW
PostMessageW
SetTimer
KillTimer
RegisterClassExW
GetClassInfoExW
wsprintfW
DefWindowProcW
DestroyWindow
CallWindowProcW
SetWindowLongW
CreateWindowExW
GetWindowLongW
FindWindowW
SendMessageW
LoadCursorW
LoadStringW
CharNextW

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW

shell32

SHGetFileInfoW

ole32

CoInitialize
StringFromCLSID
CoUninitialize
CoCreateInstance
ProgIDFromCLSID
CoTaskMemFree

oleaut32

VarUI4FromStr
SysAllocStringByteLen
SysStringByteLen
LoadTypeLi
LoadRegTypeLi
VariantClear
CreateErrorInfo
SysAllocString
SysStringLen
SystemTimeToVariantTime
VariantChangeType
VariantInit
SetErrorInfo
SysFreeString

ws2_32

WSACleanup
inet_ntoa
gethostbyname
gethostname
WSAStartup

winmm

timeGetTime

iphlpapi

GetAdaptersInfo

psapi

GetModuleFileNameExW

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d102c49a737ccccb3ed097d58a6ec27e

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

winmm

iphlpapi

psapi

Sections

.text Size: 100KB - Virtual size: 98KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 20KB - Virtual size: 16KB

.text
Size: 100KB - Virtual size: 98KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 20KB - Virtual size: 16KB