2326b0b140d60535ccb0af864d1df373_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2326b0b140d60535ccb0af864d1df373_JaffaCakes118
Size

265KB
MD5

2326b0b140d60535ccb0af864d1df373
SHA1

156734456692d601d6ca438efe4dcbcfd042f532
SHA256

da997296ee974558990e20143481208d159b3db981ba445725a05cfd85af75cb
SHA512

8e4bce5203efc52a99ce49db5a3d4bab6de6022803ebe5be24c6d410621425e54672e96df16f25d5c5c32cc8232c4c18f371c417e010c10dedfc3027655b4df3
SSDEEP

3072:4lzMFd1GLG5iFGLXvcASatIJlfMw0fIAltG+S/8PRF7U3oItgSssZJr0sR6v5ypS:M1wL0Et0WTn78oIDZdV0v5mHzcwyXRR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2326b0b140d60535ccb0af864d1df373_JaffaCakes118

Files

2326b0b140d60535ccb0af864d1df373_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d1f08400558beec22bbf64cb1142079e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
WritePrivateProfileStructA
InterlockedIncrement
GetOEMCP
RtlUnwind
GetStartupInfoW
GetCPInfo
GetCurrentProcess
GetLocaleInfoA
VirtualAlloc
IsValidLocale
InitializeCriticalSectionAndSpinCount
HeapReAlloc
GetDateFormatA
UnlockFileEx
GetCurrentThread
CompareStringA
IsValidCodePage
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoA
ExitProcess
FreeLibrary
GetModuleHandleW
GetStringTypeW
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
GetLocaleInfoW
lstrcat
GetUserDefaultLCID
QueryPerformanceCounter
TlsAlloc
MultiByteToWideChar
SystemTimeToFileTime
LeaveCriticalSection
SetUnhandledExceptionFilter
LocalUnlock
HeapAlloc
GetFileType
HeapFree
CreateProcessA
WideCharToMultiByte
GetCurrentProcessId
SetPriorityClass
GetStdHandle
WriteFile
SetEnvironmentVariableA
GetTimeZoneInformation
CopyFileA
GetACP
GetStringTypeA
CompareStringW
TlsSetValue
SetConsoleCtrlHandler
SetConsoleCursorPosition
lstrcatW
VirtualFree
UnhandledExceptionFilter
TlsGetValue
GetConsoleTitleA
GetStringTypeExW
LCMapStringW
OpenSemaphoreA
EnumSystemLocalesA
GetLongPathNameW
GetTimeFormatA
GetProcAddress
GetCommandLineW
GetEnvironmentStringsW
SetLastError
InterlockedDecrement
InterlockedExchange
HeapCreate
TlsFree
GetLastError
VirtualQuery
Sleep
SetHandleCount
FileTimeToSystemTime
IsDebuggerPresent
GetCurrentThreadId
HeapDestroy
WriteConsoleW
TerminateProcess
FreeEnvironmentStringsW
HeapSize
DeleteFileW
GetModuleHandleA
LCMapStringA
GetModuleFileNameW

advapi32

RegSaveKeyA
AbortSystemShutdownW
RegDeleteKeyA
StartServiceA
CryptVerifySignatureA
RegEnumKeyExW
RegSetValueA
ReportEventA
DuplicateToken
CryptReleaseContext
LookupAccountSidW
RegCreateKeyExA
CryptVerifySignatureW
CryptGetDefaultProviderW
RegLoadKeyA
CryptAcquireContextA
CryptExportKey
GetUserNameW
CryptDuplicateKey
LookupAccountSidA
LookupAccountNameA

shell32

ExtractAssociatedIconW
DuplicateIcon
RealShellExecuteExW
ShellAboutA
SHUpdateRecycleBinIcon
ExtractIconExA
SHQueryRecycleBinW
SHQueryRecycleBinA
SHGetFileInfo
SHGetPathFromIDListA
SHGetDesktopFolder

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 138KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1f08400558beec22bbf64cb1142079e

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

Sections

.text Size: 112KB - Virtual size: 111KB

.data Size: 138KB - Virtual size: 148KB

.rsrc Size: 14KB - Virtual size: 13KB

.text
Size: 112KB - Virtual size: 111KB

.data
Size: 138KB - Virtual size: 148KB

.rsrc
Size: 14KB - Virtual size: 13KB