70cfbed15393b51dd5e392f40ac7aa17_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

70cfbed15393b51dd5e392f40ac7aa17_JaffaCakes118
Size

1.1MB
MD5

70cfbed15393b51dd5e392f40ac7aa17
SHA1

3f40cbd195a8549d62856792eed86d20890c6e9d
SHA256

6ea537f876d6eee3e8946c305adb1b0ecf88d7cfee41a8ff25e9c7e024543f25
SHA512

1807e1d22facaadf26a6f9be98ed0e4a6cdf529a9b33f1b45ca217ee9050fc777dc1550b27a56b9baa17d76a4c8b86ab1ebf3c0cbc1f4a18e04bda5e0d9480ab
SSDEEP

24576:z1tfttGUs3zhiHhfqQCA1oeR4Gl2ZRVi:xtftDtAQPzWi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70cfbed15393b51dd5e392f40ac7aa17_JaffaCakes118

Files

70cfbed15393b51dd5e392f40ac7aa17_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ab087e201db3f9d0095b943464aa1e2b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
VirtualAlloc
HeapAlloc
HeapFree
HeapSize
GetCurrentThreadId
GetLastError
DeleteCriticalSection
WaitForMultipleObjects
GetFileSize
ReadFile
CloseHandle
MulDiv
GetModuleFileNameW
ExpandEnvironmentStringsW
GetSystemDirectoryW
FindNextFileW
MultiByteToWideChar
CompareStringW
LCMapStringW
GetThreadLocale
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
HeapReAlloc
OutputDebugStringW
RtlUnwind
LoadLibraryExW
IsProcessorFeaturePresent
IsDebuggerPresent
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
GetCommandLineW
SetLastError
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
GetStartupInfoW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateFileW

setupapi

SetupDiCallClassInstaller
SetupGetFieldCount
SetupCloseFileQueue
SetupDiOpenDeviceInfoW
CM_Get_DevNode_Status
SetupDiGetActualSectionToInstallW
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceRegistryPropertyW
SetupDiEnumDriverInfoW
SetupDiGetClassDevsW
SetupDiGetSelectedDriverW
SetupFindNextLine

wintrust

CryptCATAdminCalcHashFromFileHandle
WTHelperGetProvSignerFromChain
CryptCATCatalogInfoFromContext
WTHelperGetProvCertFromChain

oleaut32

SetErrorInfo
RegisterTypeLi
VarNeg
VarDateFromStr
VarR8FromStr
VariantChangeType
VariantCopy
VariantClear
SysStringLen
SysFreeString
SysReAllocStringLen

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 975KB - Virtual size: 7.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab087e201db3f9d0095b943464aa1e2b

Headers

File Characteristics

Imports

kernel32

setupapi

wintrust

oleaut32

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 975KB - Virtual size: 7.9MB

.rsrc Size: 14KB - Virtual size: 15KB

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 975KB - Virtual size: 7.9MB

.rsrc
Size: 14KB - Virtual size: 15KB