f524b8cdd3e1869c97c7f7403617dd3e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f524b8cdd3e1869c97c7f7403617dd3e_JaffaCakes118
Size

420KB
MD5

f524b8cdd3e1869c97c7f7403617dd3e
SHA1

602949562a78628f4085cfaea227d460fb158ed8
SHA256

cac0412d71fdda56a289d9071c4f752850f7a7eaeec8efe8bf6bb4822756ac0b
SHA512

0f1d44e7470720a6531f57c9a695becec0979e2d93ca444efaef5de1d1aac9631e5c454969c14fed1779afa267bf4d91f8868bba9adb0e65e48c2bbf66662428
SSDEEP

12288:j0+NyTBzm6CL1TllNvsme2CaO0FiE4vjJa:jIo62TllNg2CzCMJa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f524b8cdd3e1869c97c7f7403617dd3e_JaffaCakes118

Files

f524b8cdd3e1869c97c7f7403617dd3e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

40a93e3d823e89c34b15e6cfe16858e6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

ChooseFontW
GetFileTitleA
PrintDlgA
LoadAlterBitmap

advapi32

LookupPrivilegeValueA
CryptGetDefaultProviderA
CryptVerifySignatureW
RegQueryInfoKeyA

gdi32

CreateRoundRectRgn
ResetDCA
PlayMetaFileRecord

kernel32

GetUserDefaultLCID
FillConsoleOutputCharacterW
EnumSystemLocalesW
GetVersionExA
RtlUnwind
GetVolumeInformationW
GlobalLock
IsValidCodePage
CompareStringA
GetSystemTimeAsFileTime
LCMapStringA
VirtualFree
VirtualAlloc
GetLocaleInfoA
InitializeCriticalSection
GetStringTypeA
LeaveCriticalSection
IsBadWritePtr
TlsAlloc
WideCharToMultiByte
GetCommandLineA
GetProcAddress
FreeEnvironmentStringsA
GetLocaleInfoW
FreeEnvironmentStringsW
HeapFree
WriteFile
GetModuleHandleA
GetCurrentProcess
HeapAlloc
GetEnvironmentStringsW
GetACP
QueryPerformanceCounter
CompareStringW
GetCurrentThreadId
SystemTimeToFileTime
HeapReAlloc
GetEnvironmentStrings
SetLastError
SetComputerNameA
GetTimeZoneInformation
TlsFree
DeleteCriticalSection
TlsGetValue
GetModuleFileNameA
MultiByteToWideChar
GetStringTypeExW
CreateWaitableTimerW
GetOEMCP
SetHandleCount
GetDateFormatA
GetStartupInfoA
IsValidLocale
lstrcpyA
GetCurrentThread
HeapDestroy
GetLogicalDriveStringsA
EnumSystemLocalesA
GetCurrentProcessId
GlobalUnfix
HeapCreate
GetStringTypeW
EnterCriticalSection
LoadLibraryA
VirtualQuery
GetTickCount
FindAtomW
GetTimeFormatA
SetEnvironmentVariableA
GetLastError
VirtualProtect
GetSystemInfo
InterlockedExchange
GetStdHandle
TlsSetValue
TerminateProcess
HeapSize
GetFileType
LCMapStringW
UnhandledExceptionFilter
GetCPInfo
ExitProcess

shell32

DuplicateIcon
SHFileOperation

wininet

InternetOpenW
SetUrlCacheGroupAttributeW
InternetSetCookieA
InternetTimeToSystemTime
InternetDial
ShowClientAuthCerts
GopherFindFirstFileW
InternetUnlockRequestFile
UnlockUrlCacheEntryFileW

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40a93e3d823e89c34b15e6cfe16858e6

Headers

File Characteristics

Imports

comdlg32

advapi32

gdi32

kernel32

shell32

wininet

Sections

.text Size: 128KB - Virtual size: 128KB

.rdata Size: 7KB - Virtual size: 14KB

.data Size: 278KB - Virtual size: 278KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 128KB - Virtual size: 128KB

.rdata
Size: 7KB - Virtual size: 14KB

.data
Size: 278KB - Virtual size: 278KB

.rsrc
Size: 5KB - Virtual size: 4KB