aeeb6a64992ecfa83dfe277437568fb4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aeeb6a64992ecfa83dfe277437568fb4_JaffaCakes118
Size

942KB
MD5

aeeb6a64992ecfa83dfe277437568fb4
SHA1

d9fdeb3e5e7f5fec2e5cd2e92b35a0fcfca7bac6
SHA256

22f94922f0b01bb98dfead3c5ef4cf2bfc7d210a781bed7567aeb9a1fec3e209
SHA512

d03daa4bf225308e051548725d5e596c2f0cb9335df2cc18d326b67107ccb6e7a6055a18d577fb831022f17a6d31b4a9b146d7d67aa53d87641f09488108664c
SSDEEP

12288:LtcQ89QX+vGvoZOfLSNtbQX6jG0Sn9eQQWJQj5XHG6J+jtICa4zWGvK2hZFV7A/t:LtBT+Eoe46b9tFm5W6J+va4zC2bFVQq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aeeb6a64992ecfa83dfe277437568fb4_JaffaCakes118

Files

aeeb6a64992ecfa83dfe277437568fb4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a9662544c64ac9329a44c41127fa9f44

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

ChooseFontW
CommDlgExtendedError
ReplaceTextW

crypt32

CryptEncodeObjectEx
CryptDecodeObject
CryptMsgOpenToDecode
CryptMsgUpdate
CertCreateCertificateContext
CertFreeCertificateContext
CertSetCertificateContextProperty
CertGetCertificateContextProperty
CertFreeCRLContext
CertAddCertificateContextToStore
CertControlStore
CryptExportPublicKeyInfo
CryptAcquireCertificatePrivateKey
CryptExportPKCS8
CryptHashPublicKeyInfo
CertGetCertificateChain
CertFreeCertificateChain
CryptBinaryToStringW

shell32

SHChangeNotify
SHGetDesktopFolder
Shell_NotifyIconW
ExtractIconExW
SHBindToParent

mpr

WNetGetResourceInformationW

kernel32

WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LocalAlloc
VirtualAlloc
HeapAlloc
HeapFree
GetCurrentProcess
GetCurrentProcessId
GetEnvironmentStringsW
GetCurrentThreadId
GetLastError
SetHandleCount
SetEndOfFile
CloseHandle
FileTimeToSystemTime
CreateEventW
GetModuleHandleW
GetStartupInfoW
OutputDebugStringW
GetTempPathW
GetFileAttributesW
GetVersionExW
GetACP
GetOEMCP
LCMapStringW
GetCommandLineW
SetLastError
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetModuleFileNameW
WriteFile
QueryPerformanceCounter
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetCPInfo
IsDebuggerPresent
IsProcessorFeaturePresent
LoadLibraryExW
RtlUnwind
HeapReAlloc
GetStringTypeW
HeapSize
CreateFileW

psapi

GetModuleFileNameExW
GetDeviceDriverFileNameW

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 772KB - Virtual size: 771KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.3uweie
Size: 95KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9662544c64ac9329a44c41127fa9f44

Headers

File Characteristics

Imports

comdlg32

crypt32

shell32

mpr

kernel32

psapi

Sections

.text Size: 70KB - Virtual size: 69KB

.rdata Size: 772KB - Virtual size: 771KB

.data Size: 4KB - Virtual size: 7.0MB

.3uweie Size: 95KB - Virtual size: 96KB

.text
Size: 70KB - Virtual size: 69KB

.rdata
Size: 772KB - Virtual size: 771KB

.data
Size: 4KB - Virtual size: 7.0MB

.3uweie
Size: 95KB - Virtual size: 96KB