f6ae9b38d7c23e410d596de935f918a2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f6ae9b38d7c23e410d596de935f918a2_JaffaCakes118
Size

225KB
MD5

f6ae9b38d7c23e410d596de935f918a2
SHA1

7e959d26bd8feaa8d26a5183d5be3ca5828d5e97
SHA256

b3239be5284d3b660188891677f898505221816c0b982e09ae2ca3189052242a
SHA512

2a0f5675c7754f861d49cf85500ff0a39c8b7587f5ceec3afcedda745212129193f1e02aaa2cbb4c523e6de2e0b26e233e6cdb627dae4108139035f3ad89a295
SSDEEP

6144:/ang78cjSLLQUI8T5ORoAeeLtRgZMdzDZJVAyTf2wVlKBGm:8g78eg0B8w7eeLrLDZ4Wf21BG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6ae9b38d7c23e410d596de935f918a2_JaffaCakes118

Files

f6ae9b38d7c23e410d596de935f918a2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5f795f3331403b315b19720a2ba3b26b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
MultiByteToWideChar
DuplicateHandle
CreateWaitableTimerA
GetVersion
UnmapViewOfFile
HeapAlloc
LoadLibraryA
CreateDirectoryExW
GetLastError
LocalFileTimeToFileTime
WritePrivateProfileSectionW
SetLocaleInfoA
FreeEnvironmentStringsW
InterlockedExchange
GetTickCount
EnterCriticalSection
InitializeCriticalSection
IsBadWritePtr
FillConsoleOutputCharacterW
GetFileType
GetEnvironmentStrings
LeaveCriticalSection
GetEnvironmentStringsW
VirtualLock
TlsAlloc
GetStartupInfoW
HeapDestroy
GetProcAddress
SetEvent
HeapCreate
HeapFree
FindFirstFileExW
GetCurrentThread
EnumSystemCodePagesA
TlsFree
VirtualQuery
LCMapStringW
TlsGetValue
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
TlsSetValue
FlushFileBuffers
GetStdHandle
HeapReAlloc
SetLastError
ExitProcess
CompareStringA
InterlockedDecrement
VirtualAlloc
TerminateProcess
QueryPerformanceCounter
GetCurrentProcess
WriteFile
GetModuleHandleA
GetModuleFileNameW
UnhandledExceptionFilter
VirtualFree
GetCurrentThreadId
RtlUnwind
SetHandleCount
GetCommandLineW
GetStartupInfoA
GetCurrentProcessId
GetModuleFileNameA
lstrcpyA
GetCommandLineA

user32

SetCaretBlinkTime
GetTabbedTextExtentA
SetClassLongA
CallMsgFilterA
PeekMessageA
MessageBoxA
DestroyCursor
SetMenuItemInfoW
OemToCharBuffA
PtInRect

advapi32

RegQueryValueA
RegQueryValueW
RegCreateKeyExW
StartServiceW
CryptSetProviderW
CreateServiceW
RegSaveKeyA
CryptGetDefaultProviderA
LookupAccountNameA
RegEnumKeyW
RegDeleteValueA
CryptEncrypt
RegSaveKeyW
LookupSecurityDescriptorPartsW
CryptVerifySignatureA
RegDeleteKeyW
LookupPrivilegeDisplayNameW
RegLoadKeyA
RegCreateKeyW
RegReplaceKeyW
RegQueryValueExW
AbortSystemShutdownA
CryptEnumProvidersW
CryptGetKeyParam

wininet

FindNextUrlCacheGroup

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 129KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f795f3331403b315b19720a2ba3b26b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

Sections

.text Size: 92KB - Virtual size: 91KB

.data Size: 129KB - Virtual size: 138KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 92KB - Virtual size: 91KB

.data
Size: 129KB - Virtual size: 138KB

.rsrc
Size: 3KB - Virtual size: 2KB