7879347e135cf1ca1c90115c9050cd9e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7879347e135cf1ca1c90115c9050cd9e_JaffaCakes118
Size

1.2MB
MD5

7879347e135cf1ca1c90115c9050cd9e
SHA1

05cac80fbb4373d6ec8f00f7267a2d50b4c1a50b
SHA256

36a76d71aef07ec9104d385dcb77503b08b33975bd6fc2af7a4fb1e0a6d42295
SHA512

08cbb88b6f7f693836ec6c6453be70cc0fa33f9f81ad5a5d4b7f0bee2e2c34acd1db5d51466d25d199b3f1c543405e3d28d81fd150864c908b444506fea45aa7
SSDEEP

24576:w++aDylwZOLOm8b0BcC7qFGMtlXpFhqYPRw7WNd7j:wyygOVs0BcC7qF/Xpr93

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7879347e135cf1ca1c90115c9050cd9e_JaffaCakes118

Files

7879347e135cf1ca1c90115c9050cd9e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f3d8d7ad5f67ce5315b1a62c950da821

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

ExpandEnvironmentStringsForUserW

kernel32

WriteConsoleW
GetProcAddress
GetVersion
VirtualAlloc
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetCurrentProcess
GetEnvironmentStringsW
GetCurrentThreadId
GetLastError
FindClose
CloseHandle
GetLocalTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FormatMessageW
GetModuleFileNameW
GetModuleHandleW
CreateProcessW
GetCommandLineW
ExpandEnvironmentStringsW
GetFullPathNameW
FindFirstFileW
FindNextFileW
GetACP
MultiByteToWideChar
CompareStringW
GetThreadLocale
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LCMapStringW
GetStringTypeW
OutputDebugStringW
RtlUnwind
LoadLibraryExW
IsProcessorFeaturePresent
IsDebuggerPresent
GetCPInfo
GetOEMCP
IsValidCodePage
SetLastError
CreateFileW
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EnterCriticalSection
LeaveCriticalSection

oleaut32

SetErrorInfo
SysStringLen
GetErrorInfo
SafeArrayRedim
VariantChangeType

uxtheme

CloseThemeData
DrawThemeBackground
SetWindowTheme
GetWindowTheme
OpenThemeData

mpr

WNetGetLastErrorW
WNetOpenEnumW

shell32

DragAcceptFiles
CommandLineToArgvW
SHGetDesktopFolder
SHBrowseForFolderW
ExtractIconExW
Shell_NotifyIconW
SHGetMalloc

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 750KB - Virtual size: 749KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 6.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3d8d7ad5f67ce5315b1a62c950da821

Headers

File Characteristics

Imports

userenv

kernel32

oleaut32

uxtheme

mpr

shell32

Sections

.text Size: 61KB - Virtual size: 60KB

.rdata Size: 750KB - Virtual size: 749KB

.data Size: 9KB - Virtual size: 6.7MB

.rsrc Size: 362KB - Virtual size: 361KB

.text
Size: 61KB - Virtual size: 60KB

.rdata
Size: 750KB - Virtual size: 749KB

.data
Size: 9KB - Virtual size: 6.7MB

.rsrc
Size: 362KB - Virtual size: 361KB