3872a25d99e99b98dce90594ec2280ee_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3872a25d99e99b98dce90594ec2280ee_JaffaCakes118
Size

490KB
MD5

3872a25d99e99b98dce90594ec2280ee
SHA1

67e609786944cc9358c3864eab257d1d2b72397a
SHA256

f103fe28587f7f6e11a429389f96b7707238e3c837b994068c9afc5189d64d10
SHA512

495d56054ee3434ba7ba178ecfd942ee1b2835669501c014010be09add4bfb2e68c0b0f6c3c9c15953822bd63e5dedf61282ebaac5c42a422572d5aa55a0c16d
SSDEEP

12288:/4WR2XwII+5d2jWL3RJc81NUFiUTp//N2q/bRGbbx:IVI+5d2jWL3RJc83RWnNV/bRY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3872a25d99e99b98dce90594ec2280ee_JaffaCakes118

Files

3872a25d99e99b98dce90594ec2280ee_JaffaCakes118
.exe windows:4 windows x86 arch:x86

54cc1a67007ab69efda2b5e11ee8e669

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHAddToRecentDocs
SHGetSpecialFolderPathW
SHFreeNameMappings

advapi32

RegQueryMultipleValuesW
LookupSecurityDescriptorPartsA
RegSaveKeyW
CryptVerifySignatureA
RegQueryValueW
RegSaveKeyA
LookupAccountNameW
LookupPrivilegeNameW
RegReplaceKeyW
RegOpenKeyExA
DuplicateTokenEx
CryptDestroyHash
AbortSystemShutdownW
RegOpenKeyExW
RegReplaceKeyA
CryptSetProviderExA
CryptVerifySignatureW
LookupAccountSidA

user32

GetClassLongW
CreateWindowStationW
GetThreadDesktop
FindWindowExA
wsprintfW
ReleaseDC
RegisterClassA
DdeUninitialize
GetSubMenu
RedrawWindow
GetWindowLongW
DdeCreateDataHandle
GetUserObjectSecurity
DdeFreeDataHandle
RegisterDeviceNotificationW
wsprintfA
RegisterClassExA
IsCharAlphaW
ReuseDDElParam

kernel32

GetTimeZoneInformation
CompareStringW
TlsFree
HeapReAlloc
GetStartupInfoW
LCMapStringW
SetEnvironmentVariableA
GetLocalTime
CompareStringA
GetStartupInfoA
IsBadWritePtr
GetStdHandle
GetCurrentThread
WideCharToMultiByte
VirtualFree
HeapAlloc
DeleteCriticalSection
CreateProcessA
RtlUnwind
GetCommandLineA
InterlockedIncrement
WriteFile
HeapDestroy
GetCurrentThreadId
GetStringTypeW
QueryPerformanceCounter
GetModuleFileNameW
GetCommandLineW
GetCurrentProcess
VirtualAlloc
InitializeCriticalSection
TlsGetValue
GetFileType
GetEnvironmentStrings
LeaveCriticalSection
UnhandledExceptionFilter
GetEnvironmentStringsW
CreateMutexA
TerminateProcess
HeapFree
GetSystemTimeAsFileTime
TlsAlloc
EnterCriticalSection
ExitProcess
InterlockedDecrement
TlsSetValue
LCMapStringA
FlushFileBuffers
VirtualQuery
OpenMutexA
MultiByteToWideChar
LoadLibraryA
SetLastError
GetStringTypeA
CloseHandle
ReadFile
GetCPInfo
HeapCreate
SetHandleCount
GetVersion
GetCurrentProcessId
GetSystemTime
GetModuleHandleA
GetTickCount
InterlockedExchange
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
SetStdHandle
SetFilePointer
GetLastError
GetProcAddress

comctl32

InitCommonControlsEx

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 313KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54cc1a67007ab69efda2b5e11ee8e669

Headers

File Characteristics

Imports

shell32

advapi32

user32

kernel32

comctl32

Sections

.text Size: 159KB - Virtual size: 158KB

.rdata Size: 4KB - Virtual size: 20KB

.data Size: 313KB - Virtual size: 313KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 159KB - Virtual size: 158KB

.rdata
Size: 4KB - Virtual size: 20KB

.data
Size: 313KB - Virtual size: 313KB

.rsrc
Size: 12KB - Virtual size: 12KB