409f4626fc2d98694a1c582f3a7d3dfb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

409f4626fc2d98694a1c582f3a7d3dfb_JaffaCakes118
Size

201KB
MD5

409f4626fc2d98694a1c582f3a7d3dfb
SHA1

00243a729fcab79ec3da9c16a721feb16bb331fe
SHA256

15b06699b2f21e788495c267663f1e30c28509678b40135645a8d9a67317c3a0
SHA512

07415eaa10d6af2b8191b5c56fd4e6c51e051920d59cc2ed0f820473e2da11388a30fc5d88bd9f4d310d2762a6774d3c2546c530ec54d04432e5fc9364fb05c9
SSDEEP

6144:3gdM/0j/WG536OrNDNK2UgLbjHgZ5TmD:3ge0zWQVNK27gi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
409f4626fc2d98694a1c582f3a7d3dfb_JaffaCakes118

Files

409f4626fc2d98694a1c582f3a7d3dfb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9e21ebb577ecc6841b573760d2f81cf2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptCreateHash
CryptGetHashParam
CryptAcquireContextA
CryptReleaseContext
CryptHashData
CryptDestroyHash

shell32

CommandLineToArgvW

psapi

GetProcessMemoryInfo

msvfw32

ICInfo

imagehlp

ImageNtHeader
ImageRvaToVa
ImageGetDigestStream
ImageDirectoryEntryToData

user32

CharNextA
MonitorFromWindow
wsprintfW
CharNextW

kernel32

SizeofResource
GlobalLock
GetFileSize
FindFirstFileW
GetSystemDirectoryA
lstrcmpiA
GetProcessHeap
CreateDirectoryW
lstrlenA
CreateFileW
InterlockedIncrement
AreFileApisANSI
GlobalAlloc
UnmapViewOfFile
CopyFileW
HeapAlloc
HeapSize
LoadLibraryA
CreateFiberEx
GetFullPathNameA
LoadLibraryExA
_lwrite
ReadFile
GetLocaleInfoA
FindResourceW
HeapFree
GetTempFileNameW
Sleep
EscapeCommFunction
GetCurrentProcessId
EnumResourceTypesW
WriteFile
LoadLibraryExW
DeleteFileW
GetFileAttributesA
FindNextFileW
GetFullPathNameW
lstrlenW
GetVersionExA
BeginUpdateResourceW
EnumResourceLanguagesW
SetFileAttributesW
LocalFree
RemoveDirectoryA
SetFilePointer
CopyFileA
GetCurrentDirectoryW
LeaveCriticalSection
SetFileAttributesA
EnumResourceNamesA
_llseek
LoadResource
WideCharToMultiByte
ExitProcess
CreateFileMappingA
GetProcAddress
TerminateProcess
SetEndOfFile
IsDebuggerPresent
QueryPerformanceCounter
GetCommandLineW
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
MoveFileW
FindNextFileA
LockResource
GetFileAttributesW
UnhandledExceptionFilter
CreateFileA
DeleteCriticalSection
GetCurrentThreadId
CreateDirectoryA
FindFirstFileA
UpdateResourceW
GetACP
DebugBreak
SetLastError
GetFileInformationByHandle
GetLastError
GetTickCount
FreeResource
DeleteFileA
GetThreadLocale
InterlockedExchange
_lread
GetVersion
FindClose
HeapReAlloc
GetTempPathW
EnterCriticalSection
FatalExit
CloseHandle
GetCurrentProcess
MapViewOfFile
EndUpdateResourceW
GetEnvironmentVariableA
InterlockedCompareExchange
FreeLibrary
FindResourceExW
MultiByteToWideChar
_lclose
GetVersionExW
EnumResourceNamesW
InterlockedDecrement
RaiseException
GlobalFree
OutputDebugStringA
GlobalUnlock
RemoveDirectoryW
GetModuleHandleW
GetStringTypeExW
GetOEMCP
FormatMessageW
InitializeCriticalSection
HeapDestroy
lstrcpyA

Sections

.text
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e21ebb577ecc6841b573760d2f81cf2

Headers

File Characteristics

Imports

advapi32

shell32

psapi

msvfw32

imagehlp

user32

kernel32

Sections

.text Size: 182KB - Virtual size: 181KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 14KB - Virtual size: 14KB

.lib Size: 512B - Virtual size: 224KB

.text
Size: 182KB - Virtual size: 181KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 14KB - Virtual size: 14KB

.lib
Size: 512B - Virtual size: 224KB