470b20e5110bed694f98c5b2c4ce19f3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

470b20e5110bed694f98c5b2c4ce19f3_JaffaCakes118
Size

4.5MB
MD5

470b20e5110bed694f98c5b2c4ce19f3
SHA1

b973ad6a005825614d7072e83da46870a16e21e7
SHA256

05f6ef9f05ed36546978509aaa8aef460103b1f4c129137109298bb3fa64b9a8
SHA512

e968431af2a982a04840914366cb2365f46fd5b77903a84bf989005c84ccd39c9405937b6178b9fa915b027291090b6e30d7f9b775647012b80b4115e0995ed7
SSDEEP

98304:QMnFKK2Zr1fSiOpk2t7Q+qIHKFJ9Lfh4K6ReR9eneJtxr:Qp1KTpkq7ppHi+KieR9Zj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
470b20e5110bed694f98c5b2c4ce19f3_JaffaCakes118

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

470b20e5110bed694f98c5b2c4ce19f3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a33797f2f122da65167f2e7563fcee17

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualQueryEx
ReadProcessMemory
GetThreadContext
CreateProcessA
TerminateProcess
CloseHandle
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualProtectEx
VirtualFree
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
WriteFile
CreateFileA
lstrcpyA
GetLastError
CreateMutexA
GetWindowsDirectoryA
ReadFile
SetFilePointer
SizeofResource
LockResource
LoadResource
FindResourceA
EnumResourceNamesA
GetFileAttributesA
lstrlenA
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDriveStringsA
MoveFileExA
LoadLibraryA
DeleteFileA
SetFileAttributesA
LoadLibraryExA
HeapFree
UnmapViewOfFile
GetFileSize
HeapAlloc
GetProcessHeap
HeapCreate
GetTempPathA
WinExec
lstrcatA
FindClose
FindNextFileA
Sleep
FileTimeToSystemTime
SetCurrentDirectoryA
FindFirstFileA
GetModuleHandleA
WaitForSingleObject
CreateEventA
CreateThread
OpenMutexA
GetModuleFileNameA
CompareStringW
CompareStringA
GetLocaleInfoA
SetEnvironmentVariableA
GetProcAddress
FreeLibrary
CopyFileA
VirtualAlloc
FileTimeToLocalFileTime
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetCommandLineA
GetVersionExA
GetStartupInfoA
GetFullPathNameA
GetCurrentDirectoryA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
MultiByteToWideChar
LCMapStringW
HeapSize
InitializeCriticalSection
GetStringTypeA
GetStringTypeW

user32

DispatchMessageA
LoadCursorA
RegisterClassA
DefWindowProcA
PostQuitMessage
CreateWindowExA
wsprintfA
GetMessageA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a33797f2f122da65167f2e7563fcee17

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 3KB - Virtual size: 7KB

.rsrc Size: 65KB - Virtual size: 64KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 65KB - Virtual size: 64KB