3914d9c68c255643f3b23b5363fa57c9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3914d9c68c255643f3b23b5363fa57c9_JaffaCakes118
Size

566KB
MD5

3914d9c68c255643f3b23b5363fa57c9
SHA1

de67a816398e735999d7d107aa0e467e183fc579
SHA256

9be9ef8c70fbee2d1ed1beb10f503b4f898839b3b15deec9c48c921158fd6039
SHA512

34d027fdb44f4aa448647d9b302f7e05fe99a88af06b2a1d83bc3fdce6d151ea3d3bfe2a6969ed727d4d97d119611142f2f8d0b1bd7d380914be422a7e6715f8
SSDEEP

12288:bK+5DBC9kVhj2Fix3Ac0lpaIqRcZ/5IlU31oyA:lxvqKdopNqA/UU31oh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3914d9c68c255643f3b23b5363fa57c9_JaffaCakes118

Files

3914d9c68c255643f3b23b5363fa57c9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

55f3759b3a25ac4c8c0dcf211567101e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCommMask
lstrcmpiA
GetProfileStringA
IsValidLocale
SetProcessWorkingSetSize
VirtualQuery
LoadLibraryExA
SetConsoleMode
SetSystemTime
ExitThread
GetConsoleMode
CompareStringA
MultiByteToWideChar
GetSystemDefaultLangID
GetFullPathNameA
PulseEvent
GetOverlappedResult
GetStartupInfoA
GenerateConsoleCtrlEvent
LocalFileTimeToFileTime
DuplicateHandle
lstrcpynA
LeaveCriticalSection
ExpandEnvironmentStringsW
CreateDirectoryExA
EnumSystemCodePagesA
GetShortPathNameA
PrepareTape
AreFileApisANSI
GetCommState
GlobalAddAtomA
_lopen
ClearCommBreak
GetWindowsDirectoryA
DeleteCriticalSection
GetSystemDirectoryW
FindResourceExA
_lclose
GetOEMCP
GetLargestConsoleWindowSize
UnhandledExceptionFilter
IsDBCSLeadByteEx
SystemTimeToFileTime
CompareStringW
GetTickCount
ExitProcess

version

VerInstallFileA
GetFileVersionInfoSizeA
GetFileVersionInfoA

advapi32

LockServiceDatabase
RegCloseKey
GetSidIdentifierAuthority
LookupAccountNameW
GetAce
GetSidSubAuthority
SetSecurityDescriptorSacl
RegQueryValueA
GetServiceDisplayNameA
GetFileSecurityA
CryptSetHashParam
AccessCheckAndAuditAlarmW
OpenThreadToken
QueryServiceStatus
ObjectCloseAuditAlarmA

gdi32

GetEnhMetaFileDescriptionA
ExtSelectClipRgn
Ellipse
GetClipRgn
GetWindowExtEx
GetTextAlign
AddFontResourceW
ExtCreatePen

user32

DragDetect
CreateCaret
CharLowerW
UnhookWindowsHook
TrackMouseEvent

oleaut32

VariantChangeType
SysFreeString

ws2_32

WSAAddressToStringW
getsockname
WSASetLastError
WSAGetQOSByName

Sections

.text
Size: 4KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55f3759b3a25ac4c8c0dcf211567101e

Headers

File Characteristics

Imports

kernel32

version

advapi32

gdi32

user32

oleaut32

ws2_32

Sections

.text Size: 4KB - Virtual size: 197KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 252KB - Virtual size: 251KB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 4KB - Virtual size: 197KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 252KB - Virtual size: 251KB

.rsrc
Size: 8KB - Virtual size: 5KB