5e78e42ac638194bd87f65578bdea8e5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5e78e42ac638194bd87f65578bdea8e5_JaffaCakes118
Size

1.4MB
MD5

5e78e42ac638194bd87f65578bdea8e5
SHA1

a66ef05d937937cd50d3dcfb773a3ed510a4753b
SHA256

55b3a884aec33d5f8a0c75f21e429ba68c3ca804a2dcae55f21acf6bd39cd207
SHA512

b701cf383ee392898a7e06c232ebfd356b6be4e3eaff97958a179ef1d921a5543880e91954f3925107a5513d09a4eb5b84dce6ec6f67f37d6e9951ca09e0cfda
SSDEEP

24576:OzdiaNj6ZIgkChIAmFPfMN0RNXGrTb5Duvva86ULwm:wiaNj4wAm1L+Or

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e78e42ac638194bd87f65578bdea8e5_JaffaCakes118

Files

5e78e42ac638194bd87f65578bdea8e5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d12225fef9b3823c735922e64777a049

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringW
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
CreateFileW
GetCommandLineW
CloseHandle
SetHandleCount
GetLastError
GetCurrentThreadId
GetEnvironmentStringsW
VirtualAlloc
LocalFree
GetVersion
GetProcAddress
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
HeapReAlloc
HeapAlloc
GetOEMCP
GetACP
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WriteFile
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetStdHandle
GetFileType

crypt32

CertCloseStore
CryptBinaryToStringW
CryptStringToBinaryW
CertFreeCertificateChain
CertGetCertificateChain
CryptQueryObject
CryptHashPublicKeyInfo
CryptAcquireCertificatePrivateKey
CertFindExtension
CertVerifyTimeValidity
CryptHashCertificate
CertGetPublicKeyLength
CertGetEnhancedKeyUsage
CertControlStore
CertAddStoreToCollection
CertAddCertificateContextToStore
CryptEncodeObjectEx
CryptDecodeObjectEx
CryptDecodeObject
CryptEnumOIDInfo
CryptMsgClose
CertEnumCertificatesInStore
CertCreateCertificateContext
CertFreeCertificateContext
CertSetCertificateContextProperty
CertAddEncodedCertificateToStore

shlwapi

PathIsNetworkPathW
AssocCreate
SHSetValueW
SHDeleteKeyW
PathSkipRootW
PathRemoveBlanksW
PathRemoveBackslashW
PathIsURLW
PathIsUNCServerW
StrCmpNIW
PathCanonicalizeW
PathBuildRootW
SHStrDupW
StrRChrW
StrPBrkW
StrDupW
StrChrIW

secur32

FreeCredentialsHandle

oleaut32

CreateErrorInfo
GetErrorInfo
RegisterTypeLi
VarNeg
VarBstrFromBool
VarBstrFromCy
VarR8FromStr
VarI4FromStr
VariantCopy
VariantClear
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayRedim
SysStringLen
SysFreeString
SafeArrayUnaccessData

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 7.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.741o
Size: 980KB - Virtual size: 980KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 365KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d12225fef9b3823c735922e64777a049

Headers

File Characteristics

Imports

kernel32

crypt32

shlwapi

secur32

oleaut32

Sections

.text Size: 35KB - Virtual size: 35KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 11KB - Virtual size: 7.2MB

.741o Size: 980KB - Virtual size: 980KB

.rsrc Size: 365KB - Virtual size: 364KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 11KB - Virtual size: 7.2MB

.741o
Size: 980KB - Virtual size: 980KB

.rsrc
Size: 365KB - Virtual size: 364KB