16d563196cd403818e155a9912838938_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16d563196cd403818e155a9912838938_JaffaCakes118
Size

397KB
MD5

16d563196cd403818e155a9912838938
SHA1

647f3e32e900c2503735701dab4a198e5e16638b
SHA256

d0bb60fdf89bcbb0decc2c3f0d3ea633312ba7b7c273342619d7470abdd61f0f
SHA512

249e3f03fa2032602d5da23345b8781a66ca9198a76b21846a5ee86e28a47101655b07bcb80c871dd9e657f2ac944aa2dbe5576d633c8f6fbf21894594d1217e
SSDEEP

12288:LRiVF4gIsitsCQ8TP9tO0q7jJpAmqM5lcL5xy0r:Y7TI1XO17Jq4CG0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16d563196cd403818e155a9912838938_JaffaCakes118

Files

16d563196cd403818e155a9912838938_JaffaCakes118
.exe windows:4 windows x86 arch:x86

98ca8eb204fbf1f9763af3d89d173c46

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenFileMappingW
InitializeCriticalSection
LockFile
TransactNamedPipe
GetStdHandle
GetShortPathNameW
HeapAlloc
LoadLibraryA
OpenFileMappingA
WideCharToMultiByte
GetAtomNameW
GlobalFlags
CreateFileA
EnterCriticalSection
InterlockedExchange
TlsSetValue
FindFirstFileExW
GetVersion
HeapCreate
GlobalDeleteAtom
GetCurrentThread
GetCPInfo
HeapDestroy
GetCommandLineA
VirtualUnlock
LCMapStringW
GetOEMCP
GetStringTypeW
GetProcAddress
EnumSystemCodePagesW
GetStringTypeA
HeapFree
FindAtomA
GetACP
GetFileType
LeaveCriticalSection
VirtualQuery
VirtualFree
MultiByteToWideChar
WriteFile
DeleteCriticalSection
SetHandleCount
FlushInstructionCache
GetStartupInfoA
HeapReAlloc
UnhandledExceptionFilter
ExitProcess
CreatePipe
GetStringTypeExA
VirtualAlloc
TerminateProcess
QueryPerformanceCounter
GetCurrentProcess
TlsFree
GetModuleHandleA
GetEnvironmentStringsW
SetLastError
TlsAlloc
GetCurrentThreadId
RtlUnwind
IsBadWritePtr
FreeEnvironmentStringsW
GetLastError
GetCurrentProcessId
GetModuleFileNameA
TlsGetValue
FreeEnvironmentStringsA
AddAtomW
GetTickCount
LCMapStringA
SetLocaleInfoA
GetEnvironmentStrings
GetSystemTimeAsFileTime

advapi32

CryptSetKeyParam
LookupPrivilegeDisplayNameW
RegCreateKeyExW
RegQueryMultipleValuesW
CryptGenKey
AbortSystemShutdownA
RegDeleteKeyW
CryptGetKeyParam
RevertToSelf
RegDeleteValueA
LookupSecurityDescriptorPartsW
CryptGetUserKey
CryptDestroyKey
ReportEventA
CryptSignHashA
RegSetValueExW
RegReplaceKeyA

shell32

SHGetSpecialFolderLocation

gdi32

SetBkColor
GetColorAdjustment
GetCharWidthA
OffsetRgn
CopyMetaFileA
CreateFontA
GetObjectW
CopyEnhMetaFileW
EnumEnhMetaFile
Pie
CombineRgn
CreateRectRgn
SetWindowOrgEx
SetArcDirection
GetOutlineTextMetricsW
GdiFlush

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 267KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98ca8eb204fbf1f9763af3d89d173c46

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

gdi32

Sections

.text Size: 116KB - Virtual size: 115KB

.data Size: 267KB - Virtual size: 279KB

.rsrc Size: 13KB - Virtual size: 12KB

.text
Size: 116KB - Virtual size: 115KB

.data
Size: 267KB - Virtual size: 279KB

.rsrc
Size: 13KB - Virtual size: 12KB