3787ec577a65b287461673d13420e83a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3787ec577a65b287461673d13420e83a_JaffaCakes118
Size

60KB
MD5

3787ec577a65b287461673d13420e83a
SHA1

5814421db97b31467c4a490dc9c1fae915906f1a
SHA256

52c59dac576f7b35d93776e98b90381bb5df7873bd088dc06a3daab2a9c9528f
SHA512

29338c5f5970015582f857b7e5b8fc8db3796515f20d9b343617827e5b0844092391a2d1cbfc574d873194892620ae1ffeb9f2378985463591ca6cd131397c3d
SSDEEP

1536:o0OJkeMkwgR7MUUBdM4cAOCdggeDxFQJQryBJD5:42XkXMFHOEeDbQGyD5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3787ec577a65b287461673d13420e83a_JaffaCakes118

Files

3787ec577a65b287461673d13420e83a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ee70d6df4cf8bb3fb0b668e53b012bbe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalGetAtomNameA
lstrcpy
GenerateConsoleCtrlEvent
lstrcat
PurgeComm
GlobalAddAtomA
HeapWalk
GetCurrentProcessId
SetFilePointer
_lclose
GetCommState
ReadProcessMemory
FlushInstructionCache
SetEnvironmentVariableA
LoadLibraryA
GetFileTime
GetCurrentDirectoryA
AreFileApisANSI
LoadModule
WinExec
FindCloseChangeNotification
UnlockFileEx
FoldStringA
Beep
GlobalUnWire
GetSystemPowerStatus
GetCommandLineA
FreeConsole
LocalFileTimeToFileTime
BuildCommDCBA
SetConsoleTextAttribute
EraseTape
InterlockedExchange
OpenProcess
SetConsoleWindowInfo
OpenFileMappingA
RequestDeviceWakeup
SizeofResource
CreateProcessA
SetConsoleCursorPosition
FindAtomA
GetNumberOfConsoleMouseButtons
SetProcessShutdownParameters
UTRegister
GetAtomNameA
IsProcessorFeaturePresent
GlobalUnlock
TlsFree
GetFileAttributesExA
GetLongPathNameA
SetConsoleCtrlHandler
WaitCommEvent
InterlockedIncrement
GetProcessAffinityMask
GetDefaultCommConfigA
SetConsoleActiveScreenBuffer
WriteProcessMemory
GetPrivateProfileIntA
VirtualQueryEx
CreateNamedPipeA

shlwapi

StrRChrIA
ColorHLSToRGB
PathSearchAndQualifyA
PathStripToRootA
SHDeleteValueA
PathIsRelativeA
PathQuoteSpacesA
PathRemoveBlanksA
StrToIntExA
SHCreateStreamWrapper
SHRegCreateUSKeyA
PathGetDriveNumberA
PathCommonPrefixA
PathMakePrettyA
PathIsFileSpecA
UrlCombineA
PathFindOnPathA
PathIsUNCA
StrSpnA
UrlIsOpaqueA
AssocQueryStringA
PathFileExistsA
SHRegOpenUSKeyA
StrChrIA
HashData
PathAppendA
StrCSpnA
StrFormatByteSize64A
SHRegWriteUSValueA
SHIsLowMemoryMachine

advapi32

IsTextUnicode

Sections

.zato
Size: 22KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ebcve
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wzsh
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nopo
Size: 28KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee70d6df4cf8bb3fb0b668e53b012bbe

Headers

File Characteristics

Imports

kernel32

shlwapi

advapi32

Sections

.zato Size: 22KB - Virtual size: 45KB

.ebcve Size: 5KB - Virtual size: 10KB

.wzsh Size: 1024B - Virtual size: 1KB

.nopo Size: 28KB - Virtual size: 132KB

.rsrc Size: 2KB - Virtual size: 4KB

.zato
Size: 22KB - Virtual size: 45KB

.ebcve
Size: 5KB - Virtual size: 10KB

.wzsh
Size: 1024B - Virtual size: 1KB

.nopo
Size: 28KB - Virtual size: 132KB

.rsrc
Size: 2KB - Virtual size: 4KB