5a835301c25aa5bf2709e9ec6791ed56_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5a835301c25aa5bf2709e9ec6791ed56_JaffaCakes118
Size

367KB
MD5

5a835301c25aa5bf2709e9ec6791ed56
SHA1

37e424fc3ccd459f86d821a2e6d684564caae0d8
SHA256

bbfc95e895ce29d0279a170a7761e23e0969d72c035fac26cab919659e303830
SHA512

6985d6e54c3f5de82f739f7e7d67b30c37547f28680dd8b1d4859e24b82d4be8dd29c45935a7f09ca115ae8164db8b1cd33f523668dc173a1f3bfb2b34fb1e23
SSDEEP

6144:YemXblsSLEWj1VRX38tG5jUz5Jsi1ArLDVqXZy6jkzSmR5ZISnJfp68RdLeANqv:YemWMEWj3pMG5jUzng8py6Nm/fVNNqv

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
5a835301c25aa5bf2709e9ec6791ed56_JaffaCakes118
unpack001/Erase.exe
unpack001/uninstall.exe

Files

5a835301c25aa5bf2709e9ec6791ed56_JaffaCakes118
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 18KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Erase.exe
.exe windows:1 windows x86 arch:x86

131badf5e326e2a2d7cbd9fd66946b55

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

VariantChangeTypeEx

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CoUninitialize

comctl32

ImageList_SetIconSize

winspool.drv

OpenPrinterA

shell32

Shell_NotifyIconA

Sections

CODE
Size: 331KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
History.txt
license.txt
setup.ini
uninstall.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 18KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 18KB - Virtual size: 184KB

.rsrc Size: 4KB - Virtual size: 8KB

131badf5e326e2a2d7cbd9fd66946b55

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

ole32

comctl32

winspool.drv

shell32

Sections

CODE Size: 331KB - Virtual size: 1.1MB

.rsrc Size: 12KB - Virtual size: 12KB

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 18KB - Virtual size: 184KB

.rsrc Size: 4KB - Virtual size: 8KB

.text
Size: 18KB - Virtual size: 184KB

.rsrc
Size: 4KB - Virtual size: 8KB

CODE
Size: 331KB - Virtual size: 1.1MB

.rsrc
Size: 12KB - Virtual size: 12KB

.text
Size: 18KB - Virtual size: 184KB

.rsrc
Size: 4KB - Virtual size: 8KB