ec7503491c88745535d095a8c7e1a8d9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ec7503491c88745535d095a8c7e1a8d9_JaffaCakes118
Size

611KB
MD5

ec7503491c88745535d095a8c7e1a8d9
SHA1

19141b4ab18bb77a5f29bac89ba9110cb542198c
SHA256

fa90227f4146ea0f8ae16f23460f99e78057ddda2f10fe0e7fcf7726c08740d4
SHA512

db50df6abb53711ad3fd9f614fa725f40f3fdc94c5c0769b03b3a5e52176a32841d491faea673a00346ef542ef7ad24ad6482b28137671dec6d00a84eae5b4a1
SSDEEP

12288:fL3E4334ufd7LaQzX3Zg5PmjcXsv+n+DMoSYUueGka2G:fp4uBhXJg5uYXsvg+4ezexY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ec7503491c88745535d095a8c7e1a8d9_JaffaCakes118

Files

ec7503491c88745535d095a8c7e1a8d9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

96eab832a237d63565d1786be68b50f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_SYSTEM

PDB Paths

D:\deploy\throughout\bounds\string.pdb

Imports

kernel32

SetEndOfFile
SetStdHandle
ReadFile
LCMapStringW
MultiByteToWideChar
GetStringTypeW
FlushFileBuffers
HeapFree
HeapQueryInformation
HeapSize
HeapReAlloc
GetConsoleMode
GetConsoleCP
SetFilePointer
OutputDebugStringW
WriteConsoleW
OutputDebugStringA
HeapCreate
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetSystemTimeAsFileTime
QueryPerformanceCounter
LoadLibraryW
SetLastError
GetProcessHeap
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
RtlUnwind
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
IsBadReadPtr
HeapValidate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
EncodePointer
RaiseException
GetStartupInfoW
HeapSetInformation
GetCommandLineA
ExitProcess
GetModuleHandleW
DecodePointer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
lstrcpyA
lstrcpyW
GlobalReAlloc
GetPrivateProfileSectionW
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
CompareStringA
CancelIo
CreateIoCompletionPort
FindNextFileA
GetSystemInfo
DeviceIoControl
MoveFileA
GetConsoleScreenBufferInfo
LoadLibraryA
FindClose
GlobalFree
EnumSystemCodePagesW
FillConsoleOutputCharacterA
GetProcAddress
lstrcmpiA
GetLastError
FindFirstFileA
GetStdHandle
GetPrivateProfileIntW
SetConsoleTitleA
lstrcatA
GetModuleFileNameW
MulDiv
GetConsoleWindow
Sleep
GetVolumeInformationA
GlobalAlloc
WriteFile
GetConsoleTitleA
ReadDirectoryChangesW
GetTickCount
_lcreat
_lclose
WaitForSingleObject
GetCurrentProcess
GetQueuedCompletionStatus
_lwrite
HeapAlloc
lstrlenA
HeapCompact
CreateFileA
SetProcessAffinityMask
TlsFree
CreateFileW

user32

SetWindowTextA
RegisterClassA
AdjustWindowRect
EndPaint
DestroyWindow
SetCursor
GetMessageA
GetSystemMenu
FindWindowA
LoadCursorA
GetSystemMetrics
SystemParametersInfoA
DispatchMessageA
SetTimer
GetWindowRect
SetActiveWindow
InsertMenuItemA
PostQuitMessage
TrackPopupMenu
FillRect
KillTimer
DrawTextA
LoadStringA
LoadIconA
wsprintfA
FindWindowExA
GetClientRect
ExitWindowsEx
SetFocus
SendMessageA
BeginPaint
GetDC
IsDialogMessageA
TranslateMessage
ShowCursor
GetWindowTextA
SetRect
SetWindowLongA
MessageBoxA
UnregisterClassA
CreateWindowExA
ReleaseDC
GetDlgItem
DefWindowProcA
SetWindowPos
GetCursorPos
ShowWindow
CreatePopupMenu
GetClassInfoA
AppendMenuA
IsWindow

gdi32

BitBlt
GetTextExtentPoint32A
SetViewportOrgEx
LineTo
SetTextColor
DeleteDC
CreateDIBSection
CreateFontA
MoveToEx
CreateFontIndirectA
GetDIBits
CreateDCA
CreatePalette
CreateBitmap
DeleteObject
SelectClipRgn
CreateCompatibleDC
DPtoLP
CombineRgn
SetMapMode
CreateCompatibleBitmap
GetMapMode
CreateRectRgn
GetTextExtentPointA
GetTextMetricsA
CreateICA
GetObjectA
TextOutW
GetStockObject
TextOutA
CreateEllipticRgn
GetDeviceCaps
SelectObject

advapi32

RegCloseKey

shell32

SHGetFolderPathA

ws2_32

inet_addr
htons
bind
socket
closesocket
listen

iphlpapi

IcmpCreateFile
IcmpCloseHandle
GetAdaptersInfo

shlwapi

PathFindFileNameA
wvnsprintfA
PathFindExtensionW
AssocCreate
PathFindExtensionA
StrToIntExA

comctl32

ImageList_Draw
InitCommonControlsEx

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesA

sensapi

IsNetworkAlive

Sections

.text
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96eab832a237d63565d1786be68b50f8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ws2_32

iphlpapi

shlwapi

comctl32

wtsapi32

sensapi

Sections

.text Size: 178KB - Virtual size: 178KB

.rdata Size: 318KB - Virtual size: 318KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 107KB - Virtual size: 106KB

.text
Size: 178KB - Virtual size: 178KB

.rdata
Size: 318KB - Virtual size: 318KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 107KB - Virtual size: 106KB