61f3b61575cc90c7db2686d320fa4439_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

61f3b61575cc90c7db2686d320fa4439_JaffaCakes118
Size

531KB
MD5

61f3b61575cc90c7db2686d320fa4439
SHA1

350e0b794c83fdcf8a8bbec02ee682033db14b84
SHA256

5dc0f529ac8a6f496fbf3991cb3b5039f8f651f43eab29aae6f6d8fd2f520077
SHA512

19cf600f2522652df570f2a6f9c43084a8f50e1fdf8bc0607b30f9ac11dba708073441ee00530d233287c4887f60d87550fa599d42852a37e416e9351c182622
SSDEEP

6144:JYNhVJ7awKCjTWVNkVWXbVVlV3sxKtEO34av4SNFMQ3Gg5iIoPcofLXqFVDJo:khregjaVm85VqKGoMa5do3DXqFVDK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61f3b61575cc90c7db2686d320fa4439_JaffaCakes118

Files

61f3b61575cc90c7db2686d320fa4439_JaffaCakes118
.exe windows:5 windows x64 arch:x64

e76d003310d20efdac253f2970d40507

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shlwapi

PathFindFileNameA

kernel32

CreateFileA
DeleteFileA
FindClose
FindFirstFileA
FindNextFileA
GetFileAttributesA
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
CloseHandle
GetLastError
CopyFileA
MoveFileExA
DebugBreak
WaitForSingleObject
CreateMutexA
GetCommandLineA
GetProcessTimes
TerminateProcess
GetCurrentThread
OpenProcess
GetSystemTimeAsFileTime
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
DuplicateHandle
ReleaseMutex
GetCurrentProcess
GetCurrentProcessId
CreateThread
SetThreadPriority
SuspendThread
ResumeThread
GetModuleFileNameA
RtlUnwind
GetLocalTime
ExitThread
CreateDirectoryA
Sleep
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
FreeLibraryAndExitThread
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
CreateFileW
GetFileType
GetDriveTypeW
GetFullPathNameA
HeapSize
ReadFile
GetStdHandle
WriteFile
GetACP
HeapReAlloc
GetDateFormatW
GetTimeFormatW
HeapAlloc
HeapFree
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
GetTimeZoneInformation
ReadConsoleW
GetCurrentDirectoryW
GetProcessHeap
SetConsoleCtrlHandler
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
OpenThread
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetVersionExA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
InitializeCriticalSection
CreateEventA
WaitForMultipleObjects
GetThreadContext
GetModuleHandleA
GetEnvironmentVariableA
GetCurrentDirectoryA
LoadLibraryA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

user32

GetWindowTextA
GetForegroundWindow
GetClassNameA
GetWindowThreadProcessId

Sections

.text
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e76d003310d20efdac253f2970d40507

Headers

DLL Characteristics

File Characteristics

Imports

version

shlwapi

kernel32

advapi32

user32

Sections

.text Size: 294KB - Virtual size: 294KB

.rdata Size: 112KB - Virtual size: 111KB

.data Size: 3KB - Virtual size: 8.0MB

.pdata Size: 12KB - Virtual size: 12KB

_RDATA Size: 68KB - Virtual size: 67KB

.rsrc Size: 37KB - Virtual size: 36KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 294KB - Virtual size: 294KB

.rdata
Size: 112KB - Virtual size: 111KB

.data
Size: 3KB - Virtual size: 8.0MB

.pdata
Size: 12KB - Virtual size: 12KB

_RDATA
Size: 68KB - Virtual size: 67KB

.rsrc
Size: 37KB - Virtual size: 36KB

.reloc
Size: 3KB - Virtual size: 2KB