e2bbe85ada3923609dd15a0d3a4a603e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e2bbe85ada3923609dd15a0d3a4a603e_JaffaCakes118
Size

445KB
MD5

e2bbe85ada3923609dd15a0d3a4a603e
SHA1

71601c89ac2bf0b4b25a7712939aba6927700e03
SHA256

1d79e4adbf0e0cb3170223e13ad85dbff92a471a3ca22c3468606d100ac91133
SHA512

afddc2aacdd0da70d0796fdef988389a34e4fb7e0f2e7143866c00c859a867a9bb24022e9c967148aaaf8b320dff38ff1512a9b9dc14a7085041d9b72aafb918
SSDEEP

12288:9WhCCG12BM0rLAtGBHVTSczO14387e5fSQIgswI:9WhClKM0riCSczO1e8q5LTdI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e2bbe85ada3923609dd15a0d3a4a603e_JaffaCakes118

Files

e2bbe85ada3923609dd15a0d3a4a603e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

91ffc65b62dca2422b601c8d11d045d9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetPathFromIDList
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation

kernel32

GetProcessHeap
GetCommandLineA
FreeEnvironmentStringsW
DeleteCriticalSection
GetStdHandle
GetTickCount
GetStringTypeW
GetUserDefaultLCID
SetConsoleCtrlHandler
GetCurrentProcess
IsDebuggerPresent
SetHandleCount
GetCompressedFileSizeA
TlsAlloc
HeapCreate
GetDateFormatA
GetLastError
GetEnvironmentStrings
LoadLibraryA
TerminateProcess
GetSystemTimeAsFileTime
InterlockedIncrement
GetLocaleInfoA
HeapFree
SetLastError
GetStartupInfoW
GetModuleFileNameW
IsValidLocale
CompareStringA
VirtualFree
GetStartupInfoA
UnhandledExceptionFilter
RtlUnwind
LCMapStringW
MultiByteToWideChar
HeapReAlloc
GetCommandLineW
VirtualQuery
EnumSystemLocalesA
Sleep
IsValidCodePage
TlsSetValue
LeaveCriticalSection
GetProcAddress
EnterCriticalSection
SetUnhandledExceptionFilter
InterlockedExchange
QueryPerformanceCounter
GetTimeZoneInformation
TlsFree
VirtualAlloc
GetFileType
GetModuleFileNameA
GetOEMCP
GetLocaleInfoW
WriteFile
HeapDestroy
HeapSize
WideCharToMultiByte
GetCPInfo
InitializeCriticalSection
GetStringTypeA
FreeLibrary
FreeEnvironmentStringsA
GetCurrentThread
GetTimeFormatA
GetCurrentProcessId
InterlockedDecrement
GetModuleHandleA
HeapAlloc
GetACP
GetVersionExA
ExitProcess
GetEnvironmentStringsW
GetCurrentThreadId
CompareStringW
LCMapStringA
TlsGetValue
SetEnvironmentVariableA

gdi32

GdiFlush

wininet

InternetReadFileExA

user32

SetWindowContextHelpId
GetIconInfo
GetTitleBarInfo
GetUserObjectInformationA
ValidateRect
MessageBoxIndirectW
SetDlgItemInt
GetClipboardViewer
GetClipboardData
EnumDesktopWindows
DdeInitializeA
FreeDDElParam
IsDialogMessageW
ChangeClipboardChain
DrawTextExA
ClientToScreen
OemToCharW

advapi32

CryptGetUserKey
CryptGetDefaultProviderW
RegSetValueExW
GetUserNameW
CryptDeriveKey
RegCloseKey
DuplicateToken
CryptDuplicateKey
RegCreateKeyExW

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91ffc65b62dca2422b601c8d11d045d9

Headers

File Characteristics

Imports

shell32

kernel32

gdi32

wininet

user32

advapi32

Sections

.text Size: 141KB - Virtual size: 141KB

.rdata Size: 9KB - Virtual size: 14KB

.data Size: 281KB - Virtual size: 281KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 141KB - Virtual size: 141KB

.rdata
Size: 9KB - Virtual size: 14KB

.data
Size: 281KB - Virtual size: 281KB

.rsrc
Size: 12KB - Virtual size: 11KB