4d1f39fee4feaa382702e853e756b857_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4d1f39fee4feaa382702e853e756b857_JaffaCakes118
Size

459KB
MD5

4d1f39fee4feaa382702e853e756b857
SHA1

9cb870438ce6b50890c75459d28ec3334748f092
SHA256

1efa9441a45f6ed85c86b786de879687eaba163f8bea5600553ebd0f4e7e4321
SHA512

9110ee38b79258fb313a2f2e3bce47945e19bde17b41262b08eec31adaf3910af6dc4c9dc825372799da93b0d4e887b605ba0bf46546ba282d198f9f74214b2c
SSDEEP

12288:dtv2QqumG/6PyAK8mtWA4U8ehU4hDOLO0Tkmc:TeQ1m86RKRWJSU4Jak/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d1f39fee4feaa382702e853e756b857_JaffaCakes118

Files

4d1f39fee4feaa382702e853e756b857_JaffaCakes118
.exe windows:4 windows x86 arch:x86

894499545ade4ca835cc4b14ac6fe93f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStrings
FlushFileBuffers
IsValidLocale
DeleteCriticalSection
RtlUnwind
GetTimeZoneInformation
DebugBreak
GetCurrentProcess
GetStdHandle
VirtualAlloc
LeaveCriticalSection
IsBadWritePtr
HeapReAlloc
GetModuleFileNameW
FindResourceW
GetLocaleInfoW
GetCommandLineW
LCMapStringW
GetModuleFileNameA
GetDateFormatA
GetTimeFormatA
ExitProcess
GetFileType
GetSystemInfo
HeapCreate
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
GetStringTypeA
GetCommandLineA
InitializeCriticalSection
QueryPerformanceCounter
TlsFree
SetEnvironmentVariableA
CloseHandle
SetConsoleCtrlHandler
SetStdHandle
GetCPInfo
HeapAlloc
GetStartupInfoA
HeapFree
WriteFile
WideCharToMultiByte
GetCurrentProcessId
CompareStringW
GetUserDefaultLCID
GetStringTypeW
SetHandleCount
HeapValidate
GetACP
GetLastError
GetVersionExA
GetCurrentThread
UnhandledExceptionFilter
SetFilePointer
OpenSemaphoreA
EnterCriticalSection
VirtualProtect
VirtualFree
TlsSetValue
CompareStringA
SuspendThread
OutputDebugStringA
lstrcatW
lstrcpyA
FreeEnvironmentStringsA
HeapDestroy
GetProcAddress
GetLocaleInfoA
GetOEMCP
EnumSystemLocalesA
IsValidCodePage
InterlockedExchange
InterlockedDecrement
TlsGetValue
GetStartupInfoW
VirtualQuery
TlsAlloc
SetLastError
AllocConsole
LCMapStringA
GetCurrentThreadId
InterlockedIncrement
FreeEnvironmentStringsW
TerminateProcess
GetEnvironmentStringsW
IsBadReadPtr
GetComputerNameA
GetModuleHandleA
MultiByteToWideChar

user32

EndMenu
PackDDElParam
SetDoubleClickTime
GetInputDesktop
GetAsyncKeyState
MapVirtualKeyA
GetMenuStringA

shell32

SHAddToRecentDocs
FindExecutableA
SHGetDataFromIDListW
SHBrowseForFolder
SHEmptyRecycleBinA
SHEmptyRecycleBinW
SHGetDesktopFolder
RealShellExecuteW
RealShellExecuteA
SHGetSpecialFolderPathW
SHGetDataFromIDListA
DragAcceptFiles
DragQueryFileA
InternalExtractIconListW
SHGetNewLinkInfo
DoEnvironmentSubstW
ExtractAssociatedIconA
SHGetPathFromIDListW
FreeIconList
DragQueryFile
InternalExtractIconListA
SHGetFileInfoA

Sections

.text
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 281KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

894499545ade4ca835cc4b14ac6fe93f

Headers

File Characteristics

Imports

kernel32

user32

shell32

Sections

.text Size: 167KB - Virtual size: 167KB

.data Size: 281KB - Virtual size: 311KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 167KB - Virtual size: 167KB

.data
Size: 281KB - Virtual size: 311KB

.rsrc
Size: 9KB - Virtual size: 9KB