4bf29258acac43138ad6b35aab1d7534_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4bf29258acac43138ad6b35aab1d7534_JaffaCakes118
Size

246KB
MD5

4bf29258acac43138ad6b35aab1d7534
SHA1

a66bd0f27b5f529b4b5d13b3f5362e6fdef5d1bb
SHA256

e92a23ab75307ef1051771e391e5f1dddefa84b889fa0025605468e18c251a9c
SHA512

a624bb4b69e273af97864072ca1c9ca777d956d8a66c62523d5ce86d7e9c2b444cd8c01b431e8bc08cad8ae2ea2546afa92292a75a19c8fbfebb897c95336dbf
SSDEEP

6144:lh97+lfxfdCal1R+h3hThIZkrNF2Zf1NXRq1o:B7+lfxjkdrH2Z3i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4bf29258acac43138ad6b35aab1d7534_JaffaCakes118

Files

4bf29258acac43138ad6b35aab1d7534_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bf973b1af59c5225a1cbf24fea80b7e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

DragQueryPoint
DragFinish
SHEmptyRecycleBinW

comdlg32

PrintDlgA
PrintDlgW
PageSetupDlgW
ChooseColorW
LoadAlterBitmap
ReplaceTextW

gdi32

RemoveFontResourceW
GetTextMetricsW
GetEnhMetaFileDescriptionW
ExcludeClipRect
EnumFontsW
PlayMetaFile
ExtTextOutW
FrameRgn
PolyTextOutW
EnableEUDC
ResetDCA
OffsetRgn
GetTextCharsetInfo
SetPixel
StretchBlt
StartDocA
StartDocW
DeleteEnhMetaFile

wininet

InternetGoOnlineW
InternetHangUp
GopherOpenFileA
FtpGetCurrentDirectoryW
SetUrlCacheEntryInfoW
InternetSetDialState
RetrieveUrlCacheEntryStreamW
UnlockUrlCacheEntryFile
InternetSetOptionW
FindFirstUrlCacheEntryExW

kernel32

VirtualFree
TlsGetValue
GetEnvironmentStrings
InitializeCriticalSection
GetCurrentThread
FreeEnvironmentStringsA
InterlockedDecrement
InterlockedIncrement
HeapDestroy
TlsFree
GetStdHandle
RemoveDirectoryW
GetLocaleInfoW
GetSystemTimeAsFileTime
CompareStringA
VirtualAlloc
DeleteAtom
TerminateProcess
CompareStringW
GetStartupInfoA
HeapCreate
WideCharToMultiByte
GetEnvironmentStringsW
GetStringTypeW
SetUnhandledExceptionFilter
SetHandleCount
ExitProcess
GetProcAddress
OpenMutexA
GetVersionExA
GetLocaleInfoA
VirtualQuery
IsDebuggerPresent
LeaveCriticalSection
GetACP
LoadLibraryA
RtlUnwind
GetNamedPipeHandleStateW
Sleep
GetPrivateProfileSectionNamesA
TlsAlloc
GetProfileStringA
GetLastError
GetModuleFileNameA
GetCommandLineA
DeleteCriticalSection
LCMapStringA
EnterCriticalSection
GetOEMCP
GetExitCodeProcess
GetTimeFormatA
MultiByteToWideChar
lstrcpyA
GetCurrentProcessId
SetCriticalSectionSpinCount
QueryPerformanceCounter
LCMapStringW
WaitNamedPipeA
TlsSetValue
GetUserDefaultLCID
SetCurrentDirectoryA
WriteFile
GetCPInfo
HeapSize
HeapReAlloc
UnhandledExceptionFilter
HeapAlloc
GetDateFormatA
SetLastError
IsValidCodePage
GetCurrentProcess
FreeEnvironmentStringsW
CopyFileA
GetStringTypeA
GetTimeZoneInformation
FreeLibrary
InterlockedExchange
IsValidLocale
GetModuleHandleA
GetTickCount
SetConsoleCtrlHandler
GetFileType
VirtualProtect
GetCurrentThreadId
EnumSystemLocalesA
GetProcessHeap
ReadConsoleA
HeapFree
GlobalDeleteAtom
SetEnvironmentVariableA
GetEnvironmentStringsA

advapi32

CryptDestroyKey
RegEnumKeyExA

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf973b1af59c5225a1cbf24fea80b7e2

Headers

File Characteristics

Imports

shell32

comdlg32

gdi32

wininet

kernel32

advapi32

Sections

.text Size: 117KB - Virtual size: 116KB

.data Size: 114KB - Virtual size: 125KB

.rsrc Size: 13KB - Virtual size: 13KB

.text
Size: 117KB - Virtual size: 116KB

.data
Size: 114KB - Virtual size: 125KB

.rsrc
Size: 13KB - Virtual size: 13KB