a82dcac50801d16ca52f42641809582f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a82dcac50801d16ca52f42641809582f_JaffaCakes118
Size

103KB
MD5

a82dcac50801d16ca52f42641809582f
SHA1

a1d9c1a5dfe8ec41bb423def6d14fa2eb0d414a5
SHA256

5b232501bbc006daa17a993f25d50c893e0d8ca7259249f2330a30a71e20796e
SHA512

567e9b5cca4b759473ec5309a644c4cfb15d1644bd7fcf8193dce979f1a0b0fe3ce15330e2ba8b1a5594947b8fc6d07bf32e18472e8594459c297e4a5fafe7e0
SSDEEP

1536:RkXz94BphxBztxv2AM7TINefjDaaMmdWh0Sn3b2UJV1WI2PoTg4QBBV:RkXiBDntRG+ebDzMlhvNJyIyUH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a82dcac50801d16ca52f42641809582f_JaffaCakes118

Files

a82dcac50801d16ca52f42641809582f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e15d040105a6bbb612069535001b6edc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

untfs

Format
FormatEx
Recover
Chkdsk

user32

GetClassLongW
FindWindowA
LoadIconW
InsertMenuW
IsDialogMessageA
IsCharLowerW
PeekMessageA
PostMessageW
GetMessageA
CharToOemW
CreateDesktopA

wtsapi32

WTSEnumerateSessionsW
WTSEnumerateProcessesA
WTSVirtualChannelPurgeInput

kernel32

OpenFileMappingA
VirtualProtectEx
TlsSetValue
GetCurrentThreadId
InterlockedDecrement
GetCurrentDirectoryA
CreateMailslotW
ExitProcess
FindResourceA
GetSystemTime
WaitForSingleObject
VirtualQuery
SetCurrentDirectoryA
CreateJobObjectA
FindAtomA
TlsAlloc
CloseHandle
OpenSemaphoreA
GetShortPathNameA
CreateFileA
LoadLibraryExW
AllocConsole
GetACP
VirtualAlloc
LoadLibraryA
WriteConsoleW
GetStdHandle
CreateSemaphoreA
QueryDosDeviceW
CreateMutexA
UnmapViewOfFile
AddAtomA
ReadFile

cmpbk32

PhoneBookEnumNumbers
PhoneBookLoad
PhoneBookCopyFilter
PhoneBookEnumCountries
PhoneBookFreeFilter

shlwapi

UrlUnescapeA
PathCompactPathA
PathCompactPathA
UrlCanonicalizeA
UrlGetPartA
UrlHashW
UrlIsW
PathCombineA
UrlCombineA
UrlEscapeA
PathCommonPrefixW
PathIsURLW

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.qdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.relc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e15d040105a6bbb612069535001b6edc

Headers

DLL Characteristics

File Characteristics

Imports

untfs

user32

wtsapi32

kernel32

cmpbk32

shlwapi

Sections

.text Size: 27KB - Virtual size: 26KB

.qdata Size: 2KB - Virtual size: 1KB

.idata Size: 66KB - Virtual size: 65KB

.rsrc Size: 3KB - Virtual size: 3KB

.relc Size: 3KB - Virtual size: 3KB

.text
Size: 27KB - Virtual size: 26KB

.qdata
Size: 2KB - Virtual size: 1KB

.idata
Size: 66KB - Virtual size: 65KB

.rsrc
Size: 3KB - Virtual size: 3KB

.relc
Size: 3KB - Virtual size: 3KB