0211262dd4c76c51e61ac9ce8ba39c87_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0211262dd4c76c51e61ac9ce8ba39c87_JaffaCakes118
Size

1.4MB
MD5

0211262dd4c76c51e61ac9ce8ba39c87
SHA1

e2a392dc13a94841c305c3cbca4e82cab48ca3b9
SHA256

52fba6ad530718e65bc56918b94308c9c0797a640dcd4b45adea819adfda56ab
SHA512

e4734b73c7f3ca13e4814214027f7f1cfcd09dab4bb377b080b82ddc937a8734102b0eda7629cea7534946d3457a42c38896dc404a414f99cdff7c98f5bbf275
SSDEEP

12288:Oh2nrpVy617PAnkJQGsK1zDvRhuBp7CCQBP0/46RTar2/a5WukN9pEAa8zuvARr7:OeVy6174kJyWRIpX3g7v5Duvva86UHwm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0211262dd4c76c51e61ac9ce8ba39c87_JaffaCakes118

Files

0211262dd4c76c51e61ac9ce8ba39c87_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d12225fef9b3823c735922e64777a049

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringW
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
CreateFileW
GetCommandLineW
CloseHandle
SetHandleCount
GetLastError
GetCurrentThreadId
GetEnvironmentStringsW
VirtualAlloc
LocalFree
GetVersion
GetProcAddress
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
HeapReAlloc
HeapAlloc
GetOEMCP
GetACP
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WriteFile
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetStdHandle
GetFileType

crypt32

CertCloseStore
CryptBinaryToStringW
CryptStringToBinaryW
CertFreeCertificateChain
CertGetCertificateChain
CryptQueryObject
CryptHashPublicKeyInfo
CryptAcquireCertificatePrivateKey
CertFindExtension
CertVerifyTimeValidity
CryptHashCertificate
CertGetPublicKeyLength
CertGetEnhancedKeyUsage
CertControlStore
CertAddStoreToCollection
CertAddCertificateContextToStore
CryptEncodeObjectEx
CryptDecodeObjectEx
CryptDecodeObject
CryptEnumOIDInfo
CryptMsgClose
CertEnumCertificatesInStore
CertCreateCertificateContext
CertFreeCertificateContext
CertSetCertificateContextProperty
CertAddEncodedCertificateToStore

shlwapi

PathIsNetworkPathW
AssocCreate
SHSetValueW
SHDeleteKeyW
PathSkipRootW
PathRemoveBlanksW
PathRemoveBackslashW
PathIsURLW
PathIsUNCServerW
StrCmpNIW
PathCanonicalizeW
PathBuildRootW
SHStrDupW
StrRChrW
StrPBrkW
StrDupW
StrChrIW

secur32

FreeCredentialsHandle

oleaut32

CreateErrorInfo
GetErrorInfo
RegisterTypeLi
VarNeg
VarBstrFromBool
VarBstrFromCy
VarR8FromStr
VarI4FromStr
VariantCopy
VariantClear
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayRedim
SysStringLen
SysFreeString
SafeArrayUnaccessData

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 7.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.741o
Size: 980KB - Virtual size: 980KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 365KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d12225fef9b3823c735922e64777a049

Headers

File Characteristics

Imports

kernel32

crypt32

shlwapi

secur32

oleaut32

Sections

.text Size: 35KB - Virtual size: 35KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 11KB - Virtual size: 7.2MB

.741o Size: 980KB - Virtual size: 980KB

.rsrc Size: 365KB - Virtual size: 364KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 11KB - Virtual size: 7.2MB

.741o
Size: 980KB - Virtual size: 980KB

.rsrc
Size: 365KB - Virtual size: 364KB