bd62cc5754c542cd1368817e99ef35a8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bd62cc5754c542cd1368817e99ef35a8_JaffaCakes118
Size

1.1MB
MD5

bd62cc5754c542cd1368817e99ef35a8
SHA1

3af73bf80cd4e929e192af9c327ab7e16d634c9f
SHA256

448c0b6f23e7153f34e2b1d7226089997d6eebcc829f706d957ea0c7fb45d7be
SHA512

e345452887abbc24ad9d70f6302e3aec848ee3d20a96f4bd3fcfda131b3188f95f14eacbbf4850a559a989c4bfd27b98c33c428354f505ada38207008a622787
SSDEEP

12288:ZbVDlLrw8jWyxFTrCWedTaT0LmK9+KMJZ2rK0/RtCb9+DLNO5EAsOua2Lk0to78u:JnwK1FTZedTtLmeyKr8m4eqZ5rtBjFt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd62cc5754c542cd1368817e99ef35a8_JaffaCakes118

Files

bd62cc5754c542cd1368817e99ef35a8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9dd42d44d8970a7253e870854af668cb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

LeaveCriticalPolicySection

psapi

GetDeviceDriverBaseNameW
GetModuleBaseNameW

ole32

StringFromCLSID
CLSIDFromString
CoTaskMemFree
CreateStreamOnHGlobal

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

mpr

WNetOpenEnumW
WNetGetConnectionW

kernel32

CreateFileW
SetFilePointerEx
SetStdHandle
FlushFileBuffers
GetConsoleCP
WriteConsoleW
GetCurrentProcessId
LCMapStringW
GetProcAddress
GlobalLock
VirtualAlloc
HeapAlloc
HeapFree
GetCurrentThreadId
GetLastError
DeleteCriticalSection
ReleaseSemaphore
LoadResource
SetHandleCount
WriteFile
SetEndOfFile
CloseHandle
lstrcmpW
CreateFileMappingW
OutputDebugStringW
FindResourceExW
QueryPerformanceCounter
GetThreadLocale
GetCommandLineW
SetLastError
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameW
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
IsDebuggerPresent
IsProcessorFeaturePresent
LoadLibraryExW
RtlUnwind
HeapReAlloc
GetStringTypeW
HeapSize
GetConsoleMode

wininet

HttpQueryInfoW
InternetOpenUrlW
InternetConnectW

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kih0s
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.9fet
Size: 917KB - Virtual size: 917KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9dd42d44d8970a7253e870854af668cb

Headers

File Characteristics

Imports

userenv

psapi

ole32

advapi32

mpr

kernel32

wininet

Sections

.text Size: 79KB - Virtual size: 79KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 6.9MB

.kih0s Size: 70KB - Virtual size: 70KB

.9fet Size: 917KB - Virtual size: 917KB

.rsrc Size: 14KB - Virtual size: 16KB

.text
Size: 79KB - Virtual size: 79KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 6.9MB

.kih0s
Size: 70KB - Virtual size: 70KB

.9fet
Size: 917KB - Virtual size: 917KB

.rsrc
Size: 14KB - Virtual size: 16KB