40b73dce89d455d7a1df36027b9fb4e1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

40b73dce89d455d7a1df36027b9fb4e1_JaffaCakes118
Size

5.7MB
MD5

40b73dce89d455d7a1df36027b9fb4e1
SHA1

d1f7ad363c96646f291f06fb7e119e2005b121e0
SHA256

32a88e6cf5653d432a1727b28c79548f5a170805d0b92f29406318a3fc3927ee
SHA512

d77b2e07827474e624182b31d088930e805a03bc6c443d4956e6396c61cfcb4fa789f7870b3d695e54003cee5fc99203738c8aa68279aa3b704ddb344ceb4c0e
SSDEEP

98304:MBi2X0Db1RsRfwGzZRpUGcLTaXdKJ8bZbybpETZrVv6VuhTDXzSTrI8ipsxpGnU:MBrXG1RS1M3L2nZ8Y9t6VuhrzFHGInU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40b73dce89d455d7a1df36027b9fb4e1_JaffaCakes118

Files

40b73dce89d455d7a1df36027b9fb4e1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e3c7336413d466d64b51b0d36efaf826

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

ExtTextOutW
ArcTo

advapi32

CryptGetHashParam
SetNamedSecurityInfoA
AbortSystemShutdownW
GetTokenInformation
MakeSelfRelativeSD
GetSidIdentifierAuthority
RegisterEventSourceA
GetAclInformation
CloseEventLog
ClearEventLogW
GetFileSecurityW
LookupPrivilegeValueW
CryptGenRandom
RegisterServiceCtrlHandlerW

kernel32

ExitProcess
EnumSystemCodePagesA
GetDiskFreeSpaceExA
GetThreadPriority
GetDriveTypeW
LoadLibraryExW
GetTapeStatus
ScrollConsoleScreenBufferA
IsBadReadPtr
GetCurrentProcess
FreeLibraryAndExitThread
DebugBreak
VirtualProtect
CompareStringA
SetNamedPipeHandleState
VirtualUnlock
WriteFile
GlobalUnlock
SetTimeZoneInformation
VirtualLock
GenerateConsoleCtrlEvent
FreeEnvironmentStringsA
RaiseException
WritePrivateProfileStringW
SetEnvironmentVariableW
GetFileType
ReadFileScatter
GetSystemTimeAsFileTime
SizeofResource
FreeLibrary
GetHandleInformation
TryEnterCriticalSection

ws2_32

shutdown
WSASendDisconnect
WSAEnumNameSpaceProvidersA
WSAGetServiceClassNameByClassIdW
WSAAddressToStringW
WSAEnumProtocolsW
WSALookupServiceEnd
WSAConnect

user32

EnumDisplayDevicesW
DefWindowProcA
CheckMenuItem
CreateDialogIndirectParamA
SystemParametersInfoA
EnumChildWindows
RegisterHotKey
ChildWindowFromPoint

version

VerQueryValueA

msvcrt

_wmakepath
_strupr
_cwait
swscanf
abort
_strnicoll
_locking
strspn
_mbscat
vswprintf
_mbstrlen
_access
getenv
_ui64tow
iswctype
asctime
_pctype
_spawnv
setlocale
strncat
_tempnam
_mbctoupper
setvbuf

Sections

.text
Size: 2KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3c7336413d466d64b51b0d36efaf826

Headers

File Characteristics

Imports

gdi32

advapi32

kernel32

ws2_32

user32

version

msvcrt

Sections

.text Size: 2KB - Virtual size: 223KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 5.4MB - Virtual size: 5.4MB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 2KB - Virtual size: 223KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 5.4MB - Virtual size: 5.4MB

.rsrc
Size: 17KB - Virtual size: 16KB