302b9ff1be6f50fed24beb37e7d0c4eb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

302b9ff1be6f50fed24beb37e7d0c4eb_JaffaCakes118
Size

423KB
MD5

302b9ff1be6f50fed24beb37e7d0c4eb
SHA1

e06f3b5211bef7f06e355c95a8660eb3ccd1c438
SHA256

2f98d02b18f9f676fb365cbb87f54bca6cca98f32292b380d9f76b552b271d93
SHA512

0d637c2e3955c96b75ad58727c22f11ce393cf047c3334ea9bbe9d9a6e32b6fff2e48f44e216f7b1f63d020ad5e016ecdd378b2a2508f88887a85be9daf566f0
SSDEEP

12288:BxRPLNxF8850zvXayV6azZo0Mn/TrVP5:fDx55kqyo4rCfV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
302b9ff1be6f50fed24beb37e7d0c4eb_JaffaCakes118

Files

302b9ff1be6f50fed24beb37e7d0c4eb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1456ca3825e591675fc45d1d5ca9e543

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringA
GetStartupInfoW
GetTimeFormatW
GetExitCodeProcess
GetFileType
WriteConsoleOutputW
HeapAlloc
LoadLibraryA
TlsAlloc
IsValidCodePage
TlsSetValue
OpenMutexW
GetLocaleInfoA
EnterCriticalSection
SetHandleCount
SetLastError
CompareStringW
GetModuleFileNameW
GetOEMCP
UnhandledExceptionFilter
LeaveCriticalSection
GetACP
GetStartupInfoA
GetCPInfo
GetAtomNameA
GetStringTypeW
TlsGetValue
GetLocaleInfoW
GetProcAddress
LocalLock
GetLastError
WideCharToMultiByte
GetSystemDirectoryA
FreeEnvironmentStringsW
CreateProcessW
GetSystemInfo
VirtualQuery
IsBadWritePtr
VirtualProtect
LCMapStringA
DeleteCriticalSection
GetTimeZoneInformation
TlsFree
GetEnvironmentStringsW
HeapReAlloc
InitializeCriticalSection
ExitProcess
GetSystemDirectoryW
AddAtomA
VirtualAlloc
WriteFile
QueryPerformanceCounter
GetCurrentProcess
HeapCreate
GetModuleHandleA
GetCurrentThread
GetUserDefaultLCID
GetVersionExA
GetCurrentThreadId
LCMapStringW
VirtualFree
FreeEnvironmentStringsA
GetDateFormatA
GetCurrentProcessId
GetModuleFileNameA
HeapDestroy
EnumSystemLocalesA
FormatMessageA
GetTickCount
GetStringTypeA
lstrcmpi
GetCommandLineW
MultiByteToWideChar
IsValidLocale
RtlUnwind
GetCommandLineA
GetSystemTimeAsFileTime
InterlockedExchange
HeapSize
SetEnvironmentVariableA
FindResourceExW
GetEnvironmentStrings
OpenFileMappingW
GetStdHandle
GetTimeFormatA
HeapFree
TerminateProcess

advapi32

RegOpenKeyW
CryptImportKey
CreateServiceW

gdi32

GetFontLanguageInfo
AnimatePalette
PolyDraw
gdiPlaySpoolStream
StrokeAndFillPath
PatBlt
SetWindowExtEx
SetMapperFlags
SetSystemPaletteUse
GetKerningPairs
PolyBezierTo
DeleteObject
EnumFontFamiliesW
GetStretchBltMode
SetLayout
EndDoc
GetViewportExtEx
SetColorAdjustment
GetTextAlign
GetDeviceCaps
GetTextFaceW
GetDeviceGammaRamp
GetEnhMetaFileDescriptionA

shell32

SHFileOperationA
SHInvokePrinterCommandW
CommandLineToArgvW
SHFreeNameMappings
SheSetCurDrive

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 273KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1456ca3825e591675fc45d1d5ca9e543

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

shell32

Sections

.text Size: 136KB - Virtual size: 135KB

.data Size: 273KB - Virtual size: 286KB

.rsrc Size: 13KB - Virtual size: 12KB

.text
Size: 136KB - Virtual size: 135KB

.data
Size: 273KB - Virtual size: 286KB

.rsrc
Size: 13KB - Virtual size: 12KB