412893e0f1e221dbe5daabc8bb8622f3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

412893e0f1e221dbe5daabc8bb8622f3_JaffaCakes118
Size

196KB
MD5

412893e0f1e221dbe5daabc8bb8622f3
SHA1

a12abfc0b0b52a8df9c12fc3e6e2f515df96c32e
SHA256

00e4db3e18d15fe1ddc1a7444342fb9248b6e126966b08362293a3029372f30b
SHA512

ef62640a4f21880191ace9822acf410b77c198c5ef38c39090d543cad05504c9cecb1d81e6252a69623a75130ebd97248072c2246dce4a6d939ef433db45706c
SSDEEP

6144:EDVaIk397q1TB/JKXWdO1Z37X+cV2joqqgQBW6kaY:EDVap3Rq1F/JKX2kZ37Xjlnhk5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
412893e0f1e221dbe5daabc8bb8622f3_JaffaCakes118

Files

412893e0f1e221dbe5daabc8bb8622f3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9b5fd69452526e0a153a103fc991352b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA
wnsprintfA

kernel32

FreeLibrary
LocalAlloc
GetLastError
CreateDirectoryA
GetFileAttributesA
lstrcpyA
lstrlenA
DeleteFileA
SetFileAttributesA
CloseHandle
Process32Next
GetCurrentProcessId
Process32First
CreateToolhelp32Snapshot
GetTickCount
lstrcatA
GetSystemDirectoryA
MultiByteToWideChar
GetWindowsDirectoryA
HeapFree
Sleep
GetProcAddress
GetModuleHandleA
HeapAlloc
GetProcessHeap
ExitProcess
SetEnvironmentVariableA
GetTempPathA
GetCurrentDirectoryA
MoveFileA
SetFileTime
GetFileTime
WriteFile
CreateFileA
FindNextFileA
FindFirstFileA
lstrcmpiA
GetModuleFileNameA
WaitForSingleObject
CreateEventA
GetShortPathNameA
ExpandEnvironmentStringsA
OpenEventA
SetUnhandledExceptionFilter
GetCommandLineA
WideCharToMultiByte
GetStartupInfoA
InterlockedExchange
LoadLibraryA
RaiseException

version

GetFileVersionInfoA
GetFileVersionInfoSizeA

msvcrt

free
_stricmp
_except_handler3
strcpy
rand
srand
_ftol
toupper
tolower
??3@YAXPAX@Z
memcpy
??2@YAPAXI@Z
memset
strcat
strncat
strchr
strcmp
__CxxFrameHandler
_CxxThrowException
strncpy
strstr
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
strlen
_itoa
_strnicmp
_strlwr
malloc

sfc

SfcIsFileProtected

user32

CharNextA
wsprintfA

netapi32

NetUserGetLocalGroups

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 164KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b5fd69452526e0a153a103fc991352b

Headers

File Characteristics

Imports

shlwapi

kernel32

version

msvcrt

sfc

user32

netapi32

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 164KB - Virtual size: 165KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 164KB - Virtual size: 165KB

.rsrc
Size: 8KB - Virtual size: 4KB