f5e4579db80570abaa48ea3e6b02a391_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f5e4579db80570abaa48ea3e6b02a391_JaffaCakes118
Size

735KB
MD5

f5e4579db80570abaa48ea3e6b02a391
SHA1

2457df269a03df54a1584c837465b7ad3e43fc80
SHA256

55bffc96cc268f3323ed6cc1124d47cf19dc277ddbe7e5d22ff65753ba11810a
SHA512

24d8463ae99247d005bebc84a9741bf323e120b476055583f4e81c00b05e1fda56dce266d7a87224aafbda187731320e5b9e06d0e351cbf7e5b00e607482c7a2
SSDEEP

12288:YOkly/RktFqLKxQHnxN4ED8xhdM1NF1LAL9axt//8ozwD46jYfF6PTz:YVlo6uxN1IGrkEtdwBjaF6PH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5e4579db80570abaa48ea3e6b02a391_JaffaCakes118

Files

f5e4579db80570abaa48ea3e6b02a391_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1632752e862581190adab27f4112ae7d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptAcquireContextA
LookupAccountNameW
RegQueryMultipleValuesA
RegConnectRegistryA
RegQueryInfoKeyA
AbortSystemShutdownA

comctl32

InitCommonControlsEx

kernel32

HeapSize
RaiseException
GetFileType
HeapCreate
SetEnvironmentVariableA
GetTickCount
GetCPInfo
GetCurrentProcess
SetConsoleCtrlHandler
GetStringTypeW
SetLastError
GetEnvironmentStringsW
HeapReAlloc
CloseHandle
GetStartupInfoA
IsValidCodePage
ContinueDebugEvent
WriteConsoleW
GetSystemTimeAsFileTime
QueryPerformanceCounter
LCMapStringW
GetProcessHeap
GetDateFormatA
HeapValidate
OutputDebugStringW
GetProcAddress
GetConsoleOutputCP
CompareStringA
TerminateProcess
GetOEMCP
MultiByteToWideChar
GetShortPathNameA
SetUnhandledExceptionFilter
WritePrivateProfileStringA
ExitProcess
GetModuleHandleA
GetConsoleMode
VirtualFree
GetCurrentThreadId
OutputDebugStringA
DeleteCriticalSection
FlushFileBuffers
HeapDestroy
ReadFile
Sleep
GetModuleHandleW
EnumSystemLocalesA
RtlUnwind
LoadLibraryA
SetHandleCount
VirtualAlloc
TlsAlloc
CreateMutexA
LoadLibraryW
GetCommandLineA
SetFilePointer
VirtualQuery
GetTimeFormatA
HeapLock
CompareStringW
UnhandledExceptionFilter
GetLocaleInfoW
DebugBreak
GetLocaleInfoA
GetModuleFileNameW
InterlockedExchange
IsDebuggerPresent
WriteFile
MoveFileExA
GetModuleFileNameA
WideCharToMultiByte
HeapFree
LoadResource
FreeLibrary
GetStringTypeA
SetStdHandle
GetCurrentProcessId
GetVolumeInformationA
GetCurrentThread
FlushConsoleInputBuffer
InterlockedIncrement
TlsGetValue
GetConsoleCP
IsBadReadPtr
CreateFileA
FreeEnvironmentStringsW
WriteConsoleA
LeaveCriticalSection
HeapAlloc
EnterCriticalSection
GetEnvironmentStrings
CreateEventW
lstrlenA
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
LCMapStringA
ReadConsoleA
GetLastError
GetACP
FreeEnvironmentStringsA
IsValidLocale
GetStdHandle
GetTimeZoneInformation
GetUserDefaultLCID
TlsSetValue
TlsFree
SetConsoleTitleW
OpenMutexA
LocalReAlloc

user32

EndDeferWindowPos
WINNLSGetEnableStatus
GetDlgItemTextA
LoadAcceleratorsW
SystemParametersInfoW
RegisterClassExA
IsChild
RegisterClassA
DestroyAcceleratorTable
SetCursor
DrawIcon
UnhookWindowsHookEx
SendIMEMessageExW

Sections

.text
Size: 355KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 319KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1632752e862581190adab27f4112ae7d

Headers

File Characteristics

Imports

advapi32

comctl32

kernel32

user32

Sections

.text Size: 355KB - Virtual size: 355KB

.rdata Size: 48KB - Virtual size: 52KB

.data Size: 319KB - Virtual size: 318KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 355KB - Virtual size: 355KB

.rdata
Size: 48KB - Virtual size: 52KB

.data
Size: 319KB - Virtual size: 318KB

.rsrc
Size: 12KB - Virtual size: 11KB