4476c4d8080c85735f2db61a0fee4169_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4476c4d8080c85735f2db61a0fee4169_JaffaCakes118
Size

316KB
MD5

4476c4d8080c85735f2db61a0fee4169
SHA1

3644fbd40e00c3b610929c68f66311c9e866eda9
SHA256

cb4046854793a36dda347305b893efb361fe4311781f6830b7c4611717558947
SHA512

2c6e250e936434d95d9cb8bc92a0519857d9eb9aacd16d8ea5e4b8fd864123324a24897c4986ff5c2bc3f6ab3c40910b8349c73d9661ecd5122c6ee6b665ba59
SSDEEP

6144:U0zx3zhrElJOPXalcCwLftrBAmx8g/+CzBbNUtdfLxN8/EhuH2JKVRx35:UaVzel7lOOw8g2CzBb0zxNkEhuH1x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4476c4d8080c85735f2db61a0fee4169_JaffaCakes118

Files

4476c4d8080c85735f2db61a0fee4169_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e8e13c56e1e74afe62479e57ab837cfd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RemoveDirectoryW
GetSystemInfo
GetProfileStringA
GetUserDefaultLangID
GetTickCount
EndUpdateResourceA
SearchPathW
GetSystemTimeAdjustment
GetOverlappedResult
IsValidLocale
lstrcpynA
GetCurrentProcessId
VirtualQuery
GetTapeStatus
GetCommandLineW
VirtualFree
GetDateFormatA
GetDriveTypeW
CreateDirectoryA
GetProfileIntA
FindResourceExA
GetCommState
SwitchToFiber
WriteFile
GetFileAttributesA
CopyFileExW
InitializeCriticalSection
CompareStringA
GetTempFileNameA
EnumCalendarInfoW
LoadResource
SetProcessWorkingSetSize
GetTimeZoneInformation
SetConsoleActiveScreenBuffer
GlobalFindAtomW
PeekNamedPipe
VirtualProtect
VirtualQueryEx
GetEnvironmentVariableW
ReadConsoleOutputA
GetDriveTypeA
GlobalFindAtomA
LocalReAlloc
UnmapViewOfFile
GetModuleFileNameW
RaiseException
OutputDebugStringA
ReadConsoleInputW
GetACP
GetWindowsDirectoryA
SetFileAttributesA
EnumDateFormatsW
GetTapeParameters
SetSystemTime
GetProcessHeap
GetVersionExA
FindFirstFileA
LocalSize
GetShortPathNameA
SetProcessAffinityMask
_llseek
SetHandleCount
GetBinaryTypeW
SizeofResource
_lopen
SetThreadPriorityBoost
QueryDosDeviceA
GetCurrentDirectoryW
ExpandEnvironmentStringsW
OutputDebugStringW
_lread
SetTimeZoneInformation
lstrcatW
GetTempPathW
GetVolumeInformationW
CreateEventA
GetLongPathNameA
GetCommConfig
WriteProcessMemory
LoadLibraryExW
SystemTimeToFileTime
GetShortPathNameW
VirtualAlloc
WritePrivateProfileStructA
EraseTape
DebugBreak
CreateNamedPipeW
GetFullPathNameA
GetCommandLineA
ReadFileScatter
ExitProcess

user32

PostQuitMessage
EqualRect
OpenWindowStationA

gdi32

GetCharWidthW
DeleteMetaFile
SelectClipRgn
PolylineTo
EnumFontFamiliesExA
CreateEnhMetaFileA
PlayEnhMetaFile
ArcTo
CloseFigure
ExcludeClipRect
SetWinMetaFileBits
CreateEnhMetaFileW
PlayMetaFile

advapi32

IsValidSecurityDescriptor
RegGetKeySecurity
RegOpenKeyA
RegSetValueExW
GetSecurityDescriptorSacl
IsValidAcl
GetCurrentHwProfileW
CryptGenRandom
RegisterEventSourceA
AllocateAndInitializeSid
CryptSetHashParam
GetSidLengthRequired
QueryServiceConfigW
CryptDestroyKey
GetSidSubAuthority
GetFileSecurityA
LookupPrivilegeValueW
RegEnumKeyExW

shell32

SHFileOperationA
ExtractIconA
SHChangeNotify

ole32

CoRegisterClassObject
ReadClassStm
CoRegisterMallocSpy

oleaut32

QueryPathOfRegTypeLi
SafeArrayGetElement
VariantChangeType

comctl32

CreateToolbarEx

shlwapi

SHDeleteKeyW

Sections

.text
Size: 296KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e8e13c56e1e74afe62479e57ab837cfd

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

Sections

.text Size: 296KB - Virtual size: 292KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 8KB

.text
Size: 296KB - Virtual size: 292KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 8KB