188851733e50a5bce652f9a324ac47d8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

188851733e50a5bce652f9a324ac47d8_JaffaCakes118
Size

432KB
MD5

188851733e50a5bce652f9a324ac47d8
SHA1

18a7d2700555135c9d9f6bf38fee6a03c5eaf485
SHA256

479d09069be5427033ecbf87158ecb00607b59ec152687515b4e795202f833f7
SHA512

f100209cc1252fa23028988c2911f9f3721018a6ca92b0d67783d6828221779a44c39a8816960834572f97a38dbb4335c1817b0f88b4644874ab0de567aa2feb
SSDEEP

6144:xKG2OAbzxPX52e70ioOpyPxuefTwHVZXCE05ZHwXgvpHj3Fhf211dMdMeDM:eOAxgafyMCwnX2jhxHj3P21HMd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
188851733e50a5bce652f9a324ac47d8_JaffaCakes118

Files

188851733e50a5bce652f9a324ac47d8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f94cccab035442ddcc2c0939bd3b9dcc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupPrivilegeNameA
RegSaveKeyW
RegQueryValueW
CryptGetProvParam
RegOpenKeyExW
CryptExportKey
GetUserNameA
CryptReleaseContext
CryptGetHashParam
RegSetValueExW
RegCreateKeyW
RegSetValueW
CryptAcquireContextW
CryptDeriveKey

kernel32

SetLastError
EnumResourceLanguagesW
GetCurrentThread
FreeEnvironmentStringsA
GetLogicalDrives
EnumSystemLocalesA
GetModuleFileNameW
GetLastError
SetConsoleCtrlHandler
GetACP
GetLocaleInfoW
GetCurrentProcessId
GetFileType
InterlockedExchange
GetCommandLineA
DeleteCriticalSection
GetEnvironmentStrings
GetCommandLineW
lstrcpyA
SetUnhandledExceptionFilter
SetHandleCount
LCMapStringA
GetExitCodeProcess
GetCurrentThreadId
HeapFree
InitializeCriticalSection
GetConsoleScreenBufferInfo
LCMapStringW
GetStartupInfoA
HeapReAlloc
MultiByteToWideChar
GetStringTypeW
GetStdHandle
WideCharToMultiByte
GetEnvironmentStringsW
GetDateFormatA
TlsGetValue
SetEnvironmentVariableA
VirtualAlloc
GetModuleHandleA
LeaveCriticalSection
TerminateProcess
HeapSize
OpenSemaphoreA
VirtualQuery
GetSystemTimeAsFileTime
GetProcessHeap
SetConsoleActiveScreenBuffer
UnhandledExceptionFilter
GetProcAddress
GetUserDefaultLCID
FreeLibrary
IsValidCodePage
FreeEnvironmentStringsW
GetVersionExA
CompareStringA
HeapLock
GetCurrentProcess
RtlUnwind
GetCPInfo
InterlockedIncrement
GetProfileIntW
GetModuleFileNameA
ExitProcess
InterlockedDecrement
IsDebuggerPresent
GetTimeZoneInformation
CompareStringW
GetStringTypeA
HeapCreate
CommConfigDialogA
WriteFile
GetLocaleInfoA
TlsSetValue
GetUserDefaultLangID
Sleep
lstrcatA
GetStartupInfoW
IsValidLocale
HeapDestroy
EnterCriticalSection
TlsAlloc
TlsFree
GetTimeFormatA
ReleaseSemaphore
LoadLibraryA
GetTickCount
GetCurrentDirectoryA
GetOEMCP
VirtualFree
SetConsoleMode
HeapAlloc
QueryPerformanceCounter

shell32

ExtractIconEx

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 279KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f94cccab035442ddcc2c0939bd3b9dcc

Headers

File Characteristics

Imports

advapi32

kernel32

shell32

Sections

.text Size: 132KB - Virtual size: 132KB

.rdata Size: 8KB - Virtual size: 21KB

.data Size: 279KB - Virtual size: 278KB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 132KB - Virtual size: 132KB

.rdata
Size: 8KB - Virtual size: 21KB

.data
Size: 279KB - Virtual size: 278KB

.rsrc
Size: 11KB - Virtual size: 11KB