8561eac2850cc072e07356694361bedf_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8561eac2850cc072e07356694361bedf_JaffaCakes118
Size

118KB
MD5

8561eac2850cc072e07356694361bedf
SHA1

e6e304db4a098105e255667090e4025ee651b56f
SHA256

34ec5a6fb4dbe2846307b9ae1774bc0795750c6a24a51d22d1fd8c3b167aa3c6
SHA512

795ca9e8c10657ff30bd78a33cc1adebbb9fcf01f6512369b3370297549356f23f2430d08fa3f3b9bb1ee6db99bd592b03f1c0133f7d82c5d7ac09bf419f533d
SSDEEP

3072:RxuoxCAim7ocx3+BwOfd5sZLisoMQt/dj3QkReyjyGjBtG:RxOm7ocQBws5GisoMQNdDLReyjyaB4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
8561eac2850cc072e07356694361bedf_JaffaCakes118

Files

8561eac2850cc072e07356694361bedf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

404e0be0d9aed81c5752c41ecd500876

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

clusapi

ClusterRegQueryInfoKey

shell32

ord179

advapi32

RegEnumValueW
GetCurrentHwProfileA
AddAuditAccessAce
IsValidSid
CryptSetProviderExA
LookupAccountNameW
LookupPrivilegeNameA
RegOpenCurrentUser

msvcrt

abort
iswspace
mbstowcs
memcpy
memset
putc
rand

kernel32

BackupWrite
lstrcpynA
RaiseException
CreateMailslotA
lstrcatA
GetBinaryTypeA
GetProcessHeaps
_lcreat
lstrcmpA
QueueUserWorkItem
GetCurrencyFormatW
FillConsoleOutputCharacterA
GetProcessWorkingSetSize
GetTimeZoneInformation
FatalExit
OpenEventW
GetOverlappedResult
SetConsoleWindowInfo
ExitThread
VirtualFree
SetLocalTime
RegisterWaitForSingleObjectEx
LocalSize
ReadConsoleOutputW
GetCPInfoExW
BackupRead
ReplaceFileW
EnumDateFormatsExA
VirtualLock
AddAtomA
GetModuleHandleA
CreateFileA
GetFileSize
CloseHandle
CreateFileMappingA
MapViewOfFile
GetCommandLineA
GetModuleFileNameA
UnmapViewOfFile
LoadLibraryA
GetProcAddress
EnumResourceNamesA
GetCompressedFileSizeA
ReadFile
SetHandleCount
VirtualQuery
LocalAlloc
LocalFree
FreeLibrary
InterlockedExchange
IsDBCSLeadByteEx
GetLastError

user32

OpenDesktopA
SwitchToThisWindow
DlgDirSelectComboBoxExA
ReleaseDC
GetDCEx
MapVirtualKeyExA
DefMDIChildProcW
GetWindowLongA
OpenIcon
GetClassInfoW
SetCaretBlinkTime
GetKeyboardLayoutList
GetSystemMetrics
SendMessageW

gdi32

ColorCorrectPalette
FlattenPath
CreateBrushIndirect
AddFontResourceA
SetMapMode
GetICMProfileA
SetMetaFileBitsEx
StretchDIBits
SetLayout
GetPixel
CreateEnhMetaFileA
DescribePixelFormat
ChoosePixelFormat
CreateColorSpaceW
GetEnhMetaFileA

shlwapi

PathIsNetworkPathW
SHQueryValueExA
PathMakePrettyA
SHSkipJunction
AssocQueryStringA
PathBuildRootA
StrStrIW

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata1
Size: 512B - Virtual size: 369B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata0
Size: 1024B - Virtual size: 701B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

QMst6
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

404e0be0d9aed81c5752c41ecd500876

Headers

File Characteristics

Imports

clusapi

shell32

advapi32

msvcrt

kernel32

user32

gdi32

shlwapi

Sections

.text Size: 110KB - Virtual size: 109KB

.idata1 Size: 512B - Virtual size: 369B

.idata0 Size: 1024B - Virtual size: 701B

QMst6 Size: 3KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 4KB

.text
Size: 110KB - Virtual size: 109KB

.idata1
Size: 512B - Virtual size: 369B

.idata0
Size: 1024B - Virtual size: 701B

QMst6
Size: 3KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 4KB