bcbda2b6b06e19096393bdecf201b6d3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bcbda2b6b06e19096393bdecf201b6d3_JaffaCakes118
Size

249KB
MD5

bcbda2b6b06e19096393bdecf201b6d3
SHA1

8020f00ac69306910a62815964b52fdb999e2924
SHA256

5d030decf5d33e780127fc2bdad12829dd62906a27cd4dafb48473d9d881eeee
SHA512

0f855ab95ecfd289374f1d2acb9bb59f375bf520d7fb7a6d65b54fa953cdc0a34952a668c644f205810302d7b7b685317aea9fb9a1cb05d02f32383e86ad7dbd
SSDEEP

6144:99xk5oIaePpAG/WTMYkG3Kyw8UML2dGexE41J:jxOoIaePpt/FYkG3Zw85Z4r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bcbda2b6b06e19096393bdecf201b6d3_JaffaCakes118

Files

bcbda2b6b06e19096393bdecf201b6d3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ac75d53405d7e885234564a462d82439

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DuplicateHandle
GlobalAlloc
LoadLibraryA
LoadLibraryW
GetDriveTypeA
FatalExit
SetProcessAffinityMask
SetComputerNameExA
TerminateProcess
GetCurrentProcess
ExitProcess
GetHandleInformation
GetProcessWorkingSetSize
SetProcessShutdownParameters
SetProcessWorkingSetSize
GetProcessAffinityMask
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CloseHandle
CreateFileW
HeapReAlloc
GetStringTypeW
GetProcAddress
CompareFileTime
AddAtomW
GetLastError
GetCurrentProcessId
GetTickCount
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleW
ReadFile
GetLocaleInfoW
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
SetFilePointer
MultiByteToWideChar
RaiseException
RtlUnwind
HeapFree
HeapAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
GetModuleFileNameW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FatalAppExitA
Sleep
HeapSize
IsValidLocale

user32

ShowScrollBar
GetDC
EnableScrollBar
PostMessageA
BeginPaint
SetScrollRange

advapi32

LookupPrivilegeNameA
GetSecurityDescriptorLength
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
OpenEventLogW

shell32

ShellExecuteA
ShellAboutA

msimg32

TransparentBlt
AlphaBlend
GradientFill

winhttp

WinHttpCloseHandle
WinHttpSetOption
WinHttpReadData

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac75d53405d7e885234564a462d82439

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msimg32

winhttp

Sections

.text Size: 144KB - Virtual size: 144KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 6KB - Virtual size: 20KB

.rsrc Size: 72KB - Virtual size: 71KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 144KB - Virtual size: 144KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 6KB - Virtual size: 20KB

.rsrc
Size: 72KB - Virtual size: 71KB

.reloc
Size: 6KB - Virtual size: 6KB