f5b9df2d43b7b7e85c340b2225e0518d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f5b9df2d43b7b7e85c340b2225e0518d_JaffaCakes118
Size

509KB
MD5

f5b9df2d43b7b7e85c340b2225e0518d
SHA1

fc154c51c99ce408feff3b497122aea7316de8f9
SHA256

486b80d77879eeaefc9fb7332012e61cffa878ef0ad72851fea897db76480d5e
SHA512

9132dad0f9451281287dee584be79ded683839d24dd13015fd78d085d47bf5ec8481ab325b9d1760e24afa464625e83b43ac1ee73c6f53f94e151c1e10b2e516
SSDEEP

12288:Us0qkcYgYEtqtv7rclQVPHlA18r3QKvbmT:U7c4qqtAQVFrni

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5b9df2d43b7b7e85c340b2225e0518d_JaffaCakes118

Files

f5b9df2d43b7b7e85c340b2225e0518d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bb050cb6e52eb883446b6de1a3143d31

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetHandleCount
TlsAlloc
RtlUnwind
FlushFileBuffers
TlsFree
HeapCreate
GetDateFormatA
GetModuleHandleA
GetStringTypeA
GetCurrentProcessId
InterlockedExchange
IsValidLocale
IsValidCodePage
GetStdHandle
WideCharToMultiByte
SetFilePointer
GetLocaleInfoW
GetSystemInfo
GetCPInfo
ExitProcess
WriteFile
GetLocaleInfoA
HeapReAlloc
FreeEnvironmentStringsA
GetACP
LeaveCriticalSection
GetCommandLineA
CreateMutexA
FreeEnvironmentStringsW
GetCurrentThreadId
EnumSystemLocalesA
UnhandledExceptionFilter
TlsSetValue
GetCurrentThread
InitializeCriticalSection
HeapFree
GetVersionExA
LCMapStringA
HeapDestroy
CloseHandle
HeapAlloc
VirtualAlloc
SetStdHandle
OpenMutexA
GetTickCount
IsBadWritePtr
GetUserDefaultLCID
TlsGetValue
GetTimeFormatA
CompareStringW
QueryPerformanceCounter
ReadFile
VirtualFree
HeapSize
GetStringTypeW
EnterCriticalSection
GetSystemTimeAsFileTime
VirtualProtect
GetOEMCP
GetTimeZoneInformation
TerminateProcess
LoadLibraryA
GetEnvironmentStringsW
MultiByteToWideChar
LCMapStringW
GetFileType
SetEnvironmentVariableA
GetConsoleTitleW
GetCurrentProcess
DeleteCriticalSection
GetModuleFileNameA
GetStartupInfoA
GetProcAddress
SetLastError
GetEnvironmentStrings
GetLastError
VirtualQuery
CompareStringA

gdi32

SetICMProfileW
Rectangle
GetWindowOrgEx
FloodFill
ExtTextOutA
GetMetaFileW
PtInRegion
ExtCreateRegion
CreateSolidBrush
ArcTo
PatBlt
ScaleViewportExtEx
StartPage
SetFontEnumeration
SetBitmapDimensionEx

comctl32

InitCommonControlsEx

user32

RegisterWindowMessageA
DestroyAcceleratorTable
RegisterClassA
DrawTextExW
DrawMenuBar
BroadcastSystemMessageW
GetKeyboardType
GetScrollBarInfo
LoadKeyboardLayoutA
GetAltTabInfo
SetScrollPos
ScreenToClient
IsMenu
CallNextHookEx
ShowCursor
GetKeyNameTextW
SetClassWord
GetPropW
TrackPopupMenu
VkKeyScanA
MessageBoxIndirectA
GetAsyncKeyState
SetProcessDefaultLayout
RegisterClassExA
GetMessageW
EnumPropsExW

Sections

.text
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb050cb6e52eb883446b6de1a3143d31

Headers

File Characteristics

Imports

kernel32

gdi32

comctl32

user32

Sections

.text Size: 173KB - Virtual size: 173KB

.rdata Size: 8KB - Virtual size: 19KB

.data Size: 313KB - Virtual size: 312KB

.rsrc Size: 14KB - Virtual size: 13KB

.text
Size: 173KB - Virtual size: 173KB

.rdata
Size: 8KB - Virtual size: 19KB

.data
Size: 313KB - Virtual size: 312KB

.rsrc
Size: 14KB - Virtual size: 13KB