3128b531b53f9f03c17a0965abe4ab9c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3128b531b53f9f03c17a0965abe4ab9c_JaffaCakes118
Size

527KB
MD5

3128b531b53f9f03c17a0965abe4ab9c
SHA1

b7f3deaaf9e32402fc886139122e721daae87169
SHA256

c6a8b430cc16881f5e0b09a3817ba90b2b9d9d61389719905df88bd183789394
SHA512

80dc8c60b15ef33bf4621888eb8e8524dddfdea9689c2caf50650f3485a1bb50af362314229a165192567ad8309e4b3b9a084f5cc6990c723855515df8b72832
SSDEEP

12288:G4fUkk4mdKHlT21OtrCSxb60JsRrZNfYJZLw:G4fUkkfdKHlT21O4MbwRrZJYL8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3128b531b53f9f03c17a0965abe4ab9c_JaffaCakes118

Files

3128b531b53f9f03c17a0965abe4ab9c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f28024af96e6545c17a42779cb8c02e1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

user32

GetLastActivePopup
CharToOemA
SetForegroundWindow
CreateAcceleratorTableW
SendNotifyMessageW
CharToOemBuffW
FrameRect
CopyAcceleratorTableA
LoadStringW
EmptyClipboard
RegisterClassExA
IsCharAlphaA
GetWindowPlacement
RealChildWindowFromPoint
DdePostAdvise
RegisterClassA

kernel32

VirtualAlloc
GetEnvironmentStringsW
GetModuleHandleA
UnhandledExceptionFilter
HeapReAlloc
LCMapStringA
SetConsoleTitleW
GetStringTypeA
DosDateTimeToFileTime
SetStdHandle
GetStartupInfoA
GetCurrentProcess
GetFileType
IsBadWritePtr
GetSystemTimeAsFileTime
GetCurrentProcessId
TransactNamedPipe
CreateMutexA
FlushFileBuffers
GetStartupInfoW
GetEnvironmentStrings
CloseHandle
VirtualQuery
QueryPerformanceCounter
GetProcAddress
HeapDestroy
GetLastError
GetCPInfo
GetModuleFileNameW
LCMapStringW
CompareStringW
HeapAlloc
TlsSetValue
TlsFree
TlsAlloc
GetStdHandle
GetProfileSectionW
LoadResource
FreeEnvironmentStringsA
DeleteCriticalSection
SetLastError
GetSystemTime
MultiByteToWideChar
TerminateProcess
InterlockedDecrement
SetEnvironmentVariableA
GetCommandLineA
WriteConsoleW
RtlUnwind
GetTimeZoneInformation
HeapFree
LeaveCriticalSection
VirtualFree
HeapCreate
OpenMutexA
CompareStringA
WaitForMultipleObjects
ExitProcess
InitializeCriticalSection
LoadLibraryA
SetFilePointer
lstrlen
GetLogicalDrives
GetCurrentThread
WideCharToMultiByte
GetCommandLineW
GetModuleFileNameA
SetHandleCount
GetStringTypeW
GetCurrentThreadId
TlsGetValue
InterlockedExchange
InterlockedIncrement
EnterCriticalSection
ReadFile
GetVersionExA
GetTickCount
FreeEnvironmentStringsW
WriteFile
Sleep
GetLocalTime
GetVersion

Sections

.text
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f28024af96e6545c17a42779cb8c02e1

Headers

File Characteristics

Imports

comctl32

user32

kernel32

Sections

.text Size: 197KB - Virtual size: 197KB

.rdata Size: 4KB - Virtual size: 32KB

.data Size: 314KB - Virtual size: 314KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 197KB - Virtual size: 197KB

.rdata
Size: 4KB - Virtual size: 32KB

.data
Size: 314KB - Virtual size: 314KB

.rsrc
Size: 10KB - Virtual size: 10KB