4b651b170b3b39887806a9952cc1586d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4b651b170b3b39887806a9952cc1586d_JaffaCakes118
Size

414KB
MD5

4b651b170b3b39887806a9952cc1586d
SHA1

4bfe8e7037dfae70dc85e18206e89fead75a737a
SHA256

45955353377e487e1f9f2c33a1fad3a51584e81b4a3cb29c747070700ea5ccb4
SHA512

e3e84ba5a87b8cb2238dde0779b622904045dc3ada51565e82105c7d748385168b261ef32eb96aa0c69f172542293070d5e202f053c7a8aeffc18c8ee23b6d00
SSDEEP

12288:TQJRYCrWhzS6XGD0gKyRJl/Bk8n65MQMnzQC4:8JR3Wh2sCdVpkZMzQC4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b651b170b3b39887806a9952cc1586d_JaffaCakes118

Files

4b651b170b3b39887806a9952cc1586d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

83fda55e460d805b596bb89434d145d5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoA
GetCPInfo
SetHandleCount
FreeEnvironmentStringsW
RtlUnwind
InitializeCriticalSection
FreeEnvironmentStringsA
GetCurrentProcess
GetUserDefaultLCID
VirtualAlloc
Sleep
SetConsoleCtrlHandler
HeapReAlloc
GetStringTypeA
GlobalAddAtomA
GetStdHandle
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetModuleFileNameA
GetLastError
HeapSize
ExitProcess
GetOEMCP
HeapDestroy
IsDebuggerPresent
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
GetVersionExA
GetEnvironmentStrings
LCMapStringA
QueryPerformanceCounter
FillConsoleOutputAttribute
TlsSetValue
CompareStringW
TlsGetValue
WriteFile
GetDateFormatA
HeapAlloc
GetTimeFormatA
HeapFree
EnumSystemLocalesA
TlsAlloc
GetCurrentProcessId
EnterCriticalSection
InterlockedDecrement
HeapCreate
VirtualFree
IsValidLocale
GetCurrentThread
GetProcessHeap
InterlockedIncrement
GetFileType
MultiByteToWideChar
UnhandledExceptionFilter
OpenMutexW
FreeLibrary
GetModuleHandleA
FoldStringW
GetLocaleInfoW
DeleteCriticalSection
LocalReAlloc
TlsFree
CompareStringA
CreateDirectoryW
GetCommandLineA
IsValidCodePage
GetProcAddress
GetStartupInfoA
GetStringTypeW
GetACP
SetEnvironmentVariableA
InterlockedExchange
LCMapStringW
TerminateProcess
GetTimeZoneInformation
VirtualQuery
LeaveCriticalSection
WideCharToMultiByte
FindAtomA
SetLastError
GetCurrentThreadId

gdi32

PlayMetaFile
EndPath
GetTextMetricsW
GetPaletteEntries
BeginPath
SetTextAlign
Ellipse
FillPath
ExcludeClipRect
EnumFontFamiliesExA
EndPage
ExtFloodFill
PolylineTo

advapi32

RegCloseKey
CryptVerifySignatureW
RegSetKeySecurity
AbortSystemShutdownW
CryptSetProviderW
CryptGenKey
LookupSecurityDescriptorPartsA
RegOpenKeyA
RegLoadKeyA
CryptSetProviderExA
RegSetValueExA
RegCreateKeyExW
CryptHashData
LookupPrivilegeValueW
CryptDuplicateKey
CryptDuplicateHash
RegConnectRegistryW

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 275KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83fda55e460d805b596bb89434d145d5

Headers

File Characteristics

Imports

kernel32

gdi32

advapi32

Sections

.text Size: 134KB - Virtual size: 134KB

.data Size: 275KB - Virtual size: 287KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 134KB - Virtual size: 134KB

.data
Size: 275KB - Virtual size: 287KB

.rsrc
Size: 3KB - Virtual size: 3KB