3bd06515e9b01370399c4420deb956c1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3bd06515e9b01370399c4420deb956c1_JaffaCakes118
Size

518KB
MD5

3bd06515e9b01370399c4420deb956c1
SHA1

71de337b5a8432d691d9325ff740cb75caa184a8
SHA256

95e3626dec7844941993975581d2badb9e6314618ce29ceeba05d18ed784e783
SHA512

4f8cb67422018034ca123d9a6ef8a6ab7545b4aa422dc9f4e8ac788d36951412d15faeb02d15a01bffffbd2264bd5bbe2eec0d2ddbf9fb0733f5847fe8e3ea4f
SSDEEP

12288:lBzILWOy/Ri4a5J0cariiWf0jGgbdb+NGk:zILW1i4Aicariiyj8db+NG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bd06515e9b01370399c4420deb956c1_JaffaCakes118

Files

3bd06515e9b01370399c4420deb956c1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

20ad95be5e2531ffb427cb2c19d9cd74

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

h:\p

Imports

kernel32

VirtualAlloc
GetConsoleOutputCP
TlsSetValue
SetLastError
QueryPerformanceCounter
InitializeCriticalSection
InterlockedIncrement
ReadFile
HeapAlloc
GetLocalTime
MultiByteToWideChar
SetUnhandledExceptionFilter
GetEnvironmentVariableW
SetEnvironmentVariableW
GetUserDefaultLCID
GetModuleHandleA
WriteConsoleA
TlsFree
GetLocaleInfoW
LCMapStringW
GetDateFormatA
GetTickCount
CreateFileA
EnterCriticalSection
ExitProcess
IsValidCodePage
GetStartupInfoA
LocalFileTimeToFileTime
InterlockedDecrement
GetOEMCP
UnhandledExceptionFilter
VirtualQuery
HeapCreate
GetCurrentProcess
OpenEventA
LCMapStringA
SetHandleCount
SetFilePointer
CreateMutexA
GetLocaleInfoA
GetConsoleMode
FlushFileBuffers
InterlockedExchange
GetVersionExA
DeleteCriticalSection
Sleep
GetLastError
TlsAlloc
SetStdHandle
IsDebuggerPresent
GetTimeFormatA
IsValidLocale
TlsGetValue
VirtualFree
GetEnvironmentStrings
HeapFree
GetFileAttributesW
SetComputerNameW
SetConsoleCtrlHandler
GetConsoleCP
GetTimeZoneInformation
GetStringTypeW
GetProcAddress
HeapReAlloc
GetStdHandle
EnumSystemLocalesA
CompareStringA
LoadLibraryA
OpenMutexA
WriteFile
LockResource
HeapDestroy
GetCommandLineA
lstrcmpi
GetModuleFileNameA
GetProcessHeap
HeapSize
GetACP
GetCurrentThreadId
RtlUnwind
FreeLibrary
CompareStringW
GetFileType
SetEnvironmentVariableA
ReadConsoleOutputCharacterA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCPInfo
GetStringTypeA
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
CloseHandle
GetCurrentThread
CreateThread
GetEnvironmentStringsW
LeaveCriticalSection
TerminateProcess
WriteConsoleW
LocalFlags

comdlg32

PrintDlgW
GetSaveFileNameA

comctl32

InitCommonControlsEx

user32

SetUserObjectInformationW
GetClassLongA
LoadMenuIndirectA
RegisterClassExA
WINNLSGetIMEHotkey
GetWindowLongW
DestroyWindow
wvsprintfW
RegisterClassA
SetDebugErrorLevel
SetTimer
GetSysColorBrush

advapi32

CryptDecrypt
RegConnectRegistryW
RegSaveKeyA

Sections

.text
Size: 367KB - Virtual size: 367KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20ad95be5e2531ffb427cb2c19d9cd74

Headers

File Characteristics

PDB Paths

Imports

kernel32

comdlg32

comctl32

user32

advapi32

Sections

.text Size: 367KB - Virtual size: 367KB

.rdata Size: 24KB - Virtual size: 28KB

.data Size: 116KB - Virtual size: 115KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 367KB - Virtual size: 367KB

.rdata
Size: 24KB - Virtual size: 28KB

.data
Size: 116KB - Virtual size: 115KB

.rsrc
Size: 9KB - Virtual size: 8KB