f1c4dcd4dd2dfeb3c878d97712d2acac_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f1c4dcd4dd2dfeb3c878d97712d2acac_JaffaCakes118
Size

424KB
MD5

f1c4dcd4dd2dfeb3c878d97712d2acac
SHA1

61d042b5412118bd466eff3106ba95905cd6f2ff
SHA256

ea9b13bd7c0dbbb237622ab98eee6feb545dec435687d652495546af59b86147
SHA512

a015d12b0bd9dd326dc1a622618c4e012c004eba93acd6966218cdce582d8cf3f81cca05c3788fc6b7906056a9dc8a89385bb617360e2b3443e9da7588a89736
SSDEEP

12288:TqbjkMLXl776H7FLP5gXpUWTxQx8/Bpbr/i:TQjr7eg5fxBT3q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f1c4dcd4dd2dfeb3c878d97712d2acac_JaffaCakes118

Files

f1c4dcd4dd2dfeb3c878d97712d2acac_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8104514f9c303a493c230c9a118bd700

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringA
GetStartupInfoA
UnmapViewOfFile
GetThreadTimes
GetFileType
GetWindowsDirectoryW
HeapAlloc
TlsSetValue
SetEnvironmentVariableA
IsDebuggerPresent
SetUnhandledExceptionFilter
GlobalSize
DeleteFileA
EnterCriticalSection
MultiByteToWideChar
SetConsoleCtrlHandler
CompareStringW
GetLocaleInfoW
GetOEMCP
lstrlenW
LCMapStringW
FreeLibrary
GetProcessHeap
GetACP
WriteConsoleW
GetStringTypeW
SetLastError
GetLocaleInfoA
GetProcAddress
GetVolumeInformationA
GetLastError
TlsFree
ExpandEnvironmentStringsA
FreeEnvironmentStringsW
CreateFileMappingA
GetTimeFormatA
VirtualQuery
InterlockedIncrement
TlsAlloc
IsValidLocale
DeleteCriticalSection
GetUserDefaultLCID
SetHandleCount
GetEnvironmentStringsW
HeapReAlloc
InterlockedDecrement
ExitProcess
GetStringTypeExW
ReadConsoleA
VirtualAlloc
TlsGetValue
QueryPerformanceCounter
GetCurrentProcess
HeapDestroy
GetModuleHandleA
GetCurrentThread
GetVersionExA
HeapCreate
GetCurrentThreadId
LCMapStringA
WideCharToMultiByte
FreeEnvironmentStringsA
GetDateFormatA
GetCurrentProcessId
GetModuleFileNameA
HeapSize
EnumSystemLocalesA
SetConsoleMode
GetTickCount
GetStringTypeA
UnhandledExceptionFilter
GetCommandLineA
LeaveCriticalSection
IsValidCodePage
RtlUnwind
GetCPInfo
GetSystemTimeAsFileTime
InterlockedExchange
InitializeCriticalSection
CreateFileW
LocalReAlloc
GetEnvironmentStrings
WriteFile
GetStdHandle
GetTimeZoneInformation
HeapFree
TerminateProcess
LoadLibraryA
GlobalUnlock
Sleep
VirtualFree

advapi32

RegOpenKeyExA
RegLoadKeyW
CryptEncrypt
CryptHashData
CryptSetProviderExA
LookupPrivilegeDisplayNameA
LookupPrivilegeValueA
CryptSignHashA
RegCloseKey
LookupPrivilegeValueW
RegEnumValueW
RegOpenKeyW
RegDeleteValueA
CryptGetDefaultProviderA
RegDeleteValueW
RegCreateKeyA
CryptImportKey
CryptExportKey
ReportEventW

wininet

FreeUrlCacheSpaceW
GopherCreateLocatorW
FindNextUrlCacheEntryA
InternetWriteFileExW
FindFirstUrlCacheEntryA
InternetTimeToSystemTime
DeleteUrlCacheEntryW

shell32

DragQueryFileA
SHBrowseForFolderW
SHQueryRecycleBinW
CheckEscapesW
ExtractIconW
SHBrowseForFolderA
ShellExecuteExW
SHInvokePrinterCommandW
ShellExecuteW
RealShellExecuteExA
ShellAboutW
InternalExtractIconListW
CommandLineToArgvW
ExtractIconExW

Sections

.text
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8104514f9c303a493c230c9a118bd700

Headers

File Characteristics

Imports

kernel32

advapi32

wininet

shell32

Sections

.text Size: 139KB - Virtual size: 139KB

.data Size: 274KB - Virtual size: 274KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 139KB - Virtual size: 139KB

.data
Size: 274KB - Virtual size: 274KB

.rsrc
Size: 9KB - Virtual size: 8KB