04523533eab23dc721268d534d938ed9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

04523533eab23dc721268d534d938ed9_JaffaCakes118
Size

488KB
MD5

04523533eab23dc721268d534d938ed9
SHA1

23b5fc00d607bb856e860c46fac5cab9e51bb30a
SHA256

19edd1718644adc5da97cf76f1e5578f8fafaf573496641216a194f4a42ba5e3
SHA512

20b897be3ccf06a880b7237b197ddf45c7aa2ab7fd6a0fdeb3d5f0aea53629f7f4ff291c1803e0114793373a7a6479ee69df232d7700e84b113e5161fe5e3cce
SSDEEP

12288:COEq8gjMb5wlCy8F5AZ9ELvpOqBr6OXaRE8TKnE:dEqli8Cy84XELvpOmzXaREdE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04523533eab23dc721268d534d938ed9_JaffaCakes118

Files

04523533eab23dc721268d534d938ed9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d74f760ad5c6b6b3f3b061b0b2aaf20e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

DragQueryFileA
ExtractIconA

kernel32

GetStartupInfoW
GetCurrentThread
GetCPInfo
HeapCreate
TlsSetValue
LoadLibraryA
EnterCriticalSection
GetStringTypeA
TerminateProcess
RtlUnwind
GetStartupInfoA
GetTimeZoneInformation
CompareStringA
TlsAlloc
VirtualFree
GetFileType
LCMapStringW
HeapFree
GetTickCount
HeapAlloc
ExitProcess
GetCommandLineA
GetEnvironmentStrings
SetFilePointer
VirtualQuery
IsBadWritePtr
MultiByteToWideChar
WriteConsoleOutputCharacterW
lstrcpynA
TlsFree
VirtualAlloc
GetCurrentProcessId
SetEnvironmentVariableA
GetLastError
GetCurrentProcess
SetHandleCount
GetProcAddress
ReadFile
InterlockedDecrement
SetStdHandle
GetVersion
LCMapStringA
GetStdHandle
CompareStringW
TlsGetValue
OpenMutexA
FlushFileBuffers
InterlockedExchange
GlobalCompact
WriteFile
GetLocalTime
CreateMutexA
DeleteCriticalSection
GetSystemTime
HeapReAlloc
QueryPerformanceCounter
GetVersionExA
InterlockedIncrement
HeapDestroy
LeaveCriticalSection
InitializeCriticalSection
UnhandledExceptionFilter
GetCommandLineW
GetSystemTimeAsFileTime
GetModuleFileNameA
CloseHandle
GetModuleFileNameW
GetModuleHandleA
WideCharToMultiByte
FreeEnvironmentStringsW
GetStringTypeW
EnumDateFormatsA
GetEnvironmentStringsW
FreeEnvironmentStringsA
SetLastError
GetCurrentThreadId

comctl32

InitCommonControlsEx

advapi32

RegEnumKeyExW
LookupSecurityDescriptorPartsW
CryptGenRandom
RegDeleteKeyA
RegEnumKeyExA
RegSetValueExA
CryptDecrypt
CryptSetKeyParam
RegQueryInfoKeyA
CreateServiceA
RegQueryMultipleValuesW
CryptEnumProviderTypesA
ReportEventA
RegEnumValueA
CryptVerifySignatureW
RegQueryValueExW
CreateServiceW

wininet

InternetDial
GopherOpenFileA
FindNextUrlCacheEntryA
GopherOpenFileW
InternetGoOnlineA
FtpFindFirstFileW
FtpGetCurrentDirectoryA
ShowX509EncodedCertificate

user32

IsCharUpperW
RegisterHotKey
DestroyCursor
BeginDeferWindowPos
NotifyWinEvent
TranslateAccelerator
LoadIconA
SetWindowRgn
FillRect
SetDlgItemInt
DdeInitializeW
RegisterClassExA
SetWindowContextHelpId
GetClassLongW
DdeAbandonTransaction
CreateMDIWindowA
GetWindow
CreateCaret
RegisterClassA
EndMenu

comdlg32

PrintDlgW
GetSaveFileNameW

Sections

.text
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d74f760ad5c6b6b3f3b061b0b2aaf20e

Headers

File Characteristics

Imports

shell32

kernel32

comctl32

advapi32

wininet

user32

comdlg32

Sections

.text Size: 157KB - Virtual size: 156KB

.rdata Size: 5KB - Virtual size: 13KB

.data Size: 313KB - Virtual size: 312KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 157KB - Virtual size: 156KB

.rdata
Size: 5KB - Virtual size: 13KB

.data
Size: 313KB - Virtual size: 312KB

.rsrc
Size: 12KB - Virtual size: 11KB