3ba040c9b28e32aac816597327cfb0a5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3ba040c9b28e32aac816597327cfb0a5_JaffaCakes118
Size

5.7MB
MD5

3ba040c9b28e32aac816597327cfb0a5
SHA1

bfe1a1d52138e5dde5e788cbec6b80b22b4265e0
SHA256

99bca8c34293da2dc70b7f101e051bd084b2f7155a0e56551d4aa6a2d04571ee
SHA512

7d6e7af87ab18e836ae8aa36e9074929124fcdabca54119ebdef6a4d7cb2fa40f35e213e72befe3a227ae139d0d4bd5c480259c5874e183937004f6a5f82a306
SSDEEP

98304:MBi2X0Db1RsRfwGzZRpUGcLTaXdKJ8bZbybpETZrVv6VuhTDXzSTrI8ipsxpGEp:MBrXG1RS1M3L2nZ8Y9t6VuhrzFHGIO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ba040c9b28e32aac816597327cfb0a5_JaffaCakes118

Files

3ba040c9b28e32aac816597327cfb0a5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e3c7336413d466d64b51b0d36efaf826

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

ExtTextOutW
ArcTo

advapi32

CryptGetHashParam
SetNamedSecurityInfoA
AbortSystemShutdownW
GetTokenInformation
MakeSelfRelativeSD
GetSidIdentifierAuthority
RegisterEventSourceA
GetAclInformation
CloseEventLog
ClearEventLogW
GetFileSecurityW
LookupPrivilegeValueW
CryptGenRandom
RegisterServiceCtrlHandlerW

kernel32

ExitProcess
EnumSystemCodePagesA
GetDiskFreeSpaceExA
GetThreadPriority
GetDriveTypeW
LoadLibraryExW
GetTapeStatus
ScrollConsoleScreenBufferA
IsBadReadPtr
GetCurrentProcess
FreeLibraryAndExitThread
DebugBreak
VirtualProtect
CompareStringA
SetNamedPipeHandleState
VirtualUnlock
WriteFile
GlobalUnlock
SetTimeZoneInformation
VirtualLock
GenerateConsoleCtrlEvent
FreeEnvironmentStringsA
RaiseException
WritePrivateProfileStringW
SetEnvironmentVariableW
GetFileType
ReadFileScatter
GetSystemTimeAsFileTime
SizeofResource
FreeLibrary
GetHandleInformation
TryEnterCriticalSection

ws2_32

shutdown
WSASendDisconnect
WSAEnumNameSpaceProvidersA
WSAGetServiceClassNameByClassIdW
WSAAddressToStringW
WSAEnumProtocolsW
WSALookupServiceEnd
WSAConnect

user32

EnumDisplayDevicesW
DefWindowProcA
CheckMenuItem
CreateDialogIndirectParamA
SystemParametersInfoA
EnumChildWindows
RegisterHotKey
ChildWindowFromPoint

version

VerQueryValueA

msvcrt

_wmakepath
_strupr
_cwait
swscanf
abort
_strnicoll
_locking
strspn
_mbscat
vswprintf
_mbstrlen
_access
getenv
_ui64tow
iswctype
asctime
_pctype
_spawnv
setlocale
strncat
_tempnam
_mbctoupper
setvbuf

Sections

.text
Size: 2KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3c7336413d466d64b51b0d36efaf826

Headers

File Characteristics

Imports

gdi32

advapi32

kernel32

ws2_32

user32

version

msvcrt

Sections

.text Size: 2KB - Virtual size: 223KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 5.4MB - Virtual size: 5.4MB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 2KB - Virtual size: 223KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 5.4MB - Virtual size: 5.4MB

.rsrc
Size: 17KB - Virtual size: 16KB