481e6a1010eb61ca74a7d794c9181be1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

481e6a1010eb61ca74a7d794c9181be1_JaffaCakes118
Size

423KB
MD5

481e6a1010eb61ca74a7d794c9181be1
SHA1

49d0c796c4b4206798ba3eeeebb71b0dab88a29a
SHA256

21a1d3e0491c2d33300a3e8aadcd85328170553a5f1673510d7ace6c305f88d6
SHA512

7170e12485f40b6160a571a50d63e9acaa0985c8e706f43c9bbdba996bb4b58ef9f6a01b81096884afecffc7764348916948fd377c023e3a9a9be64c94870780
SSDEEP

12288:eTSYz6OQBtK2S/FNo1yeZvNJkX/nBREuKEr:eTSYTKwF9KPZEXTEk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
481e6a1010eb61ca74a7d794c9181be1_JaffaCakes118

Files

481e6a1010eb61ca74a7d794c9181be1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a9de8546531a93787aa790283dc719c7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenEventW
lstrlenW
SetHandleCount
LoadLibraryExA
UnhandledExceptionFilter
SetThreadPriority
GetStringTypeW
LCMapStringW
WriteFile
InitializeCriticalSection
GetEnvironmentStringsW
TlsAlloc
InterlockedExchange
RtlUnwind
SetConsoleCursorInfo
ExitThread
HeapFree
ExitProcess
SetLastError
SetThreadAffinityMask
MultiByteToWideChar
GetSystemTimeAsFileTime
AddAtomA
GetCurrentThreadId
GlobalCompact
GetCurrentProcess
GetProcAddress
FreeEnvironmentStringsW
GetProcessAffinityMask
UnmapViewOfFile
GetStdHandle
SetCurrentDirectoryA
GetCurrentThread
VirtualAlloc
GetCommandLineA
HeapDestroy
GetCurrentProcessId
IsBadWritePtr
GetModuleHandleA
LCMapStringA
LoadLibraryA
GetCurrencyFormatW
GetModuleFileNameA
GlobalAlloc
HeapCreate
CreateMailslotA
GetDiskFreeSpaceA
VirtualQuery
lstrcpynA
GetStringTypeA
DeleteCriticalSection
GetLastError
LeaveCriticalSection
GetStartupInfoA
GetACP
GetOEMCP
GetTickCount
GetPrivateProfileSectionNamesA
FreeEnvironmentStringsA
LockFileEx
VirtualFree
EnterCriticalSection
OpenMutexA
TerminateProcess
CreateWaitableTimerW
GetEnvironmentStrings
TlsGetValue
GetCPInfo
WideCharToMultiByte
QueryPerformanceCounter
HeapReAlloc
GetFileType
GetFullPathNameA
GetTempPathW
OpenEventA
HeapAlloc
TlsFree
TlsSetValue
GetVersion

shell32

SHEmptyRecycleBinA
SHGetDataFromIDListW
SHAddToRecentDocs
FindExecutableW
DoEnvironmentSubstA

user32

IsDlgButtonChecked
LoadImageW
wvsprintfW
CreateIconFromResourceEx
LoadCursorFromFileW
ReleaseDC
wvsprintfA
CheckMenuRadioItem
SetDlgItemTextW
DrawStateA
DdeAbandonTransaction
EnumWindows
GetUpdateRect
CreateAcceleratorTableA
SetMenuItemInfoA

advapi32

RegLoadKeyA
LookupPrivilegeValueA
RegDeleteKeyA
InitiateSystemShutdownW
RegDeleteKeyW
CryptEnumProviderTypesW
CryptVerifySignatureW
CryptGetUserKey
RegSaveKeyA
CryptAcquireContextA
RegSetValueExA
RegEnumKeyA
CryptDuplicateHash
CryptDeriveKey
RegRestoreKeyW
CryptSignHashA

wininet

GopherGetAttributeW
FindFirstUrlCacheEntryA
ShowCertificate
InternetAlgIdToStringW
InternetOpenW
InternetInitializeAutoProxyDll

comdlg32

PageSetupDlgW
FindTextW
FindTextA

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9de8546531a93787aa790283dc719c7

Headers

File Characteristics

Imports

kernel32

shell32

user32

advapi32

wininet

comdlg32

Sections

.text Size: 130KB - Virtual size: 129KB

.rdata Size: 4KB - Virtual size: 15KB

.data Size: 277KB - Virtual size: 277KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 130KB - Virtual size: 129KB

.rdata
Size: 4KB - Virtual size: 15KB

.data
Size: 277KB - Virtual size: 277KB

.rsrc
Size: 10KB - Virtual size: 10KB