68072c305cca95ef04ec9c3efb23c9bf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

68072c305cca95ef04ec9c3efb23c9bf_JaffaCakes118
Size

1.5MB
MD5

68072c305cca95ef04ec9c3efb23c9bf
SHA1

4b9ed0330bf13015cba0c34536982e65b74a0f00
SHA256

edbbd2523c98b0e8f5f937384faad33da42272d3e89007b4a77607dec1e960e4
SHA512

9dc9b7fca2338c8ebc9aa27712f495c9648505de4e02b856f28b9dd9ccdd4f3802cbfd05973a9683d17b3803103bb40c7f66ddb0a86d800dce82bb36884be9fa
SSDEEP

24576:FZIP8xfJ25d+vrBiR+t0s4MdLKtNrTCJ+wuOXEUbr2YL6:F/q5d+h3KFCU276

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68072c305cca95ef04ec9c3efb23c9bf_JaffaCakes118

Files

68072c305cca95ef04ec9c3efb23c9bf_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1b0f4a7d76d8a1cbfb0ae06f8f7c9ef5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext
CryptCATCatalogInfoFromContext
WTHelperGetProvSignerFromChain
CryptCATAdminEnumCatalogFromHash

advapi32

RegisterTraceGuidsW

kernel32

SetStdHandle
CloseHandle
GetConsoleCP
FlushFileBuffers
GetConsoleMode
WriteConsoleW
GetProcessHeap
GetLocalTime
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
InterlockedIncrement
CreateMutexW
GlobalFree
LockResource
GlobalAlloc
VirtualAlloc
GetProcessId
IsDebuggerPresent
LoadResource
WriteFile
SetFilePointerEx
GetModuleHandleW
GlobalFindAtomW
FindFirstFileExW
ReplaceFileW
VerifyVersionInfoW
GetCPInfo
LCMapStringW
GetCommandLineW
RaiseException
IsProcessorFeaturePresent
EncodePointer
GetLastError
SetLastError
GetCurrentThreadId
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
IsValidCodePage
GetACP
GetOEMCP
EnterCriticalSection
LeaveCriticalSection
HeapFree
LoadLibraryExW
RtlUnwind
OutputDebugStringW
GetStringTypeW
HeapAlloc
HeapReAlloc
HeapSize

wsock32

WSAAsyncGetHostByName

userenv

LoadUserProfileW
ExpandEnvironmentStringsForUserW

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 827KB - Virtual size: 49.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.46th0
Size: 677KB - Virtual size: 676KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b0f4a7d76d8a1cbfb0ae06f8f7c9ef5

Headers

File Characteristics

Imports

wintrust

advapi32

kernel32

wsock32

userenv

Sections

.text Size: 57KB - Virtual size: 56KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 827KB - Virtual size: 49.1MB

.46th0 Size: 677KB - Virtual size: 676KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 57KB - Virtual size: 56KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 827KB - Virtual size: 49.1MB

.46th0
Size: 677KB - Virtual size: 676KB

.rsrc
Size: 2KB - Virtual size: 1KB