5270bcd5b8f6380a2e3c202b8cad4428_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5270bcd5b8f6380a2e3c202b8cad4428_JaffaCakes118
Size

306KB
MD5

5270bcd5b8f6380a2e3c202b8cad4428
SHA1

40c72bc46bbccd80fb85ec9f8c79717f0cd1d7e2
SHA256

ef4d03ce5d73fb23f11db89b9f24efaff5383e52a82eb85d9093f5962e30a69b
SHA512

50fb77263530fe8de66a674f2eafa48ab0eca41493c53c72d9c391c6294bce14464f6b2ed1915f04b6ef810e248e51f827e4c5e640be494aad641dd971c75617
SSDEEP

6144:/UmvWIA11WZ4un3ZH5iMaJnawmvc18Iy+5UAWeavzVlWAJwMlLrPxCx9ZXqm/PR4:bvWP11WZpGMaJnhmkiIjuAWHvzyMwMV/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5270bcd5b8f6380a2e3c202b8cad4428_JaffaCakes118

Files

5270bcd5b8f6380a2e3c202b8cad4428_JaffaCakes118
.exe windows:4 windows x86 arch:x86

119fe37b2832a13dfdf1a3edb38fa332

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\DistributedAutoLink\Temp\CompileOutputDir\rsbootbk.pdb

Imports

kernel32

FindResourceExA
FindClose
CreateDirectoryA
FindFirstFileA
GetProcAddress
LoadLibraryA
FreeLibrary
WideCharToMultiByte
GetLocalTime
GetPrivateProfileIntA
GetPrivateProfileStringA
lstrlenA
MoveFileA
DeleteFileA
SetFileAttributesA
lstrcpynA
GetFileSize
GetModuleFileNameA
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringA
GetTickCount
lstrcatA
lstrcpyA
GetVersion
GetLastError
CreateMutexA
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
SetCurrentDirectoryA
GetCurrentDirectoryA
InterlockedIncrement
InterlockedDecrement
GetFileAttributesA
WritePrivateProfileStringA
lstrlenW
GetModuleHandleA
MultiByteToWideChar
LoadLibraryExA
lstrcmpiA
IsDBCSLeadByte
GetCommandLineA
lstrcmpiW
FindResourceA
CompareStringW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
GetACP
GetLocaleInfoW
GetTimeZoneInformation
SetEndOfFile
SetConsoleCtrlHandler
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetEnvironmentVariableA
GetStdHandle
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThread
SetLastError
TlsAlloc
GetCPInfo
GetOEMCP
TerminateProcess
IsBadWritePtr
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
EnterCriticalSection
GetThreadLocale
CompareStringA
GetLocaleInfoA
InterlockedExchange
DeleteCriticalSection
InitializeCriticalSection
RaiseException
WriteFile
GetVersionExA
CreateFileA
DeviceIoControl
CloseHandle
SetFilePointer
FatalAppExitA
VirtualFree
HeapCreate
ExitProcess
GetStartupInfoA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
ReadFile

user32

PostMessageA
SetWindowTextA
DestroyWindow
LoadBitmapA
UnregisterClassA
GetWindowLongA
SendMessageA
CharUpperW
CharLowerW
CharLowerA
DefWindowProcA
CharNextA
CreateDialogParamA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
SetWindowLongA
LoadImageA
GetWindowTextA
FindWindowA
IsWindow
DrawTextA
CharUpperA
EndPaint
BeginPaint
PostQuitMessage
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
MapWindowPoints
SetWindowPos
IsDialogMessageA
MessageBoxA
GetDlgItem
ShowWindow
GetClientRect
GetSystemMetrics

gdi32

DeleteDC
DeleteObject
StretchBlt
SelectObject
CreateCompatibleDC
GetObjectA
SetBkMode

advapi32

RegDeleteValueA
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA

shell32

SHBrowseForFolderA
SHGetMalloc
SHGetPathFromIDListA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance

oleaut32

SysFreeString
VarUI4FromStr

comctl32

InitCommonControlsEx

Sections

.text
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.krdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

119fe37b2832a13dfdf1a3edb38fa332

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

Sections

.text Size: 112KB - Virtual size: 109KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 88KB - Virtual size: 84KB

.krdata Size: 72KB - Virtual size: 72KB

.text
Size: 112KB - Virtual size: 109KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 88KB - Virtual size: 84KB

.krdata
Size: 72KB - Virtual size: 72KB