f685af5f6a0547dab7347be53593e899_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f685af5f6a0547dab7347be53593e899_JaffaCakes118
Size

219KB
MD5

f685af5f6a0547dab7347be53593e899
SHA1

5d603e35a7c480df89f840bbd0cc6f931134027c
SHA256

c145f730b663c82413e7b3a9b3cccc197675c1e70ccc85e52d1d6cac8d80f709
SHA512

a17b330611d183fd58bd958fba2f9c7f31577834625ed2c74f85ec3cc1da4b7194969f252f4727673504cc7170ddd92169c6a54c8bad42dd15edde81f75979ab
SSDEEP

3072:bK5G+pIjc7p9RKvzOj0wO/E1kpY9NbtVbYNhwTtCqFi71yB8X2HPcyQkXMFPM071:apIaiJRYMkunw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f685af5f6a0547dab7347be53593e899_JaffaCakes118

Files

f685af5f6a0547dab7347be53593e899_JaffaCakes118
.exe windows:1 windows x86 arch:x86

6699c83057fcc27c15c92bc65fa74472

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
RtlUnwind
UnhandledExceptionFilter
GetModuleFileNameA
GetLocalTime
GetACP
GetOEMCP
GetCPInfo
GetStdHandle
GetFileType
VirtualFree
GetTimeZoneInformation
GetLastError
GetCommandLineA
RaiseException
WideCharToMultiByte
GetProcAddress
MultiByteToWideChar
SetEnvironmentVariableA
GetCurrentThreadId
lstrlenA
GetEnvironmentStrings
GetStartupInfoA
GetModuleHandleA
GetTickCount
WinExec
GetVersion
GetPrivateProfileStringA
VirtualAlloc

user32

ShowWindow
GetDC
MessageBoxA
wsprintfA
SetActiveWindow
GetSystemMetrics

winmm

sndPlaySoundA
waveOutGetNumDevs

gdi32

GetDeviceCaps

tl221mn

ord136
ord250
ord231
ord49
ord226
ord227
ord57
ord240
ord232
ord246
ord168
ord146
ord140
ord176
ord174
ord130
ord243
ord233
ord184
ord241
ord167
ord156
ord133
ord173
ord128
ord158
ord225
ord236
ord69
ord127
ord125
ord129
ord148
ord134
ord138
ord180
ord137

sv221mn

ord46
ord35
ord1577
ord1373
ord1274
ord1395
ord1394
ord2087
ord1252
ord1822
ord2088
ord2089
ord37
ord1986
ord2085
ord1396
ord1026
ord39
ord1039
ord1672
ord1040
ord1851
ord1850
ord2115
ord1776
ord2111
ord1849
ord2116
ord2121
ord2118
ord1666
ord1663
ord2110
ord79
ord78
ord93
ord2015
ord2024
ord2034
ord1022
ord1909
ord1905
ord1871
ord1831
ord1876
ord1868
ord1877
ord1887
ord1855
ord1840
ord1526
ord1359
ord1364
ord82
ord1587
ord101
ord1658
ord1621
ord1660
ord102
ord1701
ord1649
ord1627
ord99
ord1620
ord76
ord1622
ord1706
ord1699
ord92
ord1969
ord1864
ord1837
ord1863
ord1866
ord1865
ord1867
ord1961
ord2297
ord2282
ord2140
ord1971
ord2120
ord2117
ord2248
ord2305
ord2261
ord2319
ord2175
ord1826
ord2312
ord2165
ord2272
ord1499
ord1870
ord54
ord2125
ord2131
ord2127
ord2303
ord2244
ord2278
ord2296
ord1956
ord1832
ord1970
ord1355
ord1381
ord1361
ord1379
ord1375
ord1025
ord1862
ord1374
ord1391
ord1273
ord1505
ord1916
ord1915
ord1823
ord1843
ord1844
ord1928
ord1927
ord1885
ord1461
ord1773
ord1838
ord1417
ord1354
ord1523
ord1533
ord1506
ord1491
ord1474
ord1513
ord1353
ord1845
ord1908
ord1646
ord1783
ord1057
ord1642
ord1055
ord1492
ord1504
ord1581
ord1579
ord1578
ord1586
ord56
ord1930
ord1917
ord1775
ord1884
ord1457
ord1700
ord2109
ord1999
ord1983
ord1912
ord1817
ord1872
ord1623
ord1427
ord1624
ord90
ord2259
ord1704
ord2264
ord2254
ord1841
ord2134
ord2027
ord2045
ord2018
ord2029
ord2028
ord2039
ord1028
ord1053
ord1029
ord1048

advapi32

RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

njyjiqq
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6699c83057fcc27c15c92bc65fa74472

Headers

File Characteristics

Imports

kernel32

user32

winmm

gdi32

tl221mn

sv221mn

advapi32

Sections

.text Size: 90KB - Virtual size: 90KB

.bss Size: - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 6KB - Virtual size: 6KB

.idata Size: 3KB - Virtual size: 3KB

.edata Size: 512B - Virtual size: 48B

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 30KB - Virtual size: 31KB

njyjiqq Size: 76KB - Virtual size: 76KB

.text
Size: 90KB - Virtual size: 90KB

.bss
Size: - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 6KB - Virtual size: 6KB

.idata
Size: 3KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 48B

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 30KB - Virtual size: 31KB

njyjiqq
Size: 76KB - Virtual size: 76KB