86a1ff692d9443774b652b5e47870d0b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

86a1ff692d9443774b652b5e47870d0b_JaffaCakes118
Size

2.4MB
MD5

86a1ff692d9443774b652b5e47870d0b
SHA1

430d7c72d1e9af6b88c56ea0ec3c6198f4616e6c
SHA256

77a4d624098d9221c9e8fb432714c06c36173352476ca3bfa49a8309846b4403
SHA512

c19ac85cd5ae7d370b52a7e771dc7b729c856d1af56333b05bbd5652f2879454633fc520e22108bfbd81d2e8b4c9d3f4ab42481d6570c1de1f54a11ef36becd6
SSDEEP

24576:7+7FlNyOeRKoi+cr+vT4caagHukph07pqwQz74ssVw7:7+7FuWR+Cm4cjgOL7QwG17

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
86a1ff692d9443774b652b5e47870d0b_JaffaCakes118

Files

86a1ff692d9443774b652b5e47870d0b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7e01e97a1902e6972cf39c78289fcdd4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VarBstrFromCy
SysFreeString
SysStringLen
SafeArrayRedim
SafeArrayGetLBound
SafeArrayPutElement
SafeArrayPtrOfIndex
CreateErrorInfo
GetErrorInfo
SetErrorInfo
RegisterTypeLi
LoadTypeLi
VarBoolFromStr
VarBstrFromBool
VarBstrFromDate
SysAllocStringLen
VarCyFromStr
VarDateFromStr
VarR8FromStr
VarI4FromStr
VariantChangeTypeEx
VariantChangeType
VariantCopyInd
VariantClear
VariantInit

shell32

SHGetMalloc
DragAcceptFiles

kernel32

EncodePointer
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LCMapStringW
HeapSize
GetStringTypeW
HeapReAlloc
HeapAlloc
OutputDebugStringW
RtlUnwind
LoadLibraryExW
IsProcessorFeaturePresent
IsDebuggerPresent
GetCPInfo
GetOEMCP
GetACP
HeapFree
GetProcAddress
GlobalFree
VirtualAlloc
HeapDestroy
GetCurrentProcessId
ExitProcess
GetCurrentThreadId
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
CloseHandle
MulDiv
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
LoadLibraryW
GetStartupInfoW
FindResourceExW
FindNextFileW
IsValidCodePage
GetUserDefaultLCID
GetModuleHandleW
GetCommandLineW
SetLastError
CreateFileW
DecodePointer
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetModuleFileNameW
WriteFile
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

secur32

FreeContextBuffer

psapi

GetDeviceDriverFileNameW

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.o76e
Size: 408KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e01e97a1902e6972cf39c78289fcdd4

Headers

File Characteristics

Imports

oleaut32

shell32

kernel32

secur32

psapi

Sections

.text Size: 89KB - Virtual size: 88KB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 4KB - Virtual size: 5.4MB

.o76e Size: 408KB - Virtual size: 408KB

.rsrc Size: 24KB - Virtual size: 24KB

.text
Size: 89KB - Virtual size: 88KB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 4KB - Virtual size: 5.4MB

.o76e
Size: 408KB - Virtual size: 408KB

.rsrc
Size: 24KB - Virtual size: 24KB