448f1dcfa7f0fc0e44884192de968c3e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

448f1dcfa7f0fc0e44884192de968c3e_JaffaCakes118
Size

518KB
MD5

448f1dcfa7f0fc0e44884192de968c3e
SHA1

a0eec3513f91e4c6775a17cf722cc9223d0675b1
SHA256

e638221c09877233f0a583c411cad166321cbcb7e41e385098c7bdf2a679d7b4
SHA512

f9ed84513472bea0e9ecf9a1ea0a5230961f02300d176126a259d3fd2fae9eb507cf5cf00e0d0989a9e0cf0d37548981bc2f49433b7805131846f134dadc841d
SSDEEP

12288:1BzILWOy/Ri4a5J0cariiWf0jGgbdb+QGb:jILW1i4Aicariiyj8db+QG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
448f1dcfa7f0fc0e44884192de968c3e_JaffaCakes118

Files

448f1dcfa7f0fc0e44884192de968c3e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

20ad95be5e2531ffb427cb2c19d9cd74

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

h:\p

Imports

kernel32

VirtualAlloc
GetConsoleOutputCP
TlsSetValue
SetLastError
QueryPerformanceCounter
InitializeCriticalSection
InterlockedIncrement
ReadFile
HeapAlloc
GetLocalTime
MultiByteToWideChar
SetUnhandledExceptionFilter
GetEnvironmentVariableW
SetEnvironmentVariableW
GetUserDefaultLCID
GetModuleHandleA
WriteConsoleA
TlsFree
GetLocaleInfoW
LCMapStringW
GetDateFormatA
GetTickCount
CreateFileA
EnterCriticalSection
ExitProcess
IsValidCodePage
GetStartupInfoA
LocalFileTimeToFileTime
InterlockedDecrement
GetOEMCP
UnhandledExceptionFilter
VirtualQuery
HeapCreate
GetCurrentProcess
OpenEventA
LCMapStringA
SetHandleCount
SetFilePointer
CreateMutexA
GetLocaleInfoA
GetConsoleMode
FlushFileBuffers
InterlockedExchange
GetVersionExA
DeleteCriticalSection
Sleep
GetLastError
TlsAlloc
SetStdHandle
IsDebuggerPresent
GetTimeFormatA
IsValidLocale
TlsGetValue
VirtualFree
GetEnvironmentStrings
HeapFree
GetFileAttributesW
SetComputerNameW
SetConsoleCtrlHandler
GetConsoleCP
GetTimeZoneInformation
GetStringTypeW
GetProcAddress
HeapReAlloc
GetStdHandle
EnumSystemLocalesA
CompareStringA
LoadLibraryA
OpenMutexA
WriteFile
LockResource
HeapDestroy
GetCommandLineA
lstrcmpi
GetModuleFileNameA
GetProcessHeap
HeapSize
GetACP
GetCurrentThreadId
RtlUnwind
FreeLibrary
CompareStringW
GetFileType
SetEnvironmentVariableA
ReadConsoleOutputCharacterA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCPInfo
GetStringTypeA
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
CloseHandle
GetCurrentThread
CreateThread
GetEnvironmentStringsW
LeaveCriticalSection
TerminateProcess
WriteConsoleW
LocalFlags

comdlg32

PrintDlgW
GetSaveFileNameA

comctl32

InitCommonControlsEx

user32

SetUserObjectInformationW
GetClassLongA
LoadMenuIndirectA
RegisterClassExA
WINNLSGetIMEHotkey
GetWindowLongW
DestroyWindow
wvsprintfW
RegisterClassA
SetDebugErrorLevel
SetTimer
GetSysColorBrush

advapi32

CryptDecrypt
RegConnectRegistryW
RegSaveKeyA

Sections

.text
Size: 367KB - Virtual size: 367KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20ad95be5e2531ffb427cb2c19d9cd74

Headers

File Characteristics

PDB Paths

Imports

kernel32

comdlg32

comctl32

user32

advapi32

Sections

.text Size: 367KB - Virtual size: 367KB

.rdata Size: 24KB - Virtual size: 28KB

.data Size: 116KB - Virtual size: 115KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 367KB - Virtual size: 367KB

.rdata
Size: 24KB - Virtual size: 28KB

.data
Size: 116KB - Virtual size: 115KB

.rsrc
Size: 9KB - Virtual size: 8KB