3460e6f068bbf40d2bf435d2a9d815a4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3460e6f068bbf40d2bf435d2a9d815a4_JaffaCakes118
Size

416KB
MD5

3460e6f068bbf40d2bf435d2a9d815a4
SHA1

2674d62b33e9240318201e52b6c20d9fbb639f7d
SHA256

221e1811067aed87fc7edd13dd4bb3419ded4421a389dd7dc76ba17c190ed543
SHA512

bbf69997c43bc852af848411f1f3d5a8ebbbdcfdd2458c928d25b66a3a0b08bfde1b5aa4c0bb0d20a3655be294ad12f08c2bec53cd22af7f3caa6121d36aa0af
SSDEEP

12288:yaZyBCZ3RDFeC67qDsSppnx5wbFNXEKTbFT1O:nyYtbpx+N0KTbFT1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3460e6f068bbf40d2bf435d2a9d815a4_JaffaCakes118

Files

3460e6f068bbf40d2bf435d2a9d815a4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

11d979fe4051298da5a9a026a4325f42

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptDestroyHash
CryptSetProviderExW
AbortSystemShutdownW
RegEnumValueA
CryptSignHashW
LookupPrivilegeDisplayNameW
LookupPrivilegeValueW
CryptSetKeyParam
InitiateSystemShutdownW
CryptAcquireContextA
LookupAccountSidW
DuplicateToken
RegDeleteKeyW
LookupPrivilegeNameW
LookupSecurityDescriptorPartsW
RegSetValueExW
RegSetValueA
RegEnumKeyExW
CryptVerifySignatureA
RegEnumKeyExA

shell32

DragAcceptFiles
DragQueryPoint
ExtractIconW

kernel32

HeapFree
GetCommandLineA
GetTimeZoneInformation
GetTimeFormatA
GetFileType
GetSystemDefaultLangID
GetModuleHandleA
GetCurrentThreadId
GetEnvironmentStringsW
SetHandleCount
TransmitCommChar
WritePrivateProfileSectionA
QueryPerformanceCounter
RtlUnwind
MultiByteToWideChar
VirtualAlloc
HeapCreate
GetCurrentThread
HeapDestroy
LoadLibraryA
FreeEnvironmentStringsA
VirtualFree
GetACP
UnhandledExceptionFilter
FindAtomW
GetLastError
GetStringTypeA
GetProfileIntA
OpenEventA
CreateMailslotW
GetLocaleInfoW
GetDiskFreeSpaceExA
HeapAlloc
WriteFile
HeapReAlloc
GetStartupInfoA
FindNextFileA
GetLocaleInfoA
GetConsoleTitleW
CompareStringA
TlsAlloc
LocalUnlock
EnterCriticalSection
GetDateFormatA
SetConsoleTitleA
VirtualUnlock
CompareStringW
GetModuleFileNameA
LocalShrink
LeaveCriticalSection
GetUserDefaultLCID
SetEnvironmentVariableA
WideCharToMultiByte
WriteConsoleA
TlsGetValue
VirtualProtect
GlobalCompact
ExpandEnvironmentStringsW
GetCPInfo
TlsSetValue
GetVersionExA
GetSystemTimeAsFileTime
HeapSize
SetLastError
ExitProcess
GetEnvironmentStrings
FreeEnvironmentStringsW
GetOEMCP
VirtualQuery
EnumResourceNamesW
GetStdHandle
IsValidLocale
CreateProcessW
LockFileEx
EnumSystemLocalesA
InterlockedExchange
GetCurrentProcess
InitializeCriticalSection
GetStringTypeW
GetProcAddress
LCMapStringW
DeleteCriticalSection
TlsFree
GetSystemInfo
GlobalFix
IsValidCodePage
IsBadWritePtr
GetCurrentProcessId
GetTickCount
TerminateProcess
LCMapStringA

comdlg32

FindTextA
GetSaveFileNameW
ChooseColorA

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 279KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11d979fe4051298da5a9a026a4325f42

Headers

File Characteristics

Imports

advapi32

shell32

kernel32

comdlg32

Sections

.text Size: 120KB - Virtual size: 119KB

.rdata Size: 8KB - Virtual size: 33KB

.data Size: 279KB - Virtual size: 278KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 8KB - Virtual size: 33KB

.data
Size: 279KB - Virtual size: 278KB

.rsrc
Size: 8KB - Virtual size: 8KB