432fd7cb3578168af477d2614b1157b2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

432fd7cb3578168af477d2614b1157b2_JaffaCakes118
Size

1.1MB
MD5

432fd7cb3578168af477d2614b1157b2
SHA1

b71d4dfc2f3aa5d875484ac7993ac68a9aa8ad4e
SHA256

181ba8e03ea06891b0dc368d169baea46c0136fc0525448be990a7ed851f2445
SHA512

66807ca3b124aa3180f95092b7f9fbf3ea3dd3652d00a8856a4292a4b989824abec7c5c6c502288c3a8a5bc1e6626a0c0abf86298e12934a1ed853a4831e8e54
SSDEEP

24576:+n5TylcQoNFvWtstUj/RStL7t5VNPTgP8vGMO:i5TylcDrN2jpU4PtH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
432fd7cb3578168af477d2614b1157b2_JaffaCakes118

Files

432fd7cb3578168af477d2614b1157b2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

603ee7989586f8931a031c2a9389f142

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
HeapFree
HeapSize
GetCurrentProcess
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentThreadId
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FindClose
CloseHandle
SystemTimeToTzSpecificLocalTime
lstrcmpW
CreateEventW
OpenFileMappingW
FindFirstFileExW
FindFirstFileW
AreFileApisANSI
QueryPerformanceCounter
GetACP
HeapDestroy
WideCharToMultiByte
EnumSystemLocalesW
GetConsoleWindow
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LCMapStringW
GetStringTypeW
HeapReAlloc
OutputDebugStringW
LoadLibraryExW
VirtualAlloc
LocalFree
GetVersion
GetProcAddress
GetCPInfo
RtlUnwind
IsDebuggerPresent
GetOEMCP
CreateFileW
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
GetCommandLineW
IsProcessorFeaturePresent
SetLastError
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetProcessHeap
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameW
WriteFile
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW

user32

CreateWindowExW
SendMessageTimeoutW
GetMessagePos
GetCursorInfo
MapDialogRect
IsDialogMessageW
DrawIconEx
GetClassNameW
GetWindowLongW
PtInRect
GetWindowTextW
EnableScrollBar
BeginPaint
GetDCEx
CharLowerW
CharUpperW
BringWindowToTop

advapi32

RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
OpenSCManagerW

psapi

GetModuleBaseNameW

mpr

WNetOpenEnumW
WNetGetLastErrorW

wintrust

CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle
WTHelperProvDataFromStateData

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1001KB - Virtual size: 7.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

603ee7989586f8931a031c2a9389f142

Headers

File Characteristics

Imports

kernel32

user32

advapi32

psapi

mpr

wintrust

Sections

.text Size: 68KB - Virtual size: 68KB

.data Size: 1001KB - Virtual size: 7.6MB

.idata Size: 3KB - Virtual size: 2KB

.xdata Size: 5KB - Virtual size: 8KB

.text
Size: 68KB - Virtual size: 68KB

.data
Size: 1001KB - Virtual size: 7.6MB

.idata
Size: 3KB - Virtual size: 2KB

.xdata
Size: 5KB - Virtual size: 8KB