4d8ce3a23f5186a1a7658b4f5c538ac2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4d8ce3a23f5186a1a7658b4f5c538ac2_JaffaCakes118
Size

513KB
MD5

4d8ce3a23f5186a1a7658b4f5c538ac2
SHA1

75bd88b9fc6fdeb1386b1ed245a7c459a3f2231e
SHA256

1653692b2d8975f2775390acc1b4664223e2cc78b59a3c98a1e820c2712d1d33
SHA512

9e118f5dc676acb12cb30ddb7c49d1c3a585020aa2fdfc15106482574982835f2074be6609540d25638bb9f67c0c9a1680018a918667b68b103def8e36a36c15
SSDEEP

6144:oboo/QadLwEAlV5k/Q7SDMCsQ0ywDrqDRoVZLk63YGpkd/9ueUIsMKf1QsRKHw0l:o7/XYV5k4vBb/GQeRRBwfHMwrS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d8ce3a23f5186a1a7658b4f5c538ac2_JaffaCakes118

Files

4d8ce3a23f5186a1a7658b4f5c538ac2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

83ecd719b15e4c91f0aa2693e6b269ad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

k:\bfy\eum\bseasxrgot\iixkoee.pdb

Imports

comctl32

InitCommonControlsEx

user32

RegisterClassExA
GetKeyboardLayoutList
LoadCursorA
GetAltTabInfo
FillRect
RegisterClassA
FindWindowExW
GetClassNameA

advapi32

CryptDeriveKey
CryptVerifySignatureW
CreateServiceW
RegEnumKeyExW
LookupAccountNameW
CryptDestroyHash

kernel32

RtlUnwind
UnhandledExceptionFilter
GetCommandLineA
GlobalAddAtomW
GetTimeZoneInformation
VirtualProtect
ReadFile
QueryPerformanceCounter
InterlockedDecrement
EnterCriticalSection
SetLastError
CompareStringA
GetFileType
GetStdHandle
LCMapStringA
InitializeCriticalSection
GetOEMCP
GetEnvironmentStrings
IsBadWritePtr
GetLocaleInfoW
GetModuleHandleA
SetEnvironmentVariableA
CreateDirectoryA
HeapDestroy
GetCurrentThread
GetTimeFormatA
GetSystemInfo
GetStartupInfoA
SetStdHandle
GetCurrentProcessId
WriteFile
VirtualQuery
SetConsoleCtrlHandler
GetCurrentProcess
FreeEnvironmentStringsA
GetDateFormatA
LoadLibraryA
GetUserDefaultLCID
VirtualUnlock
FlushInstructionCache
MultiByteToWideChar
ExitProcess
CompareStringW
LCMapStringW
VirtualFreeEx
CloseHandle
TlsSetValue
IsValidCodePage
VirtualAlloc
GetProcAddress
HeapCreate
CreateNamedPipeW
GetLastError
OpenMutexA
InterlockedExchange
LeaveCriticalSection
TlsGetValue
GetThreadPriority
GetCurrentThreadId
GetTickCount
FlushFileBuffers
SetFilePointer
HeapAlloc
TlsFree
GetSystemTimeAsFileTime
IsValidLocale
EnumSystemLocalesA
TlsAlloc
TerminateProcess
SetHandleCount
GetLocaleInfoA
HeapFree
WideCharToMultiByte
GetThreadSelectorEntry
GetStringTypeA
CreateMutexA
DuplicateHandle
FormatMessageA
FreeEnvironmentStringsW
GetCPInfo
DeleteCriticalSection
GetVersionExA
HeapReAlloc
HeapSize
VirtualFree
GetStringTypeW
GetEnvironmentStringsW
GetACP
GetModuleFileNameA
SetConsoleActiveScreenBuffer
GetComputerNameA

Sections

.text
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83ecd719b15e4c91f0aa2693e6b269ad

Headers

File Characteristics

PDB Paths

Imports

comctl32

user32

advapi32

kernel32

Sections

.text Size: 315KB - Virtual size: 315KB

.rdata Size: 67KB - Virtual size: 93KB

.data Size: 104KB - Virtual size: 103KB

.rsrc Size: 25KB - Virtual size: 25KB

.text
Size: 315KB - Virtual size: 315KB

.rdata
Size: 67KB - Virtual size: 93KB

.data
Size: 104KB - Virtual size: 103KB

.rsrc
Size: 25KB - Virtual size: 25KB