866d9101428e38c3dc57db4968dfaa13_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

866d9101428e38c3dc57db4968dfaa13_JaffaCakes118
Size

466KB
MD5

866d9101428e38c3dc57db4968dfaa13
SHA1

005b5a44e077f343f072bc1aa5701df706268925
SHA256

df1538c5a03de24bfa378d1c9eb16d8de640828eadc7c06328bef1d47e06a623
SHA512

e5c55fa47360165d129740c31cec765552eda48a0d3c87dda26a952c55caf50f11fa829a4441c1aa3b381011b6e37b6ae873220c307c259008295f6c304f0e07
SSDEEP

12288:qhVx7mlhyZhowU+HXn30CLD6b0wWCQPLBAKq:qhbmEowU+3n30pbVQP1Rq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
866d9101428e38c3dc57db4968dfaa13_JaffaCakes118

Files

866d9101428e38c3dc57db4968dfaa13_JaffaCakes118
.exe windows:5 windows x86 arch:x86

895014939235856387c64fc4770658b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

PDB Paths

F:\how\deeper\teams\KMD\validation.pdb

Imports

kernel32

MultiByteToWideChar
OutputDebugStringW
WriteConsoleW
OutputDebugStringA
HeapFree
HeapQueryInformation
HeapSize
HeapReAlloc
LoadLibraryW
LeaveCriticalSection
IsValidCodePage
GetCPInfo
LoadLibraryA
GetStringTypeW
WriteFile
GetModuleFileNameW
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
IsBadReadPtr
HeapValidate
DeleteCriticalSection
GetFileType
LCMapStringW
IsProcessorFeaturePresent
RaiseException
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
CreateFileW
CloseHandle
EnterCriticalSection
GetOEMCP
GetProcAddress
GetLastError
GetACP
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FlushFileBuffers
HeapCreate
HeapAlloc
RtlUnwind
lstrcpynA
FreeEnvironmentStringsW
GetModuleFileNameA
ExitProcess
GetModuleHandleW
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedIncrement
InterlockedDecrement
DecodePointer

user32

LoadCursorA
CreateDialogParamA
RegisterClassExA
FillRect
LoadBitmapA
LoadMenuA
LoadIconA
IsWindowEnabled
GetClientRect
DrawEdge
GetMonitorInfoA
GetDC
GetMenu
MessageBoxA
GetWindowLongA
GetDlgItem
DefWindowProcA
ShowWindow
GetSysColorBrush
GetSystemMetrics
SetWindowTextA
UpdateWindow

gdi32

GetDeviceCaps
SetBkColor
CreateDCA
SelectObject
CreateCompatibleDC
SaveDC
ExtTextOutA
RestoreDC
EnumFontsA
CreateFontIndirectW

advapi32

OpenThreadToken

shell32

SHGetMalloc
Shell_NotifyIconA

msimg32

GradientFill

comctl32

ord17

oledlg

ord3

uxtheme

GetThemeSysFont

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

895014939235856387c64fc4770658b6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

msimg32

comctl32

oledlg

uxtheme

Sections

.text Size: 97KB - Virtual size: 97KB

.rdata Size: 252KB - Virtual size: 251KB

.data Size: 15KB - Virtual size: 22KB

.rsrc Size: 87KB - Virtual size: 86KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 97KB - Virtual size: 97KB

.rdata
Size: 252KB - Virtual size: 251KB

.data
Size: 15KB - Virtual size: 22KB

.rsrc
Size: 87KB - Virtual size: 86KB

.reloc
Size: 13KB - Virtual size: 13KB