1c7e5203d9a56f313d92905285d2cbf4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1c7e5203d9a56f313d92905285d2cbf4_JaffaCakes118
Size

197KB
MD5

1c7e5203d9a56f313d92905285d2cbf4
SHA1

919e52bb3605f9f4433691e6b378fe4b00e8b612
SHA256

ecccaf6e9a79089700a20a483a937263caaabbd6127a9e6fdebbd2cc13a526d9
SHA512

0f3a06c971af8063656e0a7d5e52afeaec6ed82e2bb8d7ff1f1de5d8ec157ac76f89221f9af2a65e35885826b7462cb27f1dc1f02b475828e4c73ab777f63047
SSDEEP

6144:MY1wAU61QeY6K2BAJD7WfD3hbsVMUCNn:7wAU6ueY6KcAJP03hb+MUGn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c7e5203d9a56f313d92905285d2cbf4_JaffaCakes118

Files

1c7e5203d9a56f313d92905285d2cbf4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3be34bcbf1d3d42d1987a871a3d15fd6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

Sleep
LockResource
GetSystemDirectoryA
WriteFile
ExitProcess
GetLocaleInfoA
FreeLibrary
EndUpdateResourceW
GetVersion
GlobalFree
UnhandledExceptionFilter
FindNextFileW
FindResourceExW
InterlockedCompareExchange
HeapReAlloc
CreateFiberEx
CreateFileMappingA
OutputDebugStringA
FindFirstFileW
UnmapViewOfFile
_lwrite
GetFileAttributesA
GlobalAlloc
DeleteCriticalSection
HeapAlloc
MapViewOfFile
EscapeCommFunction
EnumResourceLanguagesW
GetFileInformationByHandle
GetTempFileNameW
FindNextFileA
FreeResource
GetCurrentThreadId
WideCharToMultiByte
_lclose
RemoveDirectoryW
HeapFree
GetLastError
LeaveCriticalSection
SizeofResource
GlobalLock
InterlockedDecrement
_llseek
lstrlenW
SetFilePointer
IsDebuggerPresent
GetModuleHandleW
HeapDestroy
GetCurrentDirectoryW
SetUnhandledExceptionFilter
LoadLibraryExW
FindResourceW
InterlockedIncrement
HeapSize
SetLastError
DebugBreak
CreateDirectoryW
CopyFileW
TerminateProcess
GetACP
CopyFileA
GetSystemTimeAsFileTime
EnumResourceNamesA
GetProcessHeap
LoadLibraryExA
SetFileAttributesW
GetTempPathW
GetCommandLineW
InitializeCriticalSection
CreateFileA
EnumResourceNamesW
DeleteFileA
GlobalUnlock
GetCurrentProcessId
AreFileApisANSI
FindClose
GetEnvironmentVariableA
lstrlenA
GetProcAddress
GetVersionExA
EnumResourceTypesW
SetEndOfFile
FindFirstFileA
InterlockedExchange
GetTickCount
CloseHandle
lstrcmpiA
GetFileAttributesW
LocalFree
CreateDirectoryA
RaiseException
FormatMessageW
FatalExit
MultiByteToWideChar
LoadLibraryA
_lread
DeleteFileW
GetFileSize
GetThreadLocale
RemoveDirectoryA
QueryPerformanceCounter
UpdateResourceW
LoadResource
GetStringTypeExW
GetFullPathNameA
SetFileAttributesA
MoveFileW
CreateFileW
GetOEMCP
EnterCriticalSection
GetFullPathNameW
GetVersionExW
ReadFile
GetCurrentProcess
BeginUpdateResourceW
lstrcpyA

imagehlp

ImageRvaToVa
ImageNtHeader
ImageGetDigestStream
ImageDirectoryEntryToData

advapi32

CryptReleaseContext
CryptGetHashParam
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash

psapi

GetProcessMemoryInfo

shell32

CommandLineToArgvW

msvfw32

ICInfo

user32

wsprintfW
MonitorFromWindow
CharNextA
CharNextW

Sections

.text
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3be34bcbf1d3d42d1987a871a3d15fd6

Headers

File Characteristics

Imports

kernel32

imagehlp

advapi32

psapi

shell32

msvfw32

user32

Sections

.text Size: 167KB - Virtual size: 167KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 24KB - Virtual size: 24KB

.lib Size: 512B - Virtual size: 228KB

.text
Size: 167KB - Virtual size: 167KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 24KB - Virtual size: 24KB

.lib
Size: 512B - Virtual size: 228KB