ff591b2fe060931c3ca1c8759bc046e7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ff591b2fe060931c3ca1c8759bc046e7_JaffaCakes118
Size

380KB
MD5

ff591b2fe060931c3ca1c8759bc046e7
SHA1

a18c242c7534e76effc9f8caf685205f5e52be87
SHA256

ce73ffa6393d6cfff66eaf7b4d4705f5aa256063526e26bcf2ff0c7b40bcd81c
SHA512

773467861b781e4c05322efc176c0dfc2556830dcac6ddc5aae985349a5b1086e3870a290cfbc591678992d038e823db5b605ad6353fd3f02db958e085f548ed
SSDEEP

6144:uqtWux9QZD4vTAfe24bXOxIWmOaKMEWlo:uSWux9i4vMmjbXONqllo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff591b2fe060931c3ca1c8759bc046e7_JaffaCakes118

Files

ff591b2fe060931c3ca1c8759bc046e7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4011e5c56a8fe88ed8daf83d25aa5185

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\cygwin\home\filhocf\OOF680_m14\desktop\wntmsci10.pro\bin\loader2.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
FreeSid
EqualSid
GetTokenInformation
OpenProcessToken
AllocateAndInitializeSid
RegQueryValueExW
RegOpenKeyExW

kernel32

GetVersionExA
lstrcmpA
lstrlenA
GetLastError
CloseHandle
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryA
GetPrivateProfileSectionA
CreateMutexA
GetFileAttributesA
GetFullPathNameA
GetSystemDefaultLangID
GetUserDefaultLangID
GetSystemDirectoryA
GetExitCodeProcess
CreateProcessA
GetModuleFileNameA
GetCommandLineA
lstrcmpiA
lstrcmpW
lstrlenW
LoadLibraryW
GetPrivateProfileSectionW
CreateMutexW
GetFileAttributesW
GetFullPathNameW
GetSystemDirectoryW
CreateProcessW
GetModuleFileNameW
GetCommandLineW
lstrcmpiW
RaiseException
RtlUnwind
GetACP
GetOEMCP
GetCPInfo
HeapFree
DeleteFileA
GetSystemTimeAsFileTime
DeleteFileW
GetModuleHandleA
GetStartupInfoA
HeapAlloc
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
SetUnhandledExceptionFilter
TlsAlloc
SetLastError
GetCurrentThreadId
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
WriteFile
FlushFileBuffers
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
ExitProcess
TerminateProcess
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
ReadFile
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetTimeZoneInformation
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
InitializeCriticalSection
InterlockedExchange
VirtualQuery
IsBadReadPtr
IsBadCodePtr
SetFilePointer
SetStdHandle
VirtualProtect
GetSystemInfo
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
CreateFileA
CreateFileW
SetConsoleCtrlHandler
HeapSize
GetLocaleInfoW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW

user32

DispatchMessageA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects
CharNextA
MessageBoxA
LoadStringA
DispatchMessageW
PeekMessageW
CharNextW
MessageBoxW
LoadStringW

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4011e5c56a8fe88ed8daf83d25aa5185

Headers

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

Sections

.text Size: 92KB - Virtual size: 89KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 256KB - Virtual size: 256KB

.text
Size: 92KB - Virtual size: 89KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 256KB - Virtual size: 256KB