42a0440a1842d3de47ad277758475b99_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

42a0440a1842d3de47ad277758475b99_JaffaCakes118
Size

449KB
MD5

42a0440a1842d3de47ad277758475b99
SHA1

da7ab0561e9bd73cea6bff6fd2bde2dba6cb94ac
SHA256

5aeb54efb0adb254426c12824cf0c9483a249c35da76cd9ed961a54d3190bb73
SHA512

7098325e8007ae1d48347dc502c014f3b9c4f9f15eb9b71d21d14fdc14b8a3728944ddff34b904b7c43c583165e8ea6db99a9db46c7f42b5ce4457e3f57b2cc7
SSDEEP

6144:Jt/2vXXf2Wfxlo51SBvQr6bwg//rnM0hVe8NF48vmgpEr2nEqnioWfft/X6jEhxq:PCvKkBDnrM0hZt9gsFnDWtfrhmJ+5La

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42a0440a1842d3de47ad277758475b99_JaffaCakes118

Files

42a0440a1842d3de47ad277758475b99_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a318bb67257cbf8465843a847fc8c39d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
IsValidCodePage
GetCPInfo
FreeEnvironmentStringsA
GetLocaleInfoA
InterlockedExchange
GetDateFormatA
GetCurrentThread
TlsAlloc
GetModuleHandleA
GetCommandLineW
EnumSystemLocalesA
QueryPerformanceCounter
GetTickCount
GetTimeFormatA
GetSystemTimeAsFileTime
InitializeCriticalSection
GetStringTypeA
FlushFileBuffers
GetProcAddress
TlsSetValue
HeapReAlloc
FreeEnvironmentStringsW
GetStdHandle
WriteFile
HeapSize
HeapFree
GetOEMCP
InterlockedDecrement
UnhandledExceptionFilter
GlobalDeleteAtom
GetModuleFileNameW
IsValidLocale
GetProcessHeap
TlsFree
ExitProcess
HeapCreate
MultiByteToWideChar
LoadLibraryA
Sleep
GetTimeZoneInformation
GetLocaleInfoW
GetStartupInfoW
LCMapStringA
GetCurrentProcess
CreatePipe
LocalLock
GetEnvironmentStringsW
RtlUnwind
GetVersionExW
GetEnvironmentStrings
GetUserDefaultLCID
VirtualFree
TlsGetValue
GetStartupInfoA
HeapDestroy
GetStringTypeW
FreeLibrary
VirtualQuery
GetModuleFileNameA
CompareStringA
IsDebuggerPresent
CreateMutexA
LCMapStringW
EnterCriticalSection
TerminateProcess
SetEnvironmentVariableA
SetConsoleCtrlHandler
SetHandleCount
LeaveCriticalSection
GetLastError
GetCurrentThreadId
GetCommandLineA
GetFileType
DeleteCriticalSection
WideCharToMultiByte
CompareStringW
VirtualAlloc
SetConsoleTitleA
InterlockedIncrement
VirtualFreeEx
SetLastError
SetUnhandledExceptionFilter
WritePrivateProfileSectionA
GetPrivateProfileIntW
GetACP
HeapLock
HeapAlloc
GetVersionExA

user32

EndTask
GetKeyNameTextW
GetComboBoxInfo
IsDialogMessage
MonitorFromWindow
wsprintfW
DestroyMenu
CreateCursor
IntersectRect
FreeDDElParam
CharNextExA
GetWindowModuleFileNameA
ChangeMenuW
RegisterHotKey
BeginDeferWindowPos

wininet

FindNextUrlCacheContainerW
UpdateUrlCacheContentPath
InternetGoOnline
DeleteUrlCacheGroup
CreateUrlCacheGroup

shell32

SheChangeDirA

comdlg32

ChooseFontA
LoadAlterBitmap

advapi32

CryptReleaseContext
RegSetValueExA
CryptSetKeyParam
LookupSecurityDescriptorPartsA
RegCloseKey
RegFlushKey
RegQueryValueW
CryptGetDefaultProviderA

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a318bb67257cbf8465843a847fc8c39d

Headers

File Characteristics

Imports

kernel32

user32

wininet

shell32

comdlg32

advapi32

Sections

.text Size: 150KB - Virtual size: 149KB

.rdata Size: 9KB - Virtual size: 20KB

.data Size: 280KB - Virtual size: 280KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 150KB - Virtual size: 149KB

.rdata
Size: 9KB - Virtual size: 20KB

.data
Size: 280KB - Virtual size: 280KB

.rsrc
Size: 9KB - Virtual size: 8KB