4a8a6b1c901f95666a2c5870cb83aced_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4a8a6b1c901f95666a2c5870cb83aced_JaffaCakes118
Size

350KB
MD5

4a8a6b1c901f95666a2c5870cb83aced
SHA1

6c0593fb8249adbddc4e66cfd0ebf42375f6ba00
SHA256

b6e2062a8857b19165c79e1798a820c0ee658ffcd97a2542a980ced4c1c7384c
SHA512

73bbdded6fc3d779afdbab93647c99b9d254771db7724930c429c0d84b1e45f35a21f498a459bec167a0851334705b8a0bf6252f3caf3078b54ef0c7d75b168f
SSDEEP

6144:E0KZ8I+/9yRT6B9GdHBKgKHjDPdRfuIkslL2GLBuyMi3S8NjH/azkTNi2oYD8/gn:PD3/k2+dhKgKH/nfVLlLjBuFi3S8902d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a8a6b1c901f95666a2c5870cb83aced_JaffaCakes118

Files

4a8a6b1c901f95666a2c5870cb83aced_JaffaCakes118
.exe windows:4 windows x86 arch:x86

89ff02d40583d3f22bb23c94986e6feb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\solwokfl\msmes

Imports

kernel32

SetStdHandle
GetCommandLineA
GetVersionExA
GetMailslotInfo
GetModuleHandleA
InitializeCriticalSection
TlsAlloc
GetACP
GetSystemTimeAsFileTime
CloseHandle
GetCurrentProcess
OpenMutexA
WriteFile
GetDateFormatA
HeapFree
ReadFile
MultiByteToWideChar
TransmitCommChar
GetCurrentThread
InterlockedIncrement
TlsGetValue
GetConsoleCP
SetHandleCount
GetTimeFormatA
SetUnhandledExceptionFilter
GetFileType
WideCharToMultiByte
GetStartupInfoA
QueryPerformanceCounter
TlsSetValue
WriteConsoleW
VirtualQuery
GetTimeZoneInformation
GetCurrentThreadId
IsValidLocale
TlsFree
FreeLibrary
LoadLibraryA
GetStringTypeA
InterlockedExchange
GetLocaleInfoW
GetModuleFileNameA
SetEnvironmentVariableA
MapViewOfFile
GetUserDefaultLCID
LCMapStringA
FlushFileBuffers
SetFilePointer
GetProcessHeap
CompareStringW
SetConsoleCtrlHandler
LeaveCriticalSection
UnhandledExceptionFilter
EnterCriticalSection
GetLastError
SetLastError
DeleteCriticalSection
GlobalGetAtomNameA
GetConsoleMode
GetEnvironmentStrings
GetStdHandle
GetOEMCP
ExitProcess
VirtualAlloc
TransactNamedPipe
CreateMutexA
CreateFileA
HeapCreate
HeapReAlloc
GetLocaleInfoA
CompareStringA
LCMapStringW
GetCurrentProcessId
GetTickCount
HeapSize
TerminateProcess
GetVolumeInformationA
FreeEnvironmentStringsA
InterlockedDecrement
VirtualFree
RtlUnwind
CreateDirectoryExA
GetThreadLocale
Sleep
CreateDirectoryA
lstrcpyA
HeapAlloc
IsValidCodePage
WriteConsoleA
GetProcAddress
GetStringTypeW
IsDebuggerPresent
EnumSystemLocalesA
GetCPInfo
GetConsoleOutputCP
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW

comdlg32

PageSetupDlgW
ChooseFontW
ChooseColorA

comctl32

InitCommonControlsEx

user32

RegisterClassExA
LoadAcceleratorsW
IsChild
GetClipboardFormatNameA
DdeSetQualityOfService
GetWindowDC
SetWindowRgn
RegisterClassA
GetDCEx
DdeFreeStringHandle
WaitForInputIdle
IsDialogMessageW
CharPrevExA
ShowWindow
VkKeyScanW
EnumChildWindows
CreateWindowExA
MessageBoxA
LockWindowUpdate
GetNextDlgGroupItem

shell32

SheGetDirA
SHGetDiskFreeSpaceA
ShellExecuteA

wininet

InternetCheckConnectionW

Sections

.text
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

89ff02d40583d3f22bb23c94986e6feb

Headers

File Characteristics

PDB Paths

Imports

kernel32

comdlg32

comctl32

user32

shell32

wininet

Sections

.text Size: 225KB - Virtual size: 224KB

.rdata Size: 22KB - Virtual size: 40KB

.data Size: 93KB - Virtual size: 92KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 225KB - Virtual size: 224KB

.rdata
Size: 22KB - Virtual size: 40KB

.data
Size: 93KB - Virtual size: 92KB

.rsrc
Size: 9KB - Virtual size: 9KB