376fa7afd8847b22043fcdb4533b54f9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

376fa7afd8847b22043fcdb4533b54f9_JaffaCakes118
Size

88KB
MD5

376fa7afd8847b22043fcdb4533b54f9
SHA1

3ff6c6c38d220e2e1e9c9bcd58c960bbcb8f24f4
SHA256

a0753f0507f278fe7d3ab7cd417fd522e0ca984c277779f862ca40c4d27abd41
SHA512

6536f7562f9db6a9e074855d32021efeac469dd4285b939a274ce1cc997d0cec9e4a26f68d081f3631ba2137449f152a84a80153cf8967f6aa1ddf2ce6b36e4f
SSDEEP

1536:pbdQvuy5FPVUncI8J7zVHEnofUE2DUJnA:pRQvuyYat6nE2DaA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
376fa7afd8847b22043fcdb4533b54f9_JaffaCakes118

Files

376fa7afd8847b22043fcdb4533b54f9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d1ecf4041de2b7bee6ed6882ee27fd32

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\32WsourceNT\Gui\Update\Release\Update.pdb

Imports

ifile

iDownloadFile

kernel32

GetPrivateProfileStringA
WritePrivateProfileStringA
WritePrivateProfileStructA
GetPrivateProfileStructA
GetModuleFileNameA
HeapSize
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
InitializeCriticalSection
VirtualQuery
InterlockedExchange
RtlUnwind
GetLocaleInfoA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LoadLibraryA
GetStdHandle
WriteFile
ExitProcess
HeapReAlloc
HeapAlloc
HeapFree
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
TlsAlloc
SetLastError
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetACP
GetOEMCP
GetCPInfo

user32

SetCursor
wvsprintfA
SendMessageA
GetDC
GetWindowRect
ScreenToClient
FillRect
FrameRect
ReleaseDC
SetTimer
SetWindowTextA
KillTimer
GetDlgItem
MessageBeep
BeginPaint
EndPaint
MessageBoxA
PostMessageA
PostQuitMessage
DefWindowProcA
LoadIconA
LoadCursorA
RegisterClassA
CreateDialogParamA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA

gdi32

GetStockObject

shell32

ShellExecuteA

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d1ecf4041de2b7bee6ed6882ee27fd32

Headers

File Characteristics

PDB Paths

Imports

ifile

kernel32

user32

gdi32

shell32

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 32KB - Virtual size: 48KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 32KB - Virtual size: 48KB