30f3e4f345a53d399f2f178b5f3c8593_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

30f3e4f345a53d399f2f178b5f3c8593_JaffaCakes118
Size

425KB
MD5

30f3e4f345a53d399f2f178b5f3c8593
SHA1

85b5e76f14d6f5700a85149cd7dda757e15fe56f
SHA256

12858b7f9048e97f323b170c49630a851fe65a168424b1f392ecf8b24a41623a
SHA512

3671700d060a0bcf14482541fddf9d3b8d6ea6d5c785fd3aa3f6d253f86f9566e59a2547821871c7d5266291f1afd16e39e0d538508474e2782ce5c43c6e1ca1
SSDEEP

12288:ycW2D01ScR5WY246/YLYVc8IWNuT3wpC:ycWzMcR5WDmT3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30f3e4f345a53d399f2f178b5f3c8593_JaffaCakes118

Files

30f3e4f345a53d399f2f178b5f3c8593_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b0a4562a58558134e31ba9962b94bb82

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegFlushKey
LookupPrivilegeDisplayNameW
CreateServiceW
CryptDuplicateHash
CryptAcquireContextW
LogonUserA
RegSaveKeyA
RegDeleteKeyA
CryptVerifySignatureA
RegLoadKeyW

comdlg32

GetFileTitleA
GetFileTitleW
ChooseFontW
GetOpenFileNameA

gdi32

GetCurrentObject
GetStockObject

user32

GetClassInfoExA
CreateDialogIndirectParamA
DdeUninitialize
SendInput
DefDlgProcW
SubtractRect

kernel32

LCMapStringW
GetOEMCP
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetStringTypeW
HeapSize
LoadLibraryA
GetCurrentThreadId
GetPrivateProfileSectionNamesA
HeapCreate
HeapFree
CompareStringA
GetDateFormatA
Sleep
ExitProcess
FreeLibrary
VirtualQuery
WriteFile
GetModuleHandleA
SetUnhandledExceptionFilter
FreeEnvironmentStringsA
SetPriorityClass
GetStartupInfoA
LeaveCriticalSection
GetStdHandle
SetHandleCount
LockFileEx
EnumDateFormatsExW
TlsSetValue
InterlockedExchange
GetLocaleInfoA
InterlockedDecrement
CompareStringW
EnumSystemLocalesA
TlsFree
CloseHandle
GetCurrentProcess
GetCommandLineA
GetTimeZoneInformation
IsValidCodePage
VirtualFree
GetModuleFileNameA
IsValidLocale
UnhandledExceptionFilter
HeapValidate
VirtualAlloc
InterlockedIncrement
TlsGetValue
GetEnvironmentStrings
TerminateProcess
GetProcessHeap
QueryPerformanceCounter
IsDebuggerPresent
GetLastError
GetFileType
GetTimeFormatA
WideCharToMultiByte
GetCurrentThread
GetStringTypeA
GetCurrentProcessId
DeleteCriticalSection
GetCPInfo
InitializeCriticalSection
SetLastError
TlsAlloc
GetVersionExA
GetACP
HeapDestroy
GetEnvironmentStringsW
RtlUnwind
EnumResourceLanguagesW
MultiByteToWideChar
GetLocaleInfoW
GetUserDefaultLCID
LCMapStringA
GetProcAddress
EnterCriticalSection
FreeResource
GetTickCount
GetLongPathNameW
HeapAlloc
SetConsoleCtrlHandler
HeapReAlloc
GetSystemTimeAsFileTime

wininet

CreateUrlCacheEntryA
FtpFindFirstFileW
DeleteUrlCacheContainerA
InternetGetConnectedStateExA

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0a4562a58558134e31ba9962b94bb82

Headers

File Characteristics

Imports

advapi32

comdlg32

gdi32

user32

kernel32

wininet

Sections

.text Size: 127KB - Virtual size: 127KB

.rdata Size: 8KB - Virtual size: 16KB

.data Size: 279KB - Virtual size: 279KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 127KB - Virtual size: 127KB

.rdata
Size: 8KB - Virtual size: 16KB

.data
Size: 279KB - Virtual size: 279KB

.rsrc
Size: 8KB - Virtual size: 8KB