JaffaCakes118_7b27fa822081b4beb9a24b6cce54b304

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_7b27fa822081b4beb9a24b6cce54b304
Size

325KB
MD5

7b27fa822081b4beb9a24b6cce54b304
SHA1

33fa233f98c0d9961458f01685c3bafdddce65cd
SHA256

28f84083dd2a67fd0dba0e75e8901fce6bf429f134acc9badbd3970ec3a15bd5
SHA512

37c15077aae76340f402fa9f682ea1e0ebcd23037c3796b6a431fefc05d89088a147745e7485c1ef6bdb896b43ea40cce45197dc7a98049eac6156ad77c46694
SSDEEP

6144:Zyy1aTsTeAmBMo6yZclBc5LfscPAqvjvGf2AzMEsJj8cy9X4UeC:Zyy1a4yAmlhZclBc5Lf3djuf2AzV/9IO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_7b27fa822081b4beb9a24b6cce54b304

Files

JaffaCakes118_7b27fa822081b4beb9a24b6cce54b304
.exe windows:5 windows x86 arch:x86

0458fd9d0da3a2097ecbf3650269de14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NO_BIND

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

R:\shared\conscious\reconfiguratio.pdb

Imports

kernel32

CloseHandle
GetCurrentProcessId
lstrcpyA
FlushFileBuffers
HeapReAlloc
WriteConsoleW
SetStdHandle
HeapSize
RtlUnwind
LoadLibraryW
GetStringTypeW
GetModuleHandleA
Sleep
GetConsoleMode
GetConsoleCP
SetFilePointer
RaiseException
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GlobalLock
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
HeapFree
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameW
LoadLibraryA
GetProcAddress
GetLastError
GlobalUnlock
lstrlenW
lstrcatA
ReadFile
MulDiv
HeapCreate
LCMapStringW
GlobalAlloc
GetStdHandle
WriteFile
IsProcessorFeaturePresent
GetCurrentThreadId
SetLastError
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
CreateFileW
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
lstrlenA
GetFileSize
CreateFileA
DeleteCriticalSection
ExitProcess
GetCurrentProcess
TerminateProcess
MultiByteToWideChar
HeapAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer

user32

ShowScrollBar
DispatchMessageA
GetDialogBaseUnits
DialogBoxParamA
GetDlgItemTextA
LoadCursorA
SetWindowTextA
LoadImageA
LoadBitmapA
EndPaint
DestroyWindow
SetTimer
RegisterClassExA
PostQuitMessage
KillTimer
DrawTextA
LoadStringA
ShowWindow
LoadIconA
OpenInputDesktop
wsprintfA
GetClientRect
SendMessageA
BeginPaint
GetDC
MessageBoxA
InvalidateRect
CreateWindowExA
ReleaseDC
GetDlgItem
EndDialog
DefWindowProcA

gdi32

SelectObject
DPtoLP
Rectangle
Ellipse
RealizePalette
SelectPalette
CreatePen
GetStockObject
CreateSolidBrush
DeleteObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA

ole32

CoInitialize
CoTaskMemFree
CreateStreamOnHGlobal

oleaut32

OleSavePictureFile
OleLoadPicture

winmm

mmioWrite
mmioClose
mmioOpenA
mmioCreateChunk

shlwapi

StrChrA
PathFindFileNameW

comctl32

ImageList_Add
ord17
ord6
ImageList_Create

pdh

PdhGetFormattedCounterValue

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.flash
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.relob
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ddata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0458fd9d0da3a2097ecbf3650269de14

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

winmm

shlwapi

comctl32

pdh

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 5KB - Virtual size: 12KB

.flash Size: 8KB - Virtual size: 7KB

.relob Size: 147KB - Virtual size: 146KB

.ddata Size: 22KB - Virtual size: 21KB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 5KB - Virtual size: 12KB

.flash
Size: 8KB - Virtual size: 7KB

.relob
Size: 147KB - Virtual size: 146KB

.ddata
Size: 22KB - Virtual size: 21KB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 6KB - Virtual size: 6KB