072d8d5c09fb4b4ba35e79121d4fa5ab_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

072d8d5c09fb4b4ba35e79121d4fa5ab_JaffaCakes118
Size

100KB
MD5

072d8d5c09fb4b4ba35e79121d4fa5ab
SHA1

3f2f71e382be12679b08381e6c231c3ab2f211ee
SHA256

acdd99834f3b8cadae596665e5fab7d53c428d72166a561f90ae1ec286bab421
SHA512

f609c7e0231c4b50bf7afceeac904e5950439daf36839c59df3a89c6f907fd9dcfe66534ff1ecfa1d8273824505469d43ae5835ebf83d8f24918600ee9e19318
SSDEEP

1536:Y/wFzWQDcmnoEZf7qUEHtP7NnFTgHm2zV9MxZmVKySNLdWwGsGI2MSJXKgS6yroo:0wTcmnoAyNnFUMxZLXpWULSJXKDoo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
072d8d5c09fb4b4ba35e79121d4fa5ab_JaffaCakes118

Files

072d8d5c09fb4b4ba35e79121d4fa5ab_JaffaCakes118
.exe windows:4 windows x86 arch:x86

122711fa5bbe7d331409edb9505a81ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

winip

__KDefKlaw

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateFileA
DeleteCriticalSection
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
FindClose
FindFirstFileA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentThreadId
GetDiskFreeSpaceA
GetEnvironmentStrings
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetThreadLocale
GetVersion
GetVersionExA
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LocalAlloc
LocalFree
MultiByteToWideChar
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetFilePointer
SetHandleCount
SetLastError
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WideCharToMultiByte
WriteFile
lstrcpyA
lstrcpynA
lstrlenA

user32

CharNextA
EnumThreadWindows
GetKeyboardType
GetSystemMetrics
LoadStringA
MessageBoxA
wsprintfA

oleaut32

SysAllocStringLen
SysFreeString
SysStringLen
VariantChangeTypeEx
VariantClear
VariantCopyInd

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 71KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

122711fa5bbe7d331409edb9505a81ea

Headers

File Characteristics

Imports

winip

advapi32

kernel32

user32

oleaut32

Exports

Exports

Sections

.text Size: 71KB - Virtual size: 72KB

.data Size: 14KB - Virtual size: 32KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 3KB - Virtual size: 4KB

.reloc Size: 6KB - Virtual size: 8KB

.text
Size: 71KB - Virtual size: 72KB

.data
Size: 14KB - Virtual size: 32KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 3KB - Virtual size: 4KB

.reloc
Size: 6KB - Virtual size: 8KB