a68d4d33adabc2757ab1acfc68d1b9f4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a68d4d33adabc2757ab1acfc68d1b9f4_JaffaCakes118
Size

931KB
MD5

a68d4d33adabc2757ab1acfc68d1b9f4
SHA1

6d6de97aabd8cd5e3ac105658603435e924d8724
SHA256

f07398b1342ffc4673930111dcf8b10b3eae1199a0c2b17bd3187f9dcbef4648
SHA512

76c77ce3db4eca7c2b9863f95f4032d25be01dfe19b743f74de37adf260c3c211722755b2cdea01708756baa52b7c7929287593da479ba40f7e6ee4ef6646369
SSDEEP

12288:5dyaS+8j/V570oe2D30oYuVXNmjzNUupicD7pO3PlwsRzooudG7hZOlbQWowirlz:AL0orbYuVdmdLn4/OsRYoNQb9i5D3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a68d4d33adabc2757ab1acfc68d1b9f4_JaffaCakes118

Files

a68d4d33adabc2757ab1acfc68d1b9f4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bfae5a697705ebda9aa35dd3cc2a6cdf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

StringFromCLSID

uxtheme

IsAppThemed
SetWindowTheme

comdlg32

FindTextW
GetSaveFileNameW
GetOpenFileNameW

kernel32

GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
RtlUnwind
GetProcAddress
GetVersion
GlobalAlloc
GlobalUnlock
GlobalFree
LocalFree
VirtualAlloc
HeapAlloc
GetCurrentProcess
GetCurrentThreadId
GetLastError
WaitForMultipleObjects
GetFileSize
ReadFile
CloseHandle
MulDiv
GetLocalTime
FileTimeToLocalFileTime
CreateMutexW
CreateFileMappingW
CreateProcessW
GetStartupInfoW
GetCommandLineW
GetTempPathW
GetFullPathNameW
CreateFileW
IsValidCodePage
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetLocaleInfoW
GetStringTypeW
LCMapStringW
HeapSize
HeapReAlloc
OutputDebugStringW
LoadLibraryExW
IsProcessorFeaturePresent
IsDebuggerPresent
GetOEMCP
GetACP
HeapFree
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
Sleep
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
WriteFile
GetModuleFileNameW
DeleteCriticalSection
GetFileType
GetStdHandle
GetProcessHeap
GetModuleHandleExW
ExitProcess
DecodePointer
EncodePointer
SetLastError

shlwapi

SHAutoComplete
AssocQueryStringW
SHSetValueW
SHGetValueW
SHDeleteValueW
SHDeleteEmptyKeyW
PathCreateFromUrlW
UrlUnescapeW
UrlIsW
UrlCanonicalizeW
PathStripToRootW
PathRemoveFileSpecW
PathRemoveExtensionW
PathRemoveBlanksW
PathRemoveBackslashW
PathParseIconLocationW
PathIsURLW
PathIsUNCServerW
PathIsNetworkPathW
PathIsRootW
PathIsRelativeW
PathIsDirectoryW
PathGetDriveNumberW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathCombineW
PathCanonicalizeW
PathBuildRootW
PathAppendW
PathAddBackslashW
SHStrDupW
StrRetToBufW
StrRetToStrW
StrCmpIW
StrCmpW
StrTrimW
StrToIntExW
StrToIntW
StrStrIW
StrStrW
StrRChrW
StrPBrkW
StrFormatByteSizeW
StrDupW
StrCmpNIW
StrCmpNW
StrChrIW
StrChrW
PathIsUNCW

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 749KB - Virtual size: 749KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 6.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bfae5a697705ebda9aa35dd3cc2a6cdf

Headers

File Characteristics

Imports

ole32

uxtheme

comdlg32

kernel32

shlwapi

Sections

.text Size: 70KB - Virtual size: 70KB

.rdata Size: 749KB - Virtual size: 749KB

.data Size: 11KB - Virtual size: 6.7MB

.rsrc Size: 99KB - Virtual size: 98KB

.text
Size: 70KB - Virtual size: 70KB

.rdata
Size: 749KB - Virtual size: 749KB

.data
Size: 11KB - Virtual size: 6.7MB

.rsrc
Size: 99KB - Virtual size: 98KB