5ed8ec8c385c0a8aeae339854ec8d857_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5ed8ec8c385c0a8aeae339854ec8d857_JaffaCakes118
Size

220KB
MD5

5ed8ec8c385c0a8aeae339854ec8d857
SHA1

8bdc64c9f48a568509ce4dc88e4672e036ff160a
SHA256

375e87e5d24056aa7d66a5e8ac0b5f90e782249c9657acff5003a1269491dff0
SHA512

ad72e1318101a0f9e1c7ca4e6858e17b9e2418f693da41f72ba1d7c4919273fb62f8987a4ad673428c348b00387cb7441aad9c174fce4e6fee2052ea0cfc0e0f
SSDEEP

3072:e3e6ZYlyWPUVYdkibsJBj3CoWT1LwW30t237XfuB3DVLtnt9xUyRv:lkNVYmTylSWkcLXfs3BLMyl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ed8ec8c385c0a8aeae339854ec8d857_JaffaCakes118

Files

5ed8ec8c385c0a8aeae339854ec8d857_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f117cd9c9b1b2e08a285924d2da10770

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
GetLastError
VirtualUnlock
Sleep
VirtualAlloc
GetSystemDirectoryA
GetCurrentProcessId
IsBadWritePtr
VirtualProtect
LoadLibraryA
GetProcAddress
GetCurrentThreadId
GetModuleHandleA
SetEvent
GlobalAlloc
ResetEvent
VirtualAllocEx
GetCurrentProcess
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapSize
VirtualQuery
InterlockedExchange
RtlUnwind
HeapReAlloc
HeapAlloc
GetCPInfo
GetOEMCP
GetACP
HeapFree
HeapCreate
VirtualLock
GetLocaleInfoA
FindClose
HeapDestroy
GetSystemInfo
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
GetStartupInfoA
GetCommandLineA
GetVersionExA
ExitProcess
TerminateProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA

user32

DestroyWindow
IsZoomed
GetClientRect
LoadCursorA
GetDesktopWindow
GetDC
LoadIconA
SetTimer
ReleaseDC
CreateIcon
IsIconic
SetCursorPos
GetWindowRect
SetCursor
ShowWindow
GetLastActivePopup
GetParent
LoadStringA
GetCursorPos

gdi32

SelectObject
FloodFill

shell32

ord195

psapi

GetWsChanges
GetModuleBaseNameA
GetModuleInformation

msvfw32

DrawDibStart

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f117cd9c9b1b2e08a285924d2da10770

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

psapi

msvfw32

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 32KB - Virtual size: 33KB

.rsrc Size: 156KB - Virtual size: 153KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 32KB - Virtual size: 33KB

.rsrc
Size: 156KB - Virtual size: 153KB