3bb08784ca43d644f60fd9408de9133f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3bb08784ca43d644f60fd9408de9133f_JaffaCakes118
Size

590KB
MD5

3bb08784ca43d644f60fd9408de9133f
SHA1

08b4199debe88d9b73a3dbe506ce7c6249537c39
SHA256

9f641227b8e5e176b29630376a125949b22389b07253b664a44371642f1dc400
SHA512

3ee94f28d095e46a0dee39a157ab122e2e3d67b3b3254a6dc50e3bd63f7141e1a4684f8eb51f560e47245ff8957ad5346f99b789264ab55a237c293cc1ea24e9
SSDEEP

12288:oguxN5Hef7wWHX+IuNEFVqhJuWYI17c8Z7zo1N9i:8N5+f7t3cEFVq5Y0wu7zos

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
3bb08784ca43d644f60fd9408de9133f_JaffaCakes118

Files

3bb08784ca43d644f60fd9408de9133f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

631e2d4578e5677fbfae05984f6ec325

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegReplaceKeyW
RegCreateKeyExA
LogonUserW
RegSaveKeyW
OpenEventLogA
RegOpenKeyA
RegEnumKeyA
RegUnLoadKeyW
OpenServiceA
RegDeleteValueA

cmpbk32

PhoneBookEnumNumbers
PhoneBookFreeFilter
PhoneBookLoad
PhoneBookCopyFilter
PhoneBookEnumCountries

dsprop

CrackName
CheckADsError

untfs

Format
FormatEx
Recover

shlwapi

UrlUnescapeW
UrlHashA
UrlCombineW
PathCombineA
UrlGetLocationW
UrlIsA
UrlIsNoHistoryW
UrlCompareA
UrlCanonicalizeW
UrlGetPartA
PathCompactPathW
PathCommonPrefixW

crypt32

CertCompareCertificate
CertRemoveStoreFromCollection
CertOpenStore
CertSaveStore
CertAlgIdToOID
CertGetNameStringA
CertDeleteCRLFromStore
CertFindChainInStore
CertFindCRLInStore
CertNameToStrA
CertDuplicateCRLContext
CryptEnumOIDInfo

clusapi

ClusterEnum
CloseClusterNode
CloseCluster
CloseClusterGroup

kernel32

FindNextFileA
GetModuleHandleA
FindClose
WriteConsoleA
lstrcmp
GetProcAddress
CreateProcessW
GetFileAttributesA
FindFirstFileW
CreateJobObjectA
GetConsoleTitleW
lstrcpy
CreateDirectoryA
OpenProcess
OpenThread
GetLogicalDriveStringsW
lstrcmpiA
WaitForSingleObject
DeleteFileA
GetCommandLineA
GetEnvironmentVariableW
GetPriorityClass
GetTempFileNameA
LoadLibraryA
CreateFileMappingW
FileTimeToSystemTime

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lock
Size: 523KB - Virtual size: 523KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

631e2d4578e5677fbfae05984f6ec325

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

cmpbk32

dsprop

untfs

shlwapi

crypt32

clusapi

kernel32

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 21KB - Virtual size: 20KB

.lock Size: 523KB - Virtual size: 523KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 21KB - Virtual size: 20KB

.lock
Size: 523KB - Virtual size: 523KB

.rsrc
Size: 2KB - Virtual size: 1KB