159a74ba7488052465f2e2cbc6669ba9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

159a74ba7488052465f2e2cbc6669ba9_JaffaCakes118
Size

418KB
MD5

159a74ba7488052465f2e2cbc6669ba9
SHA1

aa03f0683861026b0abdf191f6e55d49e9c31f4f
SHA256

1d0cf3beade7efb1f08d65370385fc71542d8b9e8b8c9d7d0688e5d34570e6c0
SHA512

711216882d96ed64ad77a545f564d6fbedbd5c2eb356a7f046a92f02cfa5658f129871f5d00608d69c9bdeb070267ab40087751a004a6621e9819433fa413130
SSDEEP

12288:861UVGUnKJ8pS15lp9y7IKI1CVj1YmZqZLFOy:11UQUnKa6PlKIQBZq5oy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
159a74ba7488052465f2e2cbc6669ba9_JaffaCakes118

Files

159a74ba7488052465f2e2cbc6669ba9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

645dd7f649c5bdef2285e6c1881187b8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnlockFile
GetEnvironmentStringsW
ResumeThread
OpenEventA
GetCPInfo
lstrlenW
HeapAlloc
SetEnvironmentVariableA
IsDebuggerPresent
GetTimeZoneInformation
LCMapStringA
TlsGetValue
EnumDateFormatsW
GlobalAddAtomA
TlsFree
InterlockedDecrement
Sleep
GetCurrentThread
GetDateFormatA
FoldStringA
HeapDestroy
CompareStringW
GetEnvironmentStrings
DeleteCriticalSection
GetPrivateProfileIntA
GetLocaleInfoA
IsValidLocale
GetCommandLineW
GetProcAddress
CreateProcessA
GetCommandLineA
MultiByteToWideChar
LocalFree
CompareStringA
InterlockedIncrement
GetLocaleInfoW
VirtualQuery
GetTimeFormatA
LeaveCriticalSection
GetVersionExA
WideCharToMultiByte
GetOEMCP
IsValidCodePage
GetACP
HeapReAlloc
GetStringTypeW
ExitProcess
WriteProfileStringW
UnhandledExceptionFilter
VirtualAlloc
SetConsoleCtrlHandler
QueryPerformanceCounter
GetCurrentProcess
GetStartupInfoW
GetModuleHandleA
FreeEnvironmentStringsA
GetProcessHeap
GetStartupInfoA
GetCurrentThreadId
HeapCreate
SetLastError
WritePrivateProfileStructA
FreeEnvironmentStringsW
WriteFile
TlsAlloc
GetStdHandle
GetLogicalDrives
FileTimeToSystemTime
GetTickCount
GetLastError
CreateEventA
EnumSystemLocalesA
HeapSize
GetUserDefaultLCID
RtlUnwind
EnterCriticalSection
GetSystemTimeAsFileTime
VirtualFree
GetStringTypeA
SetStdHandle
GetPriorityClass
FreeLibrary
SetUnhandledExceptionFilter
GetFileType
GetModuleFileNameW
HeapFree
TerminateProcess
LoadLibraryA
SetConsoleTitleW
LCMapStringW
TlsSetValue
LocalSize
GetModuleFileNameA
InitializeCriticalSection
OpenSemaphoreA
SetHandleCount
CreateFileMappingW
InterlockedExchange
GetCurrentProcessId

advapi32

GetUserNameA
LogonUserW
CryptDecrypt
CryptVerifySignatureA
InitiateSystemShutdownA
RegLoadKeyA
RegQueryValueExA
InitiateSystemShutdownW
RegSetValueExA
RegReplaceKeyA
ReportEventA
CreateServiceA
RegCreateKeyExA

shell32

SHGetDataFromIDListA
SHGetDesktopFolder
SHFileOperation
SHGetPathFromIDList
ShellExecuteExA
SHUpdateRecycleBinIcon
CommandLineToArgvW
SHBrowseForFolderA
ExtractAssociatedIconExA

gdi32

CreatePatternBrush
CreateScalableFontResourceW
SetBrushOrgEx
GetEnhMetaFileBits
SetPixelFormat

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 274KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

645dd7f649c5bdef2285e6c1881187b8

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

gdi32

Sections

.text Size: 131KB - Virtual size: 131KB

.data Size: 274KB - Virtual size: 302KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 131KB - Virtual size: 131KB

.data
Size: 274KB - Virtual size: 302KB

.rsrc
Size: 12KB - Virtual size: 11KB