34875d62d34747077c67510a7e23f5fa_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

34875d62d34747077c67510a7e23f5fa_JaffaCakes118
Size

441KB
MD5

34875d62d34747077c67510a7e23f5fa
SHA1

e1563f30ea76c787e0cc2667324504565efac4e2
SHA256

152192252b10c5a04984eceb906d10c10740acfde44f815380362ffee406dc4e
SHA512

851e8f723f3948be6ed923d4433c6599d8041956abab1bbc17b98bd5356086f5a9f95fa059b440112489f2fdb2a20d50fdb56deb8d67bbbac5a8fda9f873ee95
SSDEEP

12288:tNR7fnA6lknmz9Qm9ZbmnFQQJEwz5UJ4W3YSfRy:tT0nSQm9ZqnDEZGW3FfRy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34875d62d34747077c67510a7e23f5fa_JaffaCakes118

Files

34875d62d34747077c67510a7e23f5fa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

355057c95f45e442dcaee091275f7c90

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

FlattenPath
OffsetViewportOrgEx
ExcludeClipRect
SetDIBColorTable
GetWorldTransform
ExtTextOutW
Polyline
PaintRgn
GetGlyphOutlineW
GetOutlineTextMetricsW
StartDocW
CombineTransform
GetClipRgn
PathToRegion
EndDoc
GetTextMetricsA
IntersectClipRect
RectVisible
ColorCorrectPalette
DrawEscape

kernel32

InterlockedExchange
GetVersionExW
CreateMutexW
DeleteCriticalSection
CompareStringW
InitializeCriticalSection
VirtualAlloc
GetFileAttributesExW
HeapDestroy
EnumSystemLocalesA
GetTimeFormatA
GetLocaleInfoA
RtlUnwind
GetTickCount
TlsGetValue
GetCurrentProcess
GetLocaleInfoW
GetCurrentThread
SetLastError
VirtualProtect
GetVersionExA
QueryPerformanceCounter
LoadLibraryA
GetStartupInfoA
GetOEMCP
GetStartupInfoW
FreeEnvironmentStringsA
GetUserDefaultLCID
GetDateFormatA
WideCharToMultiByte
TlsAlloc
SetCurrentDirectoryW
GetProcAddress
IsValidCodePage
ExitProcess
HeapFree
CreateNamedPipeW
GetModuleFileNameA
LCMapStringW
EnterCriticalSection
FreeEnvironmentStringsW
HeapAlloc
GetTimeZoneInformation
GetACP
CreateWaitableTimerA
VirtualQuery
lstrcpyn
CompareStringA
GlobalCompact
GetEnvironmentStringsW
LocalAlloc
WriteFile
GetCPInfo
GetModuleHandleA
SetConsoleTitleA
GetStringTypeA
GetSystemInfo
GetEnvironmentStrings
HeapCreate
GetModuleFileNameW
GetStringTypeW
GetStdHandle
MultiByteToWideChar
OutputDebugStringA
GetCurrentDirectoryW
GetCurrentThreadId
GlobalFree
IsValidLocale
FindResourceA
VirtualFree
GetSystemTimeAsFileTime
GetCommandLineA
SetHandleCount
IsBadWritePtr
TlsFree
SetEnvironmentVariableA
LCMapStringA
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
HeapReAlloc
HeapSize
LeaveCriticalSection
GetFileType
TlsSetValue
GetCommandLineW
GetLastError

user32

FindWindowExW
SetUserObjectSecurity

comdlg32

LoadAlterBitmap
ReplaceTextA
PageSetupDlgA

wininet

InternetAutodial
InternetSetOptionW
RetrieveUrlCacheEntryFileA
DeleteUrlCacheEntryA

advapi32

RegEnumKeyExW
RegSaveKeyW
StartServiceA
RegCreateKeyExW
LogonUserW
RegQueryValueW
CryptSetProviderA
CryptDestroyKey
LookupPrivilegeValueA
RegRestoreKeyW
RegConnectRegistryA
CryptEncrypt
RegQueryInfoKeyA
RegQueryValueA
CryptExportKey
CryptGetUserKey
RegFlushKey
GetUserNameA
RegSetValueExW

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

355057c95f45e442dcaee091275f7c90

Headers

File Characteristics

Imports

gdi32

kernel32

user32

comdlg32

wininet

advapi32

Sections

.text Size: 136KB - Virtual size: 135KB

.rdata Size: 8KB - Virtual size: 26KB

.data Size: 280KB - Virtual size: 279KB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 136KB - Virtual size: 135KB

.rdata
Size: 8KB - Virtual size: 26KB

.data
Size: 280KB - Virtual size: 279KB

.rsrc
Size: 16KB - Virtual size: 15KB