3048e846d3b0c377f465a5dc61f1a893_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3048e846d3b0c377f465a5dc61f1a893_JaffaCakes118
Size

376KB
MD5

3048e846d3b0c377f465a5dc61f1a893
SHA1

ecf6e49cdf2532d4213493df6ac7e2d5db684563
SHA256

995e17c84c381e4795bed64e439e3c4e8772fa4f74e0f671dc6b17c82bdcd621
SHA512

c308f0e004f940089180a56851e746a397a7235249b8bbf8081fa05e3047e90c600f4755e927c78ebe2992c564f6d507ba5ac3a8ded82794559d486faa5d03d5
SSDEEP

6144:h5IULwLVLnwDZ2Z2kYAR1YnYfNcZ8VGJ4DXTOP5f7WbHDcsKd:jIUsxLa2B5XsYfNnkqVjDcvd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3048e846d3b0c377f465a5dc61f1a893_JaffaCakes118

Files

3048e846d3b0c377f465a5dc61f1a893_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3589042599a25bbbd86b70676640952c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetQueueStatus
InsertMenuItemA
EnableWindow
RegisterClassA
RemovePropW
RegisterClassExA
GetWindowThreadProcessId
ValidateRect

shell32

CommandLineToArgvW

comctl32

InitCommonControlsEx

advapi32

CryptGetHashParam

kernel32

LoadModule
GetModuleFileNameA
CreateFileA
OpenMutexA
ReleaseMutex
TlsGetValue
GetLocaleInfoA
LeaveCriticalSection
IsDebuggerPresent
GetStringTypeA
WriteFile
GetFileType
GetTickCount
InterlockedDecrement
EnumSystemLocalesA
VirtualAlloc
SetUnhandledExceptionFilter
GetLastError
GetCPInfo
GetCurrentProcessId
GetEnvironmentStringsW
GetOEMCP
GetLocaleInfoW
GetSystemTimeAsFileTime
CreateToolhelp32Snapshot
GetLocalTime
VirtualFree
GetTimeZoneInformation
LCMapStringW
FindNextChangeNotification
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetStartupInfoA
GetConsoleOutputCP
GetCurrentProcess
HeapFree
LCMapStringA
GetCommandLineW
GetCurrentThread
FlushFileBuffers
SetFilePointer
CreateMutexA
SetConsoleCtrlHandler
LoadLibraryA
SetEnvironmentVariableA
Sleep
GetModuleHandleW
GetModuleHandleA
FreeLibrary
GetModuleFileNameW
TlsFree
ReadFile
DeleteCriticalSection
WriteConsoleA
GetTimeFormatA
UnhandledExceptionFilter
CompareStringW
CompareStringA
SetLastError
MultiByteToWideChar
VirtualQuery
GetProcAddress
CloseHandle
HeapCreate
GetDateFormatA
GetStdHandle
WriteConsoleW
GetCommandLineA
IsValidLocale
GetACP
HeapAlloc
GetConsoleCP
GetUserDefaultLCID
EnterCriticalSection
ExitProcess
HeapReAlloc
SetHandleCount
InterlockedExchange
GetStartupInfoW
IsValidCodePage
SetStdHandle
WideCharToMultiByte
TlsSetValue
RtlUnwind
QueryPerformanceCounter
InterlockedIncrement
TlsAlloc
HeapDestroy
TerminateProcess
HeapSize
GetStringTypeW
GetCurrentThreadId
FreeEnvironmentStringsW

Sections

.text
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3589042599a25bbbd86b70676640952c

Headers

File Characteristics

Imports

user32

shell32

comctl32

advapi32

kernel32

Sections

.text Size: 183KB - Virtual size: 183KB

.rdata Size: 9KB - Virtual size: 26KB

.data Size: 177KB - Virtual size: 176KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 183KB - Virtual size: 183KB

.rdata
Size: 9KB - Virtual size: 26KB

.data
Size: 177KB - Virtual size: 176KB

.rsrc
Size: 5KB - Virtual size: 5KB