0cd6c0afb6a1be66a9eca366597993b8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0cd6c0afb6a1be66a9eca366597993b8_JaffaCakes118
Size

184KB
MD5

0cd6c0afb6a1be66a9eca366597993b8
SHA1

8c23c878fa80fe5f7b313b28e5f27a0bf6b76a65
SHA256

d960beff59a04299c818785aca3f83a35a9837c8e9ea6c4df1b777e4eb71c576
SHA512

7ccb03eabc87d1619db335f88f0387bc76460f007e0258c4df32feba278f79a3ee5b0aa047ccc938dc8bae9bd8e98e0d86a9f37b291571d48b81b6401880f632
SSDEEP

3072:e3T0AZhqZxhzZYM7MYucBtvtMsmEj7aT6nVkaAhdrH+fKsOeQ1Q5kuNPnTJx:elZ4PYvmrvtMsv3+5jIKsOe2Qa8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cd6c0afb6a1be66a9eca366597993b8_JaffaCakes118

Files

0cd6c0afb6a1be66a9eca366597993b8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4c231b16e65e79e9267d4bd988fdf0fd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateGuid
CoInitialize
StringFromGUID2
CoUninitialize
CoCreateInstance
CoSetProxyBlanket

shell32

SHCreateDirectoryExW
SHFileOperationW
SHGetFolderPathW

kernel32

GetFileType
RtlUnwind
HeapCreate
GetTickCount
GetUserDefaultLCID
SetFilePointer
GetCurrentProcessId
GetStartupInfoA
GetACP
GetSystemTimeAsFileTime
GetThreadPriority
SetStdHandle
SetEndOfFile
CloseHandle
UnhandledExceptionFilter
VirtualAlloc
EnterCriticalSection
IsDebuggerPresent
VirtualFree
GlobalAlloc
GetConsoleOutputCP
GetModuleFileNameA
GetCurrentThreadId
GetCommandLineA
WriteConsoleW
GetModuleFileNameW
GetEnvironmentStringsW
GetProcAddress
SetCommTimeouts
EnumSystemLocalesA
GetOEMCP
WideCharToMultiByte
GetLastError
GetModuleHandleA
GetLocaleInfoW
HeapFree
QueryPerformanceCounter
InterlockedDecrement
ExitProcess
GetLocaleInfoA
LCMapStringA
LeaveCriticalSection
MultiByteToWideChar
LCMapStringW
FreeEnvironmentStringsA
EnumResourceNamesA
HeapSize
TlsSetValue
InitializeCriticalSection
ReadFile
GetCurrentDirectoryW
TerminateProcess
GetConsoleMode
GetProcessHeap
GetStdHandle
HeapReAlloc
TlsFree
ExitProcess
LoadLibraryA
FlushFileBuffers
TlsGetValue
IsValidLocale
HeapDestroy
SetUnhandledExceptionFilter
Sleep
GetStringTypeW
GetCPInfo
SetLastError
GetStringTypeA
DeleteCriticalSection
FreeEnvironmentStringsW
GetVersionExA
HeapAlloc
GetConsoleCP
GetCurrentProcess
InterlockedIncrement
IsValidCodePage
GetEnvironmentStrings
CreateFileA
RaiseException
TlsAlloc
WriteFile
WriteConsoleA
SetHandleCount
GetFullPathNameW
GetFullPathNameA

advapi32

RegCreateKeyExW
RegCloseKey
RegSetValueExW

user32

GetClassLongA
MessageBoxW

rpcrt4

UuidCreate

shlwapi

SHDeleteKeyW

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c231b16e65e79e9267d4bd988fdf0fd

Headers

File Characteristics

Imports

ole32

shell32

kernel32

advapi32

user32

rpcrt4

shlwapi

Sections

.text Size: 161KB - Virtual size: 161KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 18KB - Virtual size: 18KB

.crt Size: 512B - Virtual size: 216KB

.text
Size: 161KB - Virtual size: 161KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 18KB - Virtual size: 18KB

.crt
Size: 512B - Virtual size: 216KB