311b1053a0d20910c5ebaa770c66987e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

311b1053a0d20910c5ebaa770c66987e_JaffaCakes118
Size

431KB
MD5

311b1053a0d20910c5ebaa770c66987e
SHA1

c81e1afdead1da289556eb324ad223bb9fa7240e
SHA256

b1adf8e0aa6b2f63c3de4832d13cdc4ee489f15a95a4d91037acbf1d54010832
SHA512

f0668ff9c5958dd30effa9bcc3cb12002ceb8abd7897591612b3820b4b056b5aa69d3c4656f3a152f3268fe1f919f65b8b0f466651992e04047d8ededa5153c6
SSDEEP

12288:gu6Y+L89vVOIVFYJOszqsX/A/1gg+/4QOSo:gWTPVFW14gzo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
311b1053a0d20910c5ebaa770c66987e_JaffaCakes118

Files

311b1053a0d20910c5ebaa770c66987e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5b4a3864be3374c5ee8e9111431732e6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHLoadInProc
SHGetSettings
SHGetSpecialFolderPathA
RealShellExecuteW
SHFreeNameMappings
ExtractIconA
SHGetSpecialFolderLocation
SheChangeDirA
SHChangeNotify
SHBrowseForFolderA
CheckEscapesW
DragQueryFileA
ShellExecuteA
SHFileOperationW
DragAcceptFiles
SHGetDataFromIDListA
DoEnvironmentSubstW
DragFinish

comdlg32

GetOpenFileNameW
PrintDlgW
ChooseColorW
PageSetupDlgA
ChooseFontW
FindTextW

advapi32

CryptEnumProviderTypesW
CryptSetHashParam
CryptSetKeyParam
RegCreateKeyExA
RegLoadKeyW
CryptHashData
RegDeleteKeyW
CryptVerifySignatureW

user32

OemToCharW
GetMenu
DdeQueryConvInfo
RegisterClassExW
FlashWindowEx
LoadImageW
SetCaretPos
GetWindowLongW
GetDlgItemTextW
SendMessageW
SetDlgItemTextW

kernel32

ExitProcess
CompareStringW
HeapReAlloc
SetEnvironmentVariableA
EnumSystemLocalesA
GetStdHandle
TerminateProcess
LCMapStringW
InterlockedDecrement
TlsGetValue
HeapDestroy
WideCharToMultiByte
HeapSize
HeapFree
GetCurrentThread
SetLastError
IsValidLocale
TlsFree
GetTickCount
VirtualAlloc
GetEnvironmentStrings
VirtualFree
IsDebuggerPresent
TlsAlloc
GetCurrentProcessId
MapViewOfFileEx
SetVolumeLabelA
TlsSetValue
GetACP
VirtualQuery
GetCommandLineW
WriteFile
GetProcessHeap
GetEnvironmentStringsW
GetTimeZoneInformation
FindNextFileW
LeaveCriticalSection
GetStringTypeA
GetModuleFileNameA
LoadLibraryA
CompareStringA
Sleep
InitializeCriticalSection
GetProcAddress
LCMapStringA
EnterCriticalSection
GetStringTypeW
GetLocaleInfoW
GetStartupInfoA
HeapAlloc
FreeEnvironmentStringsA
GetCurrentThreadId
FreeEnvironmentStringsW
UnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
SetConsoleCtrlHandler
FreeLibrary
GetSystemTimeAsFileTime
SetHandleCount
GetCurrentProcess
GetUserDefaultLCID
IsValidCodePage
GetDateFormatA
GetLastError
GetCPInfo
GetTimeFormatA
EnumCalendarInfoW
LoadLibraryExA
GetCommandLineA
GetVersionExA
RtlUnwind
GetConsoleOutputCP
GetOEMCP
GetEnvironmentVariableW
MultiByteToWideChar
InterlockedIncrement
HeapCreate
GetFileType
InterlockedExchange
WaitNamedPipeA
SetUnhandledExceptionFilter
AddAtomW
DeleteCriticalSection
GetLocaleInfoA

Sections

.text
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b4a3864be3374c5ee8e9111431732e6

Headers

File Characteristics

Imports

shell32

comdlg32

advapi32

user32

kernel32

Sections

.text Size: 145KB - Virtual size: 144KB

.data Size: 274KB - Virtual size: 273KB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 145KB - Virtual size: 144KB

.data
Size: 274KB - Virtual size: 273KB

.rsrc
Size: 11KB - Virtual size: 11KB