b1b342d6b895840e5118e5a346333e5f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b1b342d6b895840e5118e5a346333e5f_JaffaCakes118
Size

120KB
MD5

b1b342d6b895840e5118e5a346333e5f
SHA1

1775950d51fe7f3a068f35755025e591c5e2c458
SHA256

58c20c47e60ddaa209c17aae9e02c3d2609ade996c623cf27a88b9201ffbd8b9
SHA512

cf1f9a65838dac8d2cdd3c07e64b87edc965e8b112aed1772862be51f38edef1ead1edaf9c488b98f2f04728dba1520f36eb0a2c8114d8abf8588c6870daa039
SSDEEP

3072:2QCNEwJKO/sS5z8zeVDZug/rIysBB1Y20I:C9/snaVlzj72c2v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1b342d6b895840e5118e5a346333e5f_JaffaCakes118

Files

b1b342d6b895840e5118e5a346333e5f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b6978ff073f65fb03601bdee7c85e432

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfoExA
FillConsoleOutputCharacterW
GetTickCount
GetModuleHandleW
HeapReAlloc
GetStringTypeW
MultiByteToWideChar
LCMapStringW
WideCharToMultiByte
RtlUnwind
GetNativeSystemInfo
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
Sleep
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryW
GetProcAddress
FindAtomA
EnumTimeFormatsA
ExitThread
FindFirstChangeNotificationW
GetCurrentDirectoryA
FindAtomW
GetLastError
GlobalFree
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
HeapSize
HeapFree
HeapAlloc
GetCommandLineW
HeapSetInformation
GetStartupInfoW
IsProcessorFeaturePresent
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
DecodePointer
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
SetUnhandledExceptionFilter
FreeEnvironmentStringsW

user32

ScrollWindow
PeekMessageW
GetRawInputDeviceInfoA
LoadIconA
LoadAcceleratorsW
PrivateExtractIconsW
LoadBitmapA
LoadCursorA
LoadCursorFromFileW
LoadKeyboardLayoutW
SetParent
UpdateWindow
LookupIconIdFromDirectoryEx
CreateIconFromResource
MapDialogRect
MapVirtualKeyA
MapVirtualKeyExW
CloseClipboard
OpenClipboard
GetDialogBaseUnits
GetDlgCtrlID
RealGetWindowClassW
GetCaretPos
SetProcessDefaultLayout

gdi32

BitBlt
EndPath
SetViewportExtEx
StretchDIBits

advapi32

ClearEventLogA
BackupEventLogW
CloseServiceHandle
AddAccessAllowedAceEx
ChangeServiceConfigA

shell32

ShellExecuteA

msimg32

GradientFill

winhttp

WinHttpConnect

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mysec4
Size: 512B - Virtual size: 5B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.mysec
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6978ff073f65fb03601bdee7c85e432

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msimg32

winhttp

Sections

.text Size: 81KB - Virtual size: 81KB

.data Size: 3KB - Virtual size: 156KB

.mysec4 Size: 512B - Virtual size: 5B

.mysec Size: 1024B - Virtual size: 4KB

.rsrc Size: 30KB - Virtual size: 29KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 81KB - Virtual size: 81KB

.data
Size: 3KB - Virtual size: 156KB

.mysec4
Size: 512B - Virtual size: 5B

.mysec
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 30KB - Virtual size: 29KB

.reloc
Size: 3KB - Virtual size: 2KB