0f8050cc67eadf105266c85755210f25_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0f8050cc67eadf105266c85755210f25_JaffaCakes118
Size

4.9MB
MD5

0f8050cc67eadf105266c85755210f25
SHA1

a0305d00f9c890d2f5b230fd9b92544acf7ff984
SHA256

5c712a999755291a8cd0204a2e18cf876117e10074d89c8ba1f4fbafaf4fcaf0
SHA512

f5376bb72ee62a97c1bc445a95ffdb824bbacdf368257ab58d90fae400e2d78fca59deb2e78e50533294fd45e3218ff24e0f9ffe6ff1605bc813c150ef824aaf
SSDEEP

98304:AjbHezbiX27hVQVxhd1//OjO9HclpRQGieFNFBfR46:M+PiXqhVQVxZHd9WR1iqFhr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f8050cc67eadf105266c85755210f25_JaffaCakes118

Files

0f8050cc67eadf105266c85755210f25_JaffaCakes118
.exe windows:5 windows x86 arch:x86

19e70f0bbc14c19213fad36284137ebd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsAlloc
GetFileType
GetProcAddress
GetStringTypeW
UnmapViewOfFile
Sleep
DeleteCriticalSection
lstrcmpiW
GetCurrentThread
GetTempPathW
GlobalAlloc
FindFirstFileW
VirtualAllocEx
ExitProcess
CopyFileW
CreateNamedPipeW
GetConsoleWindow
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LockResource
GetSystemTimeAsFileTime
CreateFileW
LoadLibraryExW
GetEnvironmentStrings
GetSystemInfo
LeaveCriticalSection
DuplicateHandle
SetConsoleCtrlHandler
HeapCreate
HeapFree
GlobalUnlock
ReadFile
LCMapStringW
GetCommandLineW
RaiseException
EncodePointer
GetLastError
SetLastError
GetCurrentThreadId
DecodePointer
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetStartupInfoW
GetModuleFileNameW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
IsProcessorFeaturePresent
IsDebuggerPresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
EnterCriticalSection
RtlUnwind
OutputDebugStringW
HeapAlloc
HeapReAlloc
HeapSize
CloseHandle

user32

PostThreadMessageW
AnimateWindow
MoveWindow
IsCharUpperW
SetMenuDefaultItem

advapi32

FreeSid
GetTraceEnableFlags
OpenProcessToken
OpenSCManagerW
RegQueryValueExW
CloseServiceHandle
RegEnumKeyExW
SetSecurityDescriptorDacl
RegDeleteValueW
AllocateAndInitializeSid
RegisterTraceGuidsW
InitializeSecurityDescriptor

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATCatalogInfoFromContext
WinVerifyTrust
WTHelperGetProvSignerFromChain

Sections

.text
Size: 510KB - Virtual size: 510KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 85.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nLfo
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.S3uooT
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19e70f0bbc14c19213fad36284137ebd

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wintrust

Sections

.text Size: 510KB - Virtual size: 510KB

.data Size: 1.1MB - Virtual size: 85.6MB

.idata Size: 3KB - Virtual size: 2KB

.xdata Size: 1024B - Virtual size: 724B

.nLfo Size: 1.3MB - Virtual size: 1.3MB

.S3uooT Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 24KB - Virtual size: 24KB

.text
Size: 510KB - Virtual size: 510KB

.data
Size: 1.1MB - Virtual size: 85.6MB

.idata
Size: 3KB - Virtual size: 2KB

.xdata
Size: 1024B - Virtual size: 724B

.nLfo
Size: 1.3MB - Virtual size: 1.3MB

.S3uooT
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 24KB - Virtual size: 24KB