24c93792bf5466c06141ccaebb8b1894_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

24c93792bf5466c06141ccaebb8b1894_JaffaCakes118
Size

440KB
MD5

24c93792bf5466c06141ccaebb8b1894
SHA1

414a29732619b77b4f3a49edb733478740761a06
SHA256

410439cc76c178b60b1412f0edb26a5f0b3a947e9849c25c496bd7cfd773bdd4
SHA512

d15135f8aec57499b74ddcbfc3c474f54e23801e13d006cf28e38e529e25ca134dcb85c1c834905e1d876ce60681d23c5e2792c89d1cb86235323551680cb5f0
SSDEEP

12288:Qh74DJZUr9wziJOWw3KkqaOgdmGESvyq4:A4DJZ49wzaOWydvyq4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24c93792bf5466c06141ccaebb8b1894_JaffaCakes118

Files

24c93792bf5466c06141ccaebb8b1894_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4898a2fb813321d7a7c3076f9b17e43e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoW
GetCommandLineW
SetHandleCount
GetACP
RtlUnwind
InitializeCriticalSection
FreeLibrary
GetCurrentProcess
GetUserDefaultLCID
VirtualAlloc
Sleep
SetConsoleCtrlHandler
HeapReAlloc
GetStringTypeA
WriteConsoleA
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
GetModuleFileNameA
GetLocaleInfoA
HeapSize
ExitProcess
GetOEMCP
HeapDestroy
IsDebuggerPresent
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
GetVersionExA
GetEnvironmentStringsW
LCMapStringA
QueryPerformanceCounter
CloseHandle
TlsSetValue
EnumSystemLocalesA
TlsGetValue
WriteFile
GetEnvironmentStrings
HeapAlloc
GetTimeFormatA
HeapFree
RtlMoveMemory
TlsAlloc
GetCurrentProcessId
FreeEnvironmentStringsW
InterlockedDecrement
HeapCreate
VirtualFree
IsValidLocale
GetDateFormatA
GetProcessHeap
InterlockedIncrement
GetLastError
MultiByteToWideChar
UnhandledExceptionFilter
CompareStringW
GetCPInfo
GetModuleHandleA
CompareStringA
GetModuleFileNameW
FreeEnvironmentStringsA
CreateEventA
TlsFree
EnterCriticalSection
DeleteCriticalSection
GetCurrentThread
IsValidCodePage
GetProcAddress
GetStartupInfoW
GetStringTypeW
GetCommandLineA
SetEnvironmentVariableA
InterlockedExchange
LCMapStringW
TerminateProcess
GetTimeZoneInformation
VirtualQuery
LeaveCriticalSection
WideCharToMultiByte
GetStartupInfoA
SetLastError
GetCurrentThreadId

advapi32

RegQueryValueExW
LookupAccountNameA
RegConnectRegistryW
LookupPrivilegeNameW
CryptSetProviderW
RegSetValueExA
CryptDestroyHash
RegSaveKeyA
RegLoadKeyA
CryptReleaseContext
RegReplaceKeyA
CryptGetDefaultProviderW
RegFlushKey
RegQueryValueW
CryptGetHashParam
CryptAcquireContextA
RegCreateKeyW
CryptSetKeyParam
RegQueryInfoKeyW
RegQueryInfoKeyA
RegCloseKey
CryptEnumProvidersW
ReportEventA

comdlg32

GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
ReplaceTextA
PrintDlgW
ReplaceTextW
GetOpenFileNameW
ChooseFontA
ChooseColorW
GetFileTitleA
LoadAlterBitmap
PageSetupDlgW
PrintDlgA

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 311KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4898a2fb813321d7a7c3076f9b17e43e

Headers

File Characteristics

Imports

kernel32

advapi32

comdlg32

Sections

.text Size: 119KB - Virtual size: 118KB

.data Size: 311KB - Virtual size: 329KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 119KB - Virtual size: 118KB

.data
Size: 311KB - Virtual size: 329KB

.rsrc
Size: 9KB - Virtual size: 8KB