fb77b787b6b59a5b6e1b7f4b6efc504a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fb77b787b6b59a5b6e1b7f4b6efc504a_JaffaCakes118
Size

184KB
MD5

fb77b787b6b59a5b6e1b7f4b6efc504a
SHA1

2d31ccdf2713623bb6de3bf2028f347014a4212d
SHA256

9be7205d70a04585564a15dcfe057cd8a91c250190d90737da613537bdea1449
SHA512

e2b33ee85ceb99b869ff108ce26d9e03b7ca441d556e7665af26118f699de1b9bacce725b3aff52c77b68ee4b5d55bda3088955cc826ff04a2832ce5799a86f9
SSDEEP

3072:xb8GZwHueA6NP2r1OJsrDLsvsWqmno1PHA1Lfx5fqyB6PID/p5UkgvmODt:xbTK+6A1g8XsDo1PHAH5fKQp53gvv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb77b787b6b59a5b6e1b7f4b6efc504a_JaffaCakes118

Files

fb77b787b6b59a5b6e1b7f4b6efc504a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

37a29a5121abd8e3bf945063ae3bb5f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathW
ShellExecuteExW

user32

GetGUIThreadInfo
GetWindowThreadProcessId
AllowSetForegroundWindow
GetPropW
GetClassNameW
GetForegroundWindow

ole32

CoGetProcessIdentifier
StringFromGUID2
CoInitialize
CoTaskMemAlloc
CoUninitialize
CoTaskMemFree

kernel32

LocalAlloc
GetSystemDirectoryW
QueryPerformanceCounter
GetCalendarInfoW
GetLongPathNameW
ExpandEnvironmentStringsW
GetSystemTimeAsFileTime
SearchPathW
OutputDebugStringW
OpenProcess
GetProcessHeap
FindFirstFileW
MapViewOfFile
GetCurrentThreadId
DeviceIoControl
SetFileAttributesW
GetProcessId
SetLastError
VirtualQuery
GetCurrentProcessId
InterlockedDecrement
TlsAlloc
UnhandledExceptionFilter
InterlockedCompareExchange
GetEnvironmentVariableW
FreeLibrary
GetLogicalDriveStringsW
CreateFileW
GetModuleHandleA
SetUnhandledExceptionFilter
ExitProcess
TlsGetValue
CloseHandle
UnmapViewOfFile
OpenEventW
WideCharToMultiByte
TerminateProcess
InitializeCriticalSectionAndSpinCount
HeapAlloc
IsWow64Process
LeaveCriticalSection
GetProcAddress
DecodePointer
GetFileAttributesW
EnumResourceNamesA
QueryDosDeviceW
DeleteCriticalSection
GetModuleFileNameW
EncodePointer
LoadLibraryW
GetCurrentProcess
OutputDebugStringA
GetCurrentDirectoryW
MultiByteToWideChar
GetModuleHandleW
ReleaseMutex
CreateDirectoryW
GetModuleHandleExW
GetFullPathNameW
TlsSetValue
InterlockedExchange
TlsFree
FindNextFileW
SetEnvironmentVariableW
GetFileSizeEx
InitializeCriticalSection
WaitForSingleObject
lstrcmpiW
GetWindowsDirectoryW
InterlockedIncrement
lstrlenW
GetTickCount
EnterCriticalSection
GetLastError
VirtualProtect
HeapFree
LocalFree
Sleep
FindClose
WaitForSingleObjectEx
DuplicateHandle
CreateFileMappingW
GetFileInformationByHandle
CreateMutexW

advapi32

RegCreateKeyExW
RegEnumKeyW
EncryptFileW
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExW
RegEnumValueW
DecryptFileW
RegOpenKeyExW
RegCloseKey

shlwapi

PathIsUNCW
PathSkipRootW
PathGetArgsW
StrDupW
SHRegGetValueW
PathFindFileNameW

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37a29a5121abd8e3bf945063ae3bb5f2

Headers

File Characteristics

Imports

shell32

user32

ole32

kernel32

advapi32

shlwapi

Sections

.text Size: 105KB - Virtual size: 104KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 73KB - Virtual size: 73KB

.edata Size: 1024B - Virtual size: 376KB

.text
Size: 105KB - Virtual size: 104KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 73KB - Virtual size: 73KB

.edata
Size: 1024B - Virtual size: 376KB