fba1ee00749560e7d83d1aece8e345e6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fba1ee00749560e7d83d1aece8e345e6_JaffaCakes118
Size

521KB
MD5

fba1ee00749560e7d83d1aece8e345e6
SHA1

11a7095fac33afd86b9b9054cfac1a66420282ca
SHA256

8614f8907f4b996573ae6e896575fe9517913983ab3a1cac954e406ae3043da8
SHA512

3353a32ea77fdeb96cfa7f0b6c13324f01ce526bb8edab6e14368e865761f2934f2fa12ce28b915f4ce451cd1e0edb558b7074a8ed0f4e2038e03c93908f6635
SSDEEP

12288:PHmbUaD9jnSoPLLBusMsUDmmx8EYVjGmi:+bUS9FfuFDmM3OjGmi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fba1ee00749560e7d83d1aece8e345e6_JaffaCakes118

Files

fba1ee00749560e7d83d1aece8e345e6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4981c9fc49506c5d2f4d87a20c03856b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetUserNameW
CryptVerifySignatureW
RegOpenKeyW
CryptGetDefaultProviderW
CryptSetProviderA
RegSetValueExW
CryptAcquireContextA
CryptExportKey

shell32

RealShellExecuteW
DragQueryFileA
ShellExecuteW
SHGetFileInfoW

gdi32

GetObjectType
CreateCompatibleDC
AbortPath
CreateBitmap

kernel32

HeapSize
CompareStringA
GetCurrentProcessId
GetCurrentThreadId
IsValidCodePage
VirtualQuery
GetModuleHandleA
LoadLibraryA
GetLastError
EnterCriticalSection
LeaveCriticalSection
VirtualFree
LCMapStringA
Sleep
GetStartupInfoA
GetStringTypeA
GetEnvironmentStringsW
SetLastError
GetCommandLineA
FreeLibrary
WideCharToMultiByte
OpenMutexA
DeleteCriticalSection
FreeEnvironmentStringsA
GetACP
HeapDestroy
RtlUnwind
SetFilePointer
GetTickCount
GetConsoleCP
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WriteConsoleA
SetStdHandle
lstrcpynA
InterlockedDecrement
CompareStringW
CreateFileA
GetDateFormatA
GetCommandLineW
GetModuleFileNameA
GetModuleFileNameW
MultiByteToWideChar
GetLocaleInfoA
HeapReAlloc
FlushFileBuffers
GetLocaleInfoW
WriteConsoleOutputW
ReadFile
GetStartupInfoW
GetCurrentProcess
GetConsoleMode
TlsAlloc
CloseHandle
FreeEnvironmentStringsW
GetCPInfo
VirtualAlloc
GetShortPathNameW
CreateMutexA
InitializeCriticalSection
GetCurrentThread
TlsGetValue
GetProcAddress
GetStdHandle
IsValidLocale
InterlockedIncrement
HeapAlloc
GetConsoleOutputCP
SetHandleCount
QueryPerformanceCounter
IsDebuggerPresent
TlsFree
WriteConsoleW
GetPrivateProfileIntW
GetUserDefaultLCID
SetEnvironmentVariableA
HeapFree
HeapCreate
GetFileType
GetTimeFormatA
SetConsoleCtrlHandler
GetVersionExA
GetOEMCP
TerminateProcess
LCMapStringW
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetStringTypeW
GetEnvironmentStrings
InterlockedExchange
TlsSetValue
ExitProcess
GetProcessHeap
WriteFile
EnumSystemLocalesA

user32

TrackPopupMenu
AdjustWindowRect
GetSystemMetrics
GetWindowTextLengthW
RegisterClassA
LoadCursorFromFileA
DispatchMessageW
AppendMenuW
SetWindowsHookA
RegisterClassExA

comctl32

InitCommonControlsEx

Sections

.text
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4981c9fc49506c5d2f4d87a20c03856b

Headers

File Characteristics

Imports

advapi32

shell32

gdi32

kernel32

user32

comctl32

Sections

.text Size: 183KB - Virtual size: 183KB

.rdata Size: 10KB - Virtual size: 40KB

.data Size: 315KB - Virtual size: 315KB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 183KB - Virtual size: 183KB

.rdata
Size: 10KB - Virtual size: 40KB

.data
Size: 315KB - Virtual size: 315KB

.rsrc
Size: 11KB - Virtual size: 11KB