29872f3c04440ce61b8fed9fc378a45f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

29872f3c04440ce61b8fed9fc378a45f_JaffaCakes118
Size

532KB
MD5

29872f3c04440ce61b8fed9fc378a45f
SHA1

50b6234c1766a049522defae8904ec564f700557
SHA256

3ef2938635ec1fa7bbac5041ce5191f88859ccf99a3f968c8b23fcea7953aadf
SHA512

99b4fc5797d3f9b1a7bf6658036b443b164679ba91022881fcf9135f7b5beec22e43f37a52e8a293f54ccae0578b2477c2fc1367eaf1dbb66fbf40c4f6f2746b
SSDEEP

6144:EU80zlhtPCwu3K5b9MjMXl+Zo1rVxdr7H+XJjgnWG5Cg:/80zlsKztXl2orVxZr+XJjgnJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29872f3c04440ce61b8fed9fc378a45f_JaffaCakes118

Files

29872f3c04440ce61b8fed9fc378a45f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

da0caeed0136869011d167c08d076bf9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
CopyFileA
GetVersionExA
SetEndOfFile
SetEnvironmentVariableA
CreateFileA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
RtlUnwind
RaiseException
GetCommandLineA
GetVersion
ExitProcess
IsBadWritePtr
IsBadReadPtr
HeapValidate
TerminateProcess
GetCurrentProcess
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
GetProcAddress
LoadLibraryA
InterlockedIncrement
LCMapStringA
LCMapStringW
GetCPInfo
CompareStringA
CompareStringW
GetFileAttributesA
SetFilePointer
FlushFileBuffers
CloseHandle
HeapFree
SetUnhandledExceptionFilter
GetModuleHandleA
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
HeapAlloc
HeapReAlloc
VirtualAlloc
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
IsBadCodePtr
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
ReadFile
SetStdHandle
GetACP
GetOEMCP
GetLocaleInfoW

advapi32

RegCloseKey
GetUserNameA
RegOpenKeyExA
RegSetValueExA

ole32

CoCreateInstance
CoInitialize

Sections

.text
Size: 460KB - Virtual size: 458KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da0caeed0136869011d167c08d076bf9

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

Sections

.text Size: 460KB - Virtual size: 458KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 16KB - Virtual size: 22KB

.idata Size: 4KB - Virtual size: 2KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 460KB - Virtual size: 458KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 16KB - Virtual size: 22KB

.idata
Size: 4KB - Virtual size: 2KB

.reloc
Size: 16KB - Virtual size: 15KB