272d6ee399b19c1b132210db13afa00c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

272d6ee399b19c1b132210db13afa00c_JaffaCakes118
Size

365KB
MD5

272d6ee399b19c1b132210db13afa00c
SHA1

446c2f2e6d9b4f2638f91c77a80274faa7a2f147
SHA256

a2a78d1ff09084ff64bffd563450af2231a54516824c9d75d260097a63645c4c
SHA512

f6e5c35cce474433c98c66948d87a6bb3f3d9d08608c8c1984a81b296cf212d859d63ccde12b979c8a64b55c7d7bdf6a2df61fe86160d21ceca091a0e90dc7b5
SSDEEP

6144:aNVdDBYQcZwnwUYKFrQLi4RhbxuhU3ZWKj:wcZwvYcrQLZR9xulK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
272d6ee399b19c1b132210db13afa00c_JaffaCakes118

Files

272d6ee399b19c1b132210db13afa00c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c93f95a78c23c0fc06e1f939404f2285

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\study\Care\Need\Country.pdb

Imports

ole32

CoInitialize
CoRegisterSurrogate
CoRegisterClassObject
CoUninitialize
OleInitialize
OleSetContainedObject
OleUninitialize

kernel32

GetStartupInfoA
FreeLibrary
LocalFree
LocalAlloc
GetOEMCP
GetACP
GetCPInfo
GetSystemInfo
IsProcessorFeaturePresent
VirtualProtect
GetModuleHandleA
GetStartupInfoW
GetVersionExA
GetLastError
MultiByteToWideChar
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
RaiseException
HeapDestroy
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryA
HeapAlloc
VirtualAlloc
HeapReAlloc
IsBadWritePtr
RtlUnwind
InterlockedExchange
VirtualQuery
GetStringTypeA
GetStringTypeW
LCMapStringA
WideCharToMultiByte
LCMapStringW
HeapSize
GetLocaleInfoA

Exports

Exports

ohother
spellmust

Sections

.text
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 1024B - Virtual size: 830B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c93f95a78c23c0fc06e1f939404f2285

Headers

File Characteristics

PDB Paths

Imports

ole32

kernel32

Exports

Exports

Sections

.text Size: 194KB - Virtual size: 193KB

.rdata Size: 66KB - Virtual size: 65KB

.data Size: 78KB - Virtual size: 327KB

.idata Size: 2KB - Virtual size: 2KB

.didat Size: 1024B - Virtual size: 830B

.rsrc Size: 22KB - Virtual size: 22KB

.text
Size: 194KB - Virtual size: 193KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 78KB - Virtual size: 327KB

.idata
Size: 2KB - Virtual size: 2KB

.didat
Size: 1024B - Virtual size: 830B

.rsrc
Size: 22KB - Virtual size: 22KB