aabad903b179218d4f8f2dce17d59828_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aabad903b179218d4f8f2dce17d59828_JaffaCakes118
Size

76KB
MD5

aabad903b179218d4f8f2dce17d59828
SHA1

a9a532a52de7de183d0aef240566f035e771a694
SHA256

747e9dae0b71deb6f22f495f8106fa005bd593453d54caa1ceff215eb87cbcec
SHA512

3d3ea8d747ea8089147977d2dfef446e5b29359e046a7dbe74936780ef0c21003abcc397fc29c1bd4833e8e9f67cd57371b4a153a2fc216586255656f62668b8
SSDEEP

1536:j+L3+o+l0nux8VVrDfRLf+Mz6P1rNN0b3V:Szpnf7rD5L2NrNNo3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aabad903b179218d4f8f2dce17d59828_JaffaCakes118

Files

aabad903b179218d4f8f2dce17d59828_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4873a992d05236b2b5f9e195d0480a0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

ws2_32

ntohs

user32

IsWindow

advapi32

RegOpenKeyW

shell32

SHCreateDirectoryExW

ole32

CoUninitialize

oleaut32

SysAllocStringByteLen

shlwapi

wnsprintfW

msvcp140

?_BADOFF@std@@3_JB

version

VerQueryValueW

imm32

ImmDisableIME

psapi

EnumProcesses

vcruntime140

memcpy

api-ms-win-crt-runtime-l1-1-0

exit

api-ms-win-crt-stdio-l1-1-0

_set_fmode

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-string-l1-1-0

wcsnlen

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s

api-ms-win-crt-math-l1-1-0

_except1

Sections

.MPRESS1
Size: 60KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4873a992d05236b2b5f9e195d0480a0b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp140

version

imm32

psapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.MPRESS1 Size: 60KB - Virtual size: 220KB

.MPRESS2 Size: 4KB - Virtual size: 4KB

.rsrc Size: 11KB - Virtual size: 10KB

.MPRESS1
Size: 60KB - Virtual size: 220KB

.MPRESS2
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 11KB - Virtual size: 10KB