5bb141101cf9054f0f890f669c95b5eb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5bb141101cf9054f0f890f669c95b5eb_JaffaCakes118
Size

238KB
MD5

5bb141101cf9054f0f890f669c95b5eb
SHA1

5f4f314744579b158de389d512fad85331640133
SHA256

210984a7970750a755dd9a2210cf3fc0099611b6045303487d14cc182eba3a4a
SHA512

fc5930b6e909f554d24e5553d44af70a93a64a39897de409603e821be50a7474bc0278fcd3db7429593c833f08608fb730d9e05e417a5ad4e970dac102810eb5
SSDEEP

6144:09LQI2lLLcCrEq6wEjfc9l7/MBsO5qH0yUpXsoyj8O+:0MI2pcCrEq6wEjfSl7/jUF13y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bb141101cf9054f0f890f669c95b5eb_JaffaCakes118

Files

5bb141101cf9054f0f890f669c95b5eb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

79d970d771a2546c4b156399cb7f8b75

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadWritePtr
GetModuleFileNameW
GetLastError
GetEnvironmentStringsW
RtlUnwind
DeleteCriticalSection
GetEnvironmentStrings
GetCurrentProcess
VirtualFree
VirtualAlloc
GetStartupInfoA
SetLastError
HeapReAlloc
TlsFree
SetCriticalSectionSpinCount
TlsAlloc
HeapCreate
InterlockedExchange
GetModuleFileNameA
InitializeCriticalSection
GetModuleHandleA
ExitProcess
MultiByteToWideChar
GetFileType
ReadConsoleOutputCharacterW
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
WriteFile
GetVersion
FreeEnvironmentStringsA
QueryPerformanceCounter
SetEndOfFile
UnhandledExceptionFilter
GetCommandLineA
VirtualQuery
GetCurrentThreadId
GetStdHandle
HeapAlloc
TlsSetValue
HeapFree
RemoveDirectoryW
TerminateProcess
GetCurrentProcessId
GetCurrentThread
LeaveCriticalSection
EnterCriticalSection
GetThreadLocale
FreeEnvironmentStringsW
GetStartupInfoW
SetHandleCount
GetCommandLineW
HeapDestroy
GetProcAddress
TlsGetValue

advapi32

LookupPrivilegeDisplayNameW
CryptGetHashParam
LookupSecurityDescriptorPartsW
LookupAccountSidA
RegCreateKeyW
CryptSetProviderA
RegOpenKeyExW
RegOpenKeyExA
RegRestoreKeyA
CryptEnumProviderTypesA
CryptCreateHash
RegSetValueExW
RegEnumKeyA
RegCreateKeyExW
RegSetValueExA
CryptEnumProvidersW
CreateServiceA
CryptGenKey
RegQueryValueExA
RegDeleteValueA
GetUserNameW
RegConnectRegistryW

user32

RegisterHotKey
RegisterClassExA
SendDlgItemMessageW
ReplyMessage
IsDlgButtonChecked
IsClipboardFormatAvailable
KillTimer
SetShellWindow
SwitchToThisWindow
CopyRect
DrawFocusRect
DdeSetQualityOfService
CreateCursor
GetKeyboardLayoutList
SetDeskWallpaper
PeekMessageA
LoadMenuW
SetMenuInfo
GetNextDlgTabItem
DdeInitializeA
SetLastErrorEx

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 130KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79d970d771a2546c4b156399cb7f8b75

Headers

File Characteristics

Imports

kernel32

advapi32

user32

Sections

.text Size: 98KB - Virtual size: 98KB

.data Size: 130KB - Virtual size: 135KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 98KB - Virtual size: 98KB

.data
Size: 130KB - Virtual size: 135KB

.rsrc
Size: 9KB - Virtual size: 8KB