49160163b589a2e1e71ed90c32f3dc43_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

49160163b589a2e1e71ed90c32f3dc43_JaffaCakes118
Size

472KB
MD5

49160163b589a2e1e71ed90c32f3dc43
SHA1

541ba9dc3030ad3f3aee12e2fe4fc8cd2e9aafe4
SHA256

f02dc0343eac5bae7b9d03e908165aab63a8b07ab5a80167433505365717e6f3
SHA512

f5ef4120962d5a060c369eaf3142ba2f3b0776e2d27222ee641d06a8a188844eb6ab3fba46a288b38cf9dffd93410162b45903ce836a7d2aebe8873f58088a86
SSDEEP

12288:9pAoVaKeKyziIiadeuSRWHJDZf1d7cU6ilO6Su41RPMzzghhL:9pA3KeKyziVadDMWFRcU6il8uSPRh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49160163b589a2e1e71ed90c32f3dc43_JaffaCakes118

Files

49160163b589a2e1e71ed90c32f3dc43_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5e413cd7cd4d03fb04cbccd05cef0538

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushFileBuffers
InterlockedDecrement
GetVersionExW
PulseEvent
GetStringTypeW
WaitForSingleObjectEx
HeapAlloc
LoadLibraryA
DeleteCriticalSection
TlsAlloc
GetTempFileNameW
CreateThread
SetTimeZoneInformation
GetACP
WideCharToMultiByte
WriteFile
FreeEnvironmentStringsA
HeapDestroy
HeapValidate
FindNextChangeNotification
UnhandledExceptionFilter
GetEnvironmentStrings
InitializeCriticalSection
GetEnvironmentStringsW
DeleteFileA
IsBadWritePtr
GetStdHandle
HeapCreate
GetProcAddress
CloseHandle
GetVersion
HeapFree
lstrcatA
GetCurrentThread
SetEnvironmentVariableA
LCMapStringA
VirtualQuery
SetStdHandle
LCMapStringW
TlsGetValue
FreeEnvironmentStringsW
LeaveCriticalSection
DebugBreak
GetStringTypeA
HeapReAlloc
SetLastError
ExitProcess
SetCurrentDirectoryW
FormatMessageW
VirtualAlloc
TerminateProcess
QueryPerformanceCounter
GetCurrentProcess
SetConsoleCtrlHandler
GetModuleHandleA
GetOEMCP
MultiByteToWideChar
OutputDebugStringA
GetCurrentThreadId
TlsSetValue
InterlockedIncrement
GetCommandLineA
GetStartupInfoA
GetCurrentProcessId
GetModuleFileNameA
SetFilePointer
GetCPInfo
AddAtomA
GetTickCount
IsBadReadPtr
EnterCriticalSection
GetLastError
VirtualFree
TlsFree
RtlUnwind
GetFileType
GetSystemTimeAsFileTime
InterlockedExchange
SetHandleCount

user32

SetWindowPlacement
IsWindow
SendNotifyMessageW
TabbedTextOutA
ReleaseDC
GetInputState
LockWindowUpdate
BeginPaint
SendMessageTimeoutA
GetGUIThreadInfo
RegisterWindowMessageW
TranslateAccelerator
SendNotifyMessageA
ShowWindowAsync
FindWindowW
GetWindowTextLengthA
DrawTextW
DdeDisconnect

gdi32

GetTextExtentExPointA
CreatePolyPolygonRgn
ColorCorrectPalette
DrawEscape

shell32

DragQueryFileAorW
ShellExecuteExW
SHGetDesktopFolder
SheSetCurDrive
SHGetDiskFreeSpaceA
ExtractIconW
ExtractAssociatedIconW
ShellExecuteEx
SheGetDirA
SHFileOperation
RealShellExecuteExA
DoEnvironmentSubstW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetSpecialFolderPathW
ExtractIconExW
RealShellExecuteA
SHChangeNotify
ShellExecuteExA
DuplicateIcon
RealShellExecuteExW
ShellExecuteW

Sections

.text
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e413cd7cd4d03fb04cbccd05cef0538

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Sections

.text Size: 183KB - Virtual size: 183KB

.data Size: 274KB - Virtual size: 273KB

.rsrc Size: 14KB - Virtual size: 13KB

.text
Size: 183KB - Virtual size: 183KB

.data
Size: 274KB - Virtual size: 273KB

.rsrc
Size: 14KB - Virtual size: 13KB