0f6f334ca57d50251f8694d686a0be9a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0f6f334ca57d50251f8694d686a0be9a_JaffaCakes118
Size

135KB
MD5

0f6f334ca57d50251f8694d686a0be9a
SHA1

0f55e64212723508973fec996776b768be01e754
SHA256

571388824cc3e84800604f5553dd0bf641577ea1a4870d3d23f45b3181f12d70
SHA512

cce59b630dcdef94706eb3dc7b7348ba48cd28fe0e293eb869145d74e77b57be4d88ff4e411f91fd665e8988aae6dd5459f5035f68678b0741359c9efa932ab1
SSDEEP

3072:DvsUu4uh4tgJCorLMfDcW5hI8NqWP9okKeUfSGlWm:7TuhaxfDc38Nb9lFUKAWm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f6f334ca57d50251f8694d686a0be9a_JaffaCakes118

Files

0f6f334ca57d50251f8694d686a0be9a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e7242da46adb60eb7c1286efb0d51ecf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
OpenProcess
Process32Next
GetCurrentProcessId
Process32First
CreateToolhelp32Snapshot
GetStartupInfoA
FreeLibrary
GetVersionExA
GetSystemInfo
GetModuleHandleA
GetPrivateProfileSectionNamesA
GetCurrentProcess
SetFilePointer
FlushFileBuffers
GetStringTypeW
GetStringTypeA
WriteFile
CreateProcessA
GetLastError
WaitForSingleObject
GetExitCodeProcess
CloseHandle
GetModuleFileNameA
OutputDebugStringA
GetPrivateProfileStringA
RtlUnwind
GetFileType
SetStdHandle
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
ExitProcess
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA

user32

CharLowerBuffA
MessageBoxA
wsprintfA
GetSystemMetrics

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

shlwapi

PathFileExistsA
StrTrimA
PathRemoveFileSpecA

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lrdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e7242da46adb60eb7c1286efb0d51ecf

Headers

File Characteristics

Imports

kernel32

user32

advapi32

version

shlwapi

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 1KB

.lrdata Size: 72KB - Virtual size: 72KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 1KB

.lrdata
Size: 72KB - Virtual size: 72KB