181f846f70aa0c9f8a6e55efb89178d8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

181f846f70aa0c9f8a6e55efb89178d8_JaffaCakes118
Size

196KB
MD5

181f846f70aa0c9f8a6e55efb89178d8
SHA1

8033d05061e8207616c000dee292ec95e4449250
SHA256

77d9fbf688a4997a89bd393545cd863f879ebe2e11f3e127002c8c427176998a
SHA512

b03b6bd219a139468c9ad3bbb4e909a51fcfb35410509f35b6857def0b5a280f4aa294b4313008f2464941369ff44f775a59ef9304e865216f3597de983e3fbc
SSDEEP

3072:Y3IP704dThcIEx7m+yptisV626g9q/FWPmFlv:Y3wNSREEsSdmmFlv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
181f846f70aa0c9f8a6e55efb89178d8_JaffaCakes118

Files

181f846f70aa0c9f8a6e55efb89178d8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9820a7390b1cc34403e963d9ffe066d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\DeepBlue\Documents\Visual Studio 2012\Projects\SymphonyTRN\Release\SymphonyTRN.pdb

Imports

kernel32

CreateFileW
GlobalUnlock
GetProcAddress
VirtualProtectEx
GlobalFree
Process32FirstW
OpenThread
LockResource
Module32FirstW
Process32NextW
CreateToolhelp32Snapshot
Module32NextW
CloseHandle
WriteProcessMemory
SuspendThread
ResumeThread
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
Thread32Next
LCMapStringW
LoadResource
HeapReAlloc
LoadLibraryExW
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
DeleteCriticalSection
MulDiv
Beep
ReadProcessMemory
SizeofResource
LoadLibraryW
VirtualFreeEx
Thread32First
GlobalAlloc
OpenProcess
WriteFile
VirtualQueryEx
GetTickCount
GetModuleHandleW
GetStringTypeW
GlobalLock
GetFileType
GetProcessHeap
FlushFileBuffers
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
SetLastError
GetCPInfo
OutputDebugStringW
FindResourceW
EncodePointer
DecodePointer
GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
RaiseException
RtlUnwind
InterlockedDecrement
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
HeapSize
Sleep
GetStdHandle
GetModuleFileNameW
HeapFree
HeapAlloc
InterlockedIncrement
IsValidCodePage
GetACP
GetOEMCP

user32

SetWindowTextW
SendMessageW
RegisterClassW
GetDC
ShowWindow
SetLayeredWindowAttributes
SetWindowPos
EndDialog
SetWindowLongW
GetWindowLongW
ReleaseDC
MessageBoxW
SetTimer
FillRect
DrawTextW
KillTimer
GetKeyState
DefDlgProcW
DialogBoxParamW
TrackMouseEvent
LoadCursorW
GetClientRect
PtInRect
LoadIconW
GetAsyncKeyState

gdi32

BitBlt
LineTo
SetTextColor
GetDeviceCaps
CreateDCW
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
Rectangle
CreateFontW
CreatePen
TextOutW
CreateSolidBrush
DeleteDC
MoveToEx

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

CreateStreamOnHGlobal

gdiplus

GdipDeleteGraphics
GdiplusStartup
GdiplusShutdown
GdipFree
GdipDrawImagePointRectI
GdipCreateBitmapFromStream
GdipDrawImageRectI
GdipAlloc
GdipDisposeImage
GdipCreateFromHDC
GdipCloneImage

comctl32

InitCommonControlsEx

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9820a7390b1cc34403e963d9ffe066d4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

gdiplus

comctl32

Sections

.text Size: 65KB - Virtual size: 65KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 5KB - Virtual size: 27KB

.rsrc Size: 76KB - Virtual size: 76KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 65KB - Virtual size: 65KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 5KB - Virtual size: 27KB

.rsrc
Size: 76KB - Virtual size: 76KB

.reloc
Size: 18KB - Virtual size: 17KB