15d43b8b04787792f99bd63e092a55b6_JaffaCakes118

General

Target

15d43b8b04787792f99bd63e092a55b6_JaffaCakes118
Size

123KB
MD5

15d43b8b04787792f99bd63e092a55b6
SHA1

9c35b3acde2712ec3d99bd80409d431f5af959b5
SHA256

af9d2f97516aed5803aa69c87e793695e9eca579a9235dc26097159f06314cba
SHA512

171a9f0e71f0551a659068fbe8e7d206ebc2c8291db76f8bfbfd26fc80910be441e2409e81a3160b3640644bbc73a8bb8f2828502c28d1010f4d283c8304ba10
SSDEEP

1536:0T0lb6LglkygiBNRQBLCh5Tti7E0v0KLh0lRMlIt7Mk:y0HlkANCBOPX0Zh0lRMlItz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15d43b8b04787792f99bd63e092a55b6_JaffaCakes118

Files

15d43b8b04787792f99bd63e092a55b6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

52edbb2e278333ca0be1cf246bfefd4a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Work\BoT\p2pStuff\p2phelperInst\Release\p2phelperInst.pdb

Imports

kernel32

LockResource
LoadResource
SizeofResource
FindResourceA
CloseHandle
WriteFile
Sleep
MoveFileA
DeleteFileA
GetTempFileNameA
CreateFileA
CreateDirectoryA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WinExec
lstrlenA
VirtualProtect
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapSize
GetCPInfo
GetOEMCP
HeapAlloc
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
VirtualAlloc
HeapReAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
TerminateProcess
GetCurrentProcess
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
LoadLibraryA
RtlUnwind
VirtualQuery
GetSystemInfo

user32

wsprintfA

shell32

SHGetSpecialFolderPathA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52edbb2e278333ca0be1cf246bfefd4a

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ole32

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 80KB - Virtual size: 77KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 80KB - Virtual size: 77KB