46f6e63d8ca00d1d6e5f1ec2b3d1e2e1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

46f6e63d8ca00d1d6e5f1ec2b3d1e2e1_JaffaCakes118
Size

468KB
MD5

46f6e63d8ca00d1d6e5f1ec2b3d1e2e1
SHA1

f5020a02c3091accefbfe8e105a3742cf250dea8
SHA256

79d319fb50d3490e6faab4a75155e3f7e248492d797f1e50bcc97ff7632344d9
SHA512

50f168f27f8e383f71d54a703c668f83a7e52227fdb5c1fedef5009cd251d5a01cb384e47a966c0d2be02f0e0b4ef4339f60ea4d09aa5b416211ad8e1d566598
SSDEEP

6144:4YQ6rQukU95If6RQw0mBhayZSbToxDariuFdw/NFlvQP47Erw5GRTu3qUZq4rmzt:NQ6cUIfkQTmWbUxDa2j5r4fp09rQx/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46f6e63d8ca00d1d6e5f1ec2b3d1e2e1_JaffaCakes118

Files

46f6e63d8ca00d1d6e5f1ec2b3d1e2e1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

593f652575428f0a92a06dda7265bde1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\o

Imports

comctl32

ImageList_Read
ImageList_Merge
InitCommonControlsEx

kernel32

GetStringTypeW
CreateProcessW
LoadLibraryA
CreateMutexA
LCMapStringA
TlsFree
GetEnvironmentStrings
GetCurrentProcessId
HeapFree
TlsAlloc
GetCurrentThreadId
ReleaseMutex
SetFilePointer
lstrcmpiW
GetTimeZoneInformation
FindNextChangeNotification
SetHandleCount
GetFileAttributesW
WaitForMultipleObjects
FlushConsoleInputBuffer
InterlockedIncrement
VirtualQuery
GetCurrencyFormatW
CompareStringA
IsBadWritePtr
LocalReAlloc
HeapCreate
GetSystemDirectoryW
QueryPerformanceCounter
GetStringTypeA
TlsGetValue
FreeEnvironmentStringsW
HeapAlloc
SetEnvironmentVariableA
ReadFile
HeapReAlloc
GetThreadContext
GetSystemTimeAsFileTime
UnhandledExceptionFilter
LCMapStringW
CloseHandle
CompareStringW
TlsSetValue
DeleteCriticalSection
InterlockedExchange
VirtualAlloc
HeapDestroy
GlobalGetAtomNameW
GetLogicalDriveStringsA
GetPrivateProfileSectionNamesW
FindFirstFileW
TerminateProcess
GetProcAddress
GetFileType
GetStartupInfoW
EnterCriticalSection
CreateWaitableTimerW
lstrcmpW
GetCPInfo
GetDiskFreeSpaceA
GetCommandLineW
GetStartupInfoA
GetModuleHandleA
EnumResourceLanguagesW
RtlUnwind
OpenFileMappingA
GetModuleFileNameW
lstrcpyW
GetSystemDefaultLangID
GetTickCount
FindNextFileA
InitializeCriticalSection
GetCurrentThread
GetPrivateProfileStructW
FreeEnvironmentStringsA
lstrlen
OpenMutexA
WideCharToMultiByte
SetStdHandle
GetSystemTime
GetModuleFileNameA
MultiByteToWideChar
SetLastError
InterlockedDecrement
VirtualFree
GetStdHandle
SetComputerNameA
GetCommandLineA
GetLastError
GetLocalTime
GetCurrentProcess
GetVersion
FindResourceW
ExitProcess
GetEnvironmentStringsW
GetLocaleInfoW
FlushFileBuffers
LeaveCriticalSection
WriteFile
SetConsoleCtrlHandler

user32

CreateMDIWindowA
DdeCreateDataHandle
MsgWaitForMultipleObjectsEx
DdeFreeStringHandle
DestroyWindow
BroadcastSystemMessageW
DialogBoxParamW
DdeGetData
SetMenuItemInfoW
ReuseDDElParam
GetClipboardFormatNameW
CreateWindowExA
GetUserObjectSecurity
RemoveMenu
LoadAcceleratorsW
ToAsciiEx
ToAscii
InsertMenuItemA
GetKBCodePage
ActivateKeyboardLayout
RegisterClassExA
InvalidateRect
EnumDisplaySettingsA
GetClassInfoA
GetDialogBaseUnits
GetWindowInfo
DrawTextA
CharPrevA
OpenWindowStationW
GetSubMenu
GetClipboardViewer
DefWindowProcA
GetForegroundWindow
MessageBoxA
LoadKeyboardLayoutW
ShowWindow
CreateCaret
GetNextDlgTabItem
HideCaret
SetScrollInfo
GetWindowLongA
LookupIconIdFromDirectory
GetKeyNameTextA
RegisterClassA
MessageBoxExW
DefWindowProcW
DialogBoxIndirectParamA

shell32

SHGetDataFromIDListA

advapi32

RegDeleteValueW
CryptGetDefaultProviderA
RegCreateKeyW
CryptSetProviderExW
CryptGenKey
RegEnumValueA
CryptDeriveKey
RegSetValueW
CryptExportKey
RegOpenKeyExA
RegQueryValueW
RegReplaceKeyA
CryptEnumProvidersA
CryptImportKey

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

593f652575428f0a92a06dda7265bde1

Headers

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

shell32

advapi32

Sections

.text Size: 76KB - Virtual size: 73KB

.rdata Size: 248KB - Virtual size: 247KB

.data Size: 104KB - Virtual size: 116KB

.rsrc Size: 36KB - Virtual size: 34KB

.text
Size: 76KB - Virtual size: 73KB

.rdata
Size: 248KB - Virtual size: 247KB

.data
Size: 104KB - Virtual size: 116KB

.rsrc
Size: 36KB - Virtual size: 34KB