29f827ad79060edab47ebba695d8298f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

29f827ad79060edab47ebba695d8298f_JaffaCakes118
Size

3.9MB
MD5

29f827ad79060edab47ebba695d8298f
SHA1

0c788ba56e68c66f34c4dfac128eee437cfdb32e
SHA256

b13f18479600a60db9c5f4973937b33e21f7cd9ebefeb8b0e71d95a55abb3ba5
SHA512

4fa0df1ddebdfeb54fdd9638746d400d14062aa1f632a486a83561a8134620367fd14969cf9201f77a5b60c7ea4bea7c31bbd3685490d763307fdf4835861239
SSDEEP

98304:e9wHoT2PBeQ74srFjw+M23f3nXX/NTBTev:XS24q461w+n/XXFZe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29f827ad79060edab47ebba695d8298f_JaffaCakes118

Files

29f827ad79060edab47ebba695d8298f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d189c94b29a11f0b07adffe2b4642502

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\PROJECT_Y\Segmento_Install\Segmento_Install.pdb

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

RaiseException
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
SetLastError
FreeLibrary
LoadLibraryA
WideCharToMultiByte
WaitForSingleObject
CloseHandle
WriteFile
CreateFileA
LockResource
LoadResource
SizeofResource
FindResourceA
DeleteFileA
MultiByteToWideChar
lstrcpyA
SetCurrentDirectoryA
GetProcAddress
CreateDirectoryA
GetWindowsDirectoryA
GetSystemDirectoryA
CreateThread
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
FlushFileBuffers
WriteConsoleW
GetStdHandle
ExitProcess
HeapSize
Sleep
SetStdHandle
GetConsoleOutputCP
WriteConsoleA
LCMapStringW
LCMapStringA
TlsFree
TlsSetValue
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
GetLastError
HeapReAlloc
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
GetModuleHandleA
TlsGetValue
TlsAlloc

user32

CallWindowProcA
IsWindow
GetDC
InflateRect
GetWindowDC
IsWindowEnabled
ReleaseDC
RedrawWindow
EndDialog
UnregisterClassA
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgItem
SetDlgItemTextA
KillTimer
SetTimer
BringWindowToTop
SendMessageA
GetWindowLongA
SetForegroundWindow
GetActiveWindow
DialogBoxParamA
SetWindowLongA
GetParent

gdi32

ExcludeClipRect

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyExA

shell32

SHGetFolderPathA
SHGetSpecialFolderPathA
ShellExecuteExA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VariantInit
VariantClear
SysStringLen

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d189c94b29a11f0b07adffe2b4642502

Headers

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 7.2MB - Virtual size: 7.2MB

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 7.2MB - Virtual size: 7.2MB