34456870e5d138606085704b3099a6eb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

34456870e5d138606085704b3099a6eb_JaffaCakes118
Size

1.1MB
MD5

34456870e5d138606085704b3099a6eb
SHA1

b40c58fe6dbaec680434f80bdfdc6654a9b28c41
SHA256

066093793651416187dec8cd99678798d3050089d5ce4b72e86fa29415460759
SHA512

d9e339a1073399838112076d3f042de493e4f86413efbb50eb41c01176c35cae95be0e7cc8be1e96f3070793a87c393f561e9331bcc42fb3885e24e19cd520e6
SSDEEP

24576:z1YXDTqraVOVGqn8M5eRrr5riwZYgg4Gl2ZRVw:xsmow3arrdtyWw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34456870e5d138606085704b3099a6eb_JaffaCakes118

Files

34456870e5d138606085704b3099a6eb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ab087e201db3f9d0095b943464aa1e2b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
VirtualAlloc
HeapAlloc
HeapFree
HeapSize
GetCurrentThreadId
GetLastError
DeleteCriticalSection
WaitForMultipleObjects
GetFileSize
ReadFile
CloseHandle
MulDiv
GetModuleFileNameW
ExpandEnvironmentStringsW
GetSystemDirectoryW
FindNextFileW
MultiByteToWideChar
CompareStringW
LCMapStringW
GetThreadLocale
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
HeapReAlloc
OutputDebugStringW
RtlUnwind
LoadLibraryExW
IsProcessorFeaturePresent
IsDebuggerPresent
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
GetCommandLineW
SetLastError
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
GetStartupInfoW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateFileW

setupapi

SetupDiCallClassInstaller
SetupGetFieldCount
SetupCloseFileQueue
SetupDiOpenDeviceInfoW
CM_Get_DevNode_Status
SetupDiGetActualSectionToInstallW
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceRegistryPropertyW
SetupDiEnumDriverInfoW
SetupDiGetClassDevsW
SetupDiGetSelectedDriverW
SetupFindNextLine

wintrust

CryptCATAdminCalcHashFromFileHandle
WTHelperGetProvSignerFromChain
CryptCATCatalogInfoFromContext
WTHelperGetProvCertFromChain

oleaut32

SetErrorInfo
RegisterTypeLi
VarNeg
VarDateFromStr
VarR8FromStr
VariantChangeType
VariantCopy
VariantClear
SysStringLen
SysFreeString
SysReAllocStringLen

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 975KB - Virtual size: 7.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab087e201db3f9d0095b943464aa1e2b

Headers

File Characteristics

Imports

kernel32

setupapi

wintrust

oleaut32

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 975KB - Virtual size: 7.9MB

.rsrc Size: 14KB - Virtual size: 15KB

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 975KB - Virtual size: 7.9MB

.rsrc
Size: 14KB - Virtual size: 15KB