483276f997a0f0107f179c4f997c0510_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

483276f997a0f0107f179c4f997c0510_JaffaCakes118
Size

865KB
MD5

483276f997a0f0107f179c4f997c0510
SHA1

efcd866e19713ae61bb244dfe26ff03459555f62
SHA256

48dd5d66b436e2ac50f5a63434cc6ed1ba0ff9de3e388b2f2a98a0057bd2ebbc
SHA512

3cef30ff0f45cbf2390c5fd605b64cd652c0aca2a3d2df0aa959610a3010bcc9b43162f8c1cc2922bba7c59c301d6d7232f2f16f177580bdb0c1c96ed1938ff2
SSDEEP

24576:hzzKD2Z9N1e1Gn/MqSmcH3Lyc9ivDCjeiKI:h02bn/F67ycIrqeiKI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
483276f997a0f0107f179c4f997c0510_JaffaCakes118

Files

483276f997a0f0107f179c4f997c0510_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7df5564b59735cd968dc2e9de9e376aa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
GetCPInfo
WideCharToMultiByte
CompareStringW
CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
FindFirstFileW
HeapSize
GetStringTypeW
HeapReAlloc
HeapAlloc
OutputDebugStringW
RtlUnwind
LoadLibraryExW
IsProcessorFeaturePresent
IsDebuggerPresent
GetACP
IsValidCodePage
GetFileAttributesW
FindResourceW
LoadLibraryW
FormatMessageW
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
FindClose
SetFilePointer
WriteFile
GetLastError
GetCurrentThreadId
GetEnvironmentStringsW
GetCurrentProcessId
HeapFree
GetProcAddress
VirtualAlloc
GlobalUnlock
GlobalLock
LCMapStringW
GetCommandLineW
SetLastError
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameW
QueryPerformanceCounter
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
CreateFileW

oleaut32

SysAllocStringLen
SysReAllocStringLen
CreateErrorInfo
GetErrorInfo
SetErrorInfo
RegisterTypeLi
VarNot
VarNeg
VarBstrFromDate
VarR8FromStr
VarI4FromStr
VariantChangeTypeEx
VariantChangeType
VariantCopyInd
VariantCopy
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayRedim
SafeArrayCreate
SysStringLen
SysFreeString

userenv

RegisterGPNotification
LoadUserProfileW

comdlg32

ChooseFontW
PageSetupDlgW

crypt32

CryptExportPKCS8
CertFindExtension
CryptHashCertificate
CertGetEnhancedKeyUsage
CertAddCertificateContextToStore
CertFreeCRLContext
CryptHashPublicKeyInfo
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CryptFindOIDInfo
CryptDecodeObject
CryptDecodeObjectEx
CertGetNameStringW
CertSetCertificateContextProperty
CryptExportPublicKeyInfo

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 633KB - Virtual size: 633KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.43l43
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7df5564b59735cd968dc2e9de9e376aa

Headers

File Characteristics

Imports

kernel32

oleaut32

userenv

comdlg32

crypt32

Sections

.text Size: 71KB - Virtual size: 71KB

.rdata Size: 633KB - Virtual size: 633KB

.data Size: 4KB - Virtual size: 7.0MB

.43l43 Size: 154KB - Virtual size: 154KB

.text
Size: 71KB - Virtual size: 71KB

.rdata
Size: 633KB - Virtual size: 633KB

.data
Size: 4KB - Virtual size: 7.0MB

.43l43
Size: 154KB - Virtual size: 154KB