f0ab50487d30791db639f15f269bcd30_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f0ab50487d30791db639f15f269bcd30_JaffaCakes118
Size

425KB
MD5

f0ab50487d30791db639f15f269bcd30
SHA1

1b0b8eab8282a7b026326b52b1a287b25be900c0
SHA256

3103aff06b8b9c933ca366ed33e12931463c77f78e4a3f2ed382177e132bf83a
SHA512

5a0025b84f705adb63e61e322c7fa550e3813e7c268d0afd48947420bbe40bd9959417239c8c1316a1714ade790b033ac91f7d2c632ffa8fa9aab5a03b8111e2
SSDEEP

6144:fzQbolJlgXfnmS5fDTMDy1Wal6MiyTvNaxkv8fhnHVRXQL6WS66MdZH5sH:fzQb6rgX/dLTyyIq6REwlnHM28SH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0ab50487d30791db639f15f269bcd30_JaffaCakes118

Files

f0ab50487d30791db639f15f269bcd30_JaffaCakes118
.exe windows:4 windows x86 arch:x86

73f8d3990310dedaeeca9494342e61e0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupSecurityDescriptorPartsA
RegSaveKeyA
RegCloseKey
LookupAccountSidW

shell32

SHFileOperationW

kernel32

GetCurrentThreadId
InitializeCriticalSection
CompareStringA
GetStdHandle
GetDateFormatA
GetUserDefaultLCID
GetSystemTimeAsFileTime
HeapFree
EnumSystemLocalesA
GetLocaleInfoW
GetMailslotInfo
GetLastError
DeleteCriticalSection
VirtualQuery
GetOEMCP
InterlockedExchange
SetEnvironmentVariableA
SetHandleCount
HeapSize
LoadLibraryA
GetStringTypeA
GetLocaleInfoA
SetLastError
GetVolumeInformationW
FreeEnvironmentStringsW
IsBadWritePtr
WriteFile
RtlUnwind
EnumTimeFormatsA
CompareStringW
GetAtomNameA
GetEnvironmentStrings
GetTimeFormatA
WideCharToMultiByte
LeaveCriticalSection
VirtualFree
IsValidLocale
GetFileType
ExitProcess
HeapAlloc
GetACP
LCMapStringA
GetSystemInfo
ResumeThread
GetCommandLineA
HeapReAlloc
TlsGetValue
GetProfileIntA
SetThreadIdealProcessor
DeleteAtom
TlsFree
GetCPInfo
GetVersionExA
TlsAlloc
MultiByteToWideChar
GetTimeZoneInformation
FindFirstFileA
GetProcAddress
GetCurrentProcessId
HeapDestroy
QueryPerformanceCounter
GetModuleFileNameA
GetStringTypeW
GetCurrentProcess
EnterCriticalSection
HeapCreate
VirtualProtect
UnhandledExceptionFilter
SetConsoleCursorPosition
GetWindowsDirectoryW
GetCurrentThread
GetTickCount
LCMapStringW
GetStartupInfoA
GetModuleHandleA
VirtualAlloc
TerminateProcess
SetVolumeLabelA
WritePrivateProfileStructW
FreeEnvironmentStringsA
GetEnvironmentStringsW
TlsSetValue
IsValidCodePage

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73f8d3990310dedaeeca9494342e61e0

Headers

File Characteristics

Imports

advapi32

shell32

kernel32

Sections

.text Size: 122KB - Virtual size: 122KB

.rdata Size: 7KB - Virtual size: 26KB

.data Size: 282KB - Virtual size: 282KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 122KB - Virtual size: 122KB

.rdata
Size: 7KB - Virtual size: 26KB

.data
Size: 282KB - Virtual size: 282KB

.rsrc
Size: 12KB - Virtual size: 11KB