ff6f04fc624ba7e54da4234c77013e83_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ff6f04fc624ba7e54da4234c77013e83_JaffaCakes118
Size

442KB
MD5

ff6f04fc624ba7e54da4234c77013e83
SHA1

b98810f8978017459ce3e591a974ad7e9ab18a43
SHA256

ff9afdd17cd66d6ac0bc70fefdd1b3cd71d7fa894d94c89e74a5f70316fa18c7
SHA512

3703dfafdb26b36981708b60aa841b84c7f13a1ddf03886b51f27d8b1552154316f198240e73103ebfd6c8da330d2652f8cc151a27d4f12d3f9a6398c8382faf
SSDEEP

12288:eOpmDQDLcq7yY/AEq+xi6sx0Zp2B3OCqvTJ6Z:hmMDIeyY/pq+L8BHqvQZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff6f04fc624ba7e54da4234c77013e83_JaffaCakes118

Files

ff6f04fc624ba7e54da4234c77013e83_JaffaCakes118
.exe windows:4 windows x86 arch:x86

279485ca4c067d092d7ad135239eda9c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

ExtCreateRegion
CreateCompatibleBitmap

comdlg32

ChooseColorW
GetOpenFileNameW

kernel32

GetCurrentProcess
GetACP
LeaveCriticalSection
HeapDestroy
VirtualQueryEx
GetEnvironmentStrings
WriteFile
VirtualProtect
lstrlenW
EnterCriticalSection
TlsAlloc
GetCPInfo
UnhandledExceptionFilter
EnumSystemLocalesA
HeapSize
GetDateFormatA
FreeEnvironmentStringsA
GetFileSize
DeleteFiber
GetCommandLineA
GetLocaleInfoW
CreateToolhelp32Snapshot
GetStdHandle
QueryPerformanceCounter
GetUserDefaultLCID
WriteProfileStringA
HeapAlloc
OpenEventA
LoadLibraryA
GetOEMCP
TlsSetValue
MultiByteToWideChar
GetCurrentThread
IsValidLocale
GetTimeFormatA
FreeEnvironmentStringsW
GetTickCount
SetLastError
GetSystemInfo
TlsFree
SetThreadLocale
HeapCreate
TerminateProcess
SetThreadPriority
GetProfileIntA
IsBadWritePtr
InterlockedExchange
GetStartupInfoA
VirtualQuery
GetStringTypeW
OpenMutexA
VirtualAlloc
GetSystemTimeAsFileTime
GetStartupInfoW
HeapLock
InitializeCriticalSection
GetCurrentThreadId
GetEnvironmentStringsW
GetModuleFileNameA
GetStringTypeA
LockFile
CompareStringA
RtlUnwind
GetVersionExA
DeleteCriticalSection
CompareStringW
GetModuleFileNameW
LCMapStringW
HeapFree
GlobalAlloc
GetCommandLineW
MapViewOfFileEx
GetTimeZoneInformation
GetModuleHandleA
GetLocaleInfoA
SetEnvironmentVariableA
GetLogicalDriveStringsW
WideCharToMultiByte
LocalShrink
HeapReAlloc
GetCurrentProcessId
GetFileType
LCMapStringA
GetProcAddress
GetLastError
TlsGetValue
IsValidCodePage
VirtualFree
SetHandleCount
EnumDateFormatsW
TransmitCommChar
ExitProcess
GetPriorityClass
ReadConsoleOutputCharacterW

advapi32

GetUserNameW
CryptSetProviderA
RegOpenKeyExA
DuplicateToken
RegLoadKeyA
CryptDestroyKey
LookupPrivilegeNameW
CryptImportKey

Sections

.text
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

279485ca4c067d092d7ad135239eda9c

Headers

File Characteristics

Imports

gdi32

comdlg32

kernel32

advapi32

Sections

.text Size: 143KB - Virtual size: 143KB

.rdata Size: 7KB - Virtual size: 31KB

.data Size: 279KB - Virtual size: 279KB

.rsrc Size: 11KB - Virtual size: 10KB

.text
Size: 143KB - Virtual size: 143KB

.rdata
Size: 7KB - Virtual size: 31KB

.data
Size: 279KB - Virtual size: 279KB

.rsrc
Size: 11KB - Virtual size: 10KB