157202fe52de51b783fd5c02d5f8479a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

157202fe52de51b783fd5c02d5f8479a_JaffaCakes118
Size

471KB
MD5

157202fe52de51b783fd5c02d5f8479a
SHA1

82e27bc2e62820b5b27d0eef2d8388324b28c17d
SHA256

a21a91516f5c97cf4537a6e9c2eaa01181038e96c9c9c4f0546aa38e9ac2441c
SHA512

e9c0b1b98404f79bd11720673809203ddf26388829b1556cee6e7c05f75eafdf5134fc6c7aa1c08b12e0db0715dff3743ad77bd106ee43877c9089d63346b71f
SSDEEP

12288:GRWzEEBoXw3iVh4U7VsvxPDtlLRZds7Sdi3j+rMBC5l9:haoiVhXyZDNTs7Sdi3j+3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
157202fe52de51b783fd5c02d5f8479a_JaffaCakes118

Files

157202fe52de51b783fd5c02d5f8479a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bbd5be3486e64fb55f4cd8c1b3de03cd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptDestroyKey
RegConnectRegistryA
CryptDuplicateHash
CryptAcquireContextW
RegEnumKeyExW
RegNotifyChangeKeyValue
GetUserNameA
LookupPrivilegeValueA
RegEnumValueA
RegCloseKey
DuplicateTokenEx
CryptReleaseContext
RegOpenKeyA
CryptSignHashA
RevertToSelf
LookupAccountNameA
InitializeSecurityDescriptor
LogonUserA
RegQueryMultipleValuesA
CryptDuplicateKey
CryptEnumProvidersW
CryptSetProvParam
CryptGenRandom

user32

GetWindowDC
CloseDesktop
GetMessagePos
GetWindowLongA
GetKeyboardState
RegisterClassExA
ReleaseDC
CharLowerW
CloseWindowStation
MonitorFromPoint
InternalGetWindowText
SetMenuInfo
SetCaretPos
GetAsyncKeyState
RegisterClassA
SetDlgItemInt
TranslateAcceleratorA
ToAscii
UnhookWindowsHook
RegisterClipboardFormatW
GetKeyNameTextW
MapDialogRect

gdi32

LineTo

comctl32

InitCommonControlsEx

kernel32

LeaveCriticalSection
InterlockedIncrement
GetCurrentProcessId
GetACP
CloseHandle
HeapAlloc
VirtualFree
InitializeCriticalSection
GetCurrentProcess
HeapCreate
EnterCriticalSection
TlsFree
GetEnvironmentStrings
GetStartupInfoA
CreateMutexA
GetConsoleScreenBufferInfo
TerminateProcess
FreeEnvironmentStringsW
GetStdHandle
GetCurrentThread
HeapFree
HeapReAlloc
VirtualAlloc
GetStringTypeA
InterlockedDecrement
SetFilePointer
GetCommandLineA
LCMapStringA
GetSystemTimeAsFileTime
SetEnvironmentVariableA
HeapDestroy
GetModuleHandleA
GetSystemTime
GetCPInfo
GetLocalTime
TlsSetValue
GetOEMCP
SetHandleCount
GetLastError
LoadLibraryA
CompareStringW
GetTickCount
WideCharToMultiByte
lstrcmpi
OpenMutexA
MultiByteToWideChar
GetTimeZoneInformation
SetStdHandle
WriteFile
SetLastError
ExitProcess
FlushFileBuffers
IsBadWritePtr
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsA
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
InterlockedExchange
LCMapStringW
CompareStringA
DeleteCriticalSection
ReadFile
TlsAlloc
GetModuleFileNameA
GetStringTypeW
TlsGetValue
GetVersion
RtlUnwind
GetProcAddress
GetFileType

Sections

.text
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 311KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bbd5be3486e64fb55f4cd8c1b3de03cd

Headers

File Characteristics

Imports

advapi32

user32

gdi32

comctl32

kernel32

Sections

.text Size: 150KB - Virtual size: 150KB

.rdata Size: 4KB - Virtual size: 31KB

.data Size: 311KB - Virtual size: 310KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 150KB - Virtual size: 150KB

.rdata
Size: 4KB - Virtual size: 31KB

.data
Size: 311KB - Virtual size: 310KB

.rsrc
Size: 4KB - Virtual size: 3KB