14a1069560ea029f96e55d13c684834b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

14a1069560ea029f96e55d13c684834b_JaffaCakes118
Size

559KB
MD5

14a1069560ea029f96e55d13c684834b
SHA1

acbd1677ab1e366675e147e4d57a03533f1b1d3b
SHA256

5da8798382207bb7fa80bd2b6953ae2e972579125c6a192329f92015e8ff5445
SHA512

91a617856f5686bcd4ebeee97c149c8d371adcea4105644d5f235794191f513a31a5ab4b13c0fbe3887db11d18adb3e28ceb74515d8bb306616695022bef86cc
SSDEEP

12288:huYjsXs6ILFfQItvbJGAGVTzPLHtbXvG5SudGK:huYwXs6ILFfQI792TzDNbO5z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14a1069560ea029f96e55d13c684834b_JaffaCakes118

Files

14a1069560ea029f96e55d13c684834b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8062f2ef71a5d98e4c58d668b24193e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

P:\_git_\bot-mws\output\MinSizeRel\MFCSetup.pdb

Imports

shlwapi

PathStripPathW
PathRemoveExtensionW
PathRemoveArgsW
PathMakePrettyW
SHGetValueW

wininet

SetUrlCacheEntryInfoW
FindNextUrlCacheEntryW
FindCloseUrlCache
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW

pdh

PdhCloseQuery
PdhLookupPerfNameByIndexA
PdhMakeCounterPathA
PdhRemoveCounter
PdhCollectQueryData
PdhAddCounterA
PdhOpenQueryW
PdhGetFormattedCounterValue

kernel32

TlsSetValue
ExitThread
GetWindowsDirectoryW
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
ResumeThread
ResetEvent
ReleaseSemaphore
IsProcessorFeaturePresent
InterlockedCompareExchange
SetEnvironmentVariableA
WriteConsoleW
GetProcAddress
GetModuleHandleW
InterlockedExchangeAdd
Sleep
InterlockedIncrement
InterlockedDecrement
CompareStringA
GetLocaleInfoA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
LCMapStringW
GetLastError
CompareStringW
LCMapStringA
GetCPInfo
GetStringTypeA
GetFileInformationByHandle
GetFileSize
ReadFile
WriteFile
GetSystemInfo
CloseHandle
SetFilePointer
GetFileType
CreateFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
HeapFree
GetProcessHeap
WaitForSingleObject
CreateEventA
CreateSemaphoreA
DuplicateHandle
GetCurrentProcess
HeapAlloc
SetEvent
LocalFree
FormatMessageA
TerminateProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CreateProcessW
FlushInstructionCache
lstrlenA
SystemTimeToFileTime
GetSystemTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetVersionExW
RtlUnwind
GetSystemTimeAsFileTime
RaiseException
GetStartupInfoW
HeapReAlloc
SetHandleCount
GetStdHandle
GetStartupInfoA
SetStdHandle
TlsGetValue
TlsAlloc
CreateThread
TlsFree
SetLastError
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameA
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
HeapSize
VirtualAlloc
GetModuleHandleA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP

user32

MapVirtualKeyW
VkKeyScanW
PostMessageW
IsWindow
CloseDesktop
SetThreadDesktop
GetThreadDesktop
CreateDesktopW
CallWindowProcW
SetWindowLongW
DefWindowProcW
GetWindowLongW

shell32

ord680

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysStringLen
SysAllocString
VariantInit
VariantClear
VariantChangeType

advapi32

RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW

Sections

.text
Size: 392KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

STLPORT_
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8062f2ef71a5d98e4c58d668b24193e0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

wininet

pdh

kernel32

user32

shell32

ole32

oleaut32

advapi32

Sections

.text Size: 392KB - Virtual size: 392KB

.rdata Size: 95KB - Virtual size: 94KB

.data Size: 25KB - Virtual size: 34KB

STLPORT_ Size: 512B - Virtual size: 32B

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 43KB - Virtual size: 43KB

.text
Size: 392KB - Virtual size: 392KB

.rdata
Size: 95KB - Virtual size: 94KB

.data
Size: 25KB - Virtual size: 34KB

STLPORT_
Size: 512B - Virtual size: 32B

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 43KB - Virtual size: 43KB