2da254009df1727919480901a08b16c5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2da254009df1727919480901a08b16c5_JaffaCakes118
Size

1015KB
MD5

2da254009df1727919480901a08b16c5
SHA1

c635ee50fc17427ed1fd5e23c2c9cb2feb353e5b
SHA256

223b3e093ff5ff09311a94d70d84535496f038b6124187522a2ffa7c6dfba474
SHA512

773ef205841d25cced3ef574c4805421cd152ab055e9cdaae7f5585baf70207e39529ff509b42adad133d49d8c8ea29a413430c19de2ff9358498d839add76b5
SSDEEP

24576:nBYwBjMr0i398Mr7NGqYDzRiVf84h2pZ:Bit/8q6zirm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2da254009df1727919480901a08b16c5_JaffaCakes118

Files

2da254009df1727919480901a08b16c5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0cc664590c871432c84be6a536f3932b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
ExitProcess
GetCurrentThreadId
GetLastError
EnterCriticalSection
LeaveCriticalSection
LoadResource
ReadFile
FindClose
CloseHandle
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
GetModuleFileNameW
CreateProcessW
ExpandEnvironmentStringsW
FindResourceExW
GetSystemDirectoryW
FindFirstFileW
GetOEMCP
CompareStringW
GetThreadLocale
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapFree
TlsAlloc
SetLastError
TlsGetValue
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
InitializeCriticalSection
GetCPInfo
GetACP
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
HeapAlloc
VirtualAlloc
TlsSetValue
LocalAlloc

oleaut32

SafeArrayGetLBound
SafeArrayAccessData
SafeArrayGetElement
SafeArrayPutElement
VariantInit
VariantCopy
VariantChangeType
VariantChangeTypeEx
VarI4FromStr
VarDateFromStr
VarBstrFromDate
VarBoolFromStr
VarNeg
LoadTypeLi
CreateErrorInfo
SafeArrayCreate
SysStringLen
SysFreeString
SysAllocStringLen

advapi32

RegCloseKey
RegQueryInfoKeyW
RegEnumValueW

shlwapi

StrChrW
StrCmpNIW
StrStrW
PathBuildRootW
PathFindFileNameW
PathIsRootW
PathIsNetworkPathW
PathRemoveBlanksW
PathSkipRootW
PathStripPathW
PathStripToRootW
SHDeleteEmptyKeyW
SHDeleteKeyW
SHDeleteValueW
AssocCreate

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 939KB - Virtual size: 8.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0cc664590c871432c84be6a536f3932b

Headers

File Characteristics

Imports

kernel32

oleaut32

advapi32

shlwapi

Sections

.text Size: 60KB - Virtual size: 60KB

.data Size: 939KB - Virtual size: 8.2MB

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 12KB - Virtual size: 15KB

.text
Size: 60KB - Virtual size: 60KB

.data
Size: 939KB - Virtual size: 8.2MB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 12KB - Virtual size: 15KB