601d75aa3560235c810964730d2eecdb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

601d75aa3560235c810964730d2eecdb_JaffaCakes118
Size

172KB
MD5

601d75aa3560235c810964730d2eecdb
SHA1

988bd8e24e72939c04f9870a8f0b68a26021825f
SHA256

554107fd15863fadeff6bf137bd103baef6ea91e1f8bf37fab224e5763df63e5
SHA512

79179dc106a3cc44426685655abda568bf3cb5ef4043041caf2032221fbfa28bfa97782fdd917d7a67e439aa4d3f0f327a4b39b50656ac933a20c5bdb572be94
SSDEEP

3072:7tLkRItdaCG/RzEM3Diy9YUXPiuYpf9vuQo4ygroIZKL:7tL42dVG/RQEDi8YAi7f9v4sroya

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
601d75aa3560235c810964730d2eecdb_JaffaCakes118

Files

601d75aa3560235c810964730d2eecdb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

957af4b8d06b6f748a59fcd9d5c98d19

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadIOPendingFlag
GetCurrentProcess
GetStringTypeW
MultiByteToWideChar
GetProcAddress
HeapAlloc
FreeEnvironmentStringsA
InterlockedExchange
CreateFileMappingA
CreateThread
DeleteCriticalSection
WriteFile
SetStdHandle
ExitProcess
GetStdHandle
FlushFileBuffers
RtlUnwind
GetEnvironmentStringsW
CloseHandle
SetPriorityClass
GetLastError
GetTempPathW
CompareStringW
UnhandledExceptionFilter
lstrcmpW
TlsSetValue
WideCharToMultiByte
CreateMutexA
GetOEMCP
GetThreadPriority
GetDiskFreeSpaceExA
TransmitCommChar
GetCurrentThreadId
GetACP
GetCPInfo
RaiseException
OutputDebugStringA
lstrcmpA
LoadLibraryW
FileTimeToLocalFileTime
SetEndOfFile
HeapFree
TerminateProcess
FreeLibrary
IsBadReadPtr
InterlockedDecrement
lstrcpyA
CreateFileW
InterlockedIncrement
LeaveCriticalSection
TlsGetValue
HeapSize
IsDBCSLeadByte
WritePrivateProfileStringA
TlsAlloc
GetPrivateProfileStringA
SetEvent
UnmapViewOfFile
EnumResourceNamesW
SetLastError
GetUserDefaultLCID
WaitForSingleObject
ResetEvent
InitializeCriticalSection
SetHandleCount
GlobalUnlock
FileTimeToSystemTime
GetEnvironmentStrings
GetStartupInfoA
GetTickCount
GetTimeZoneInformation
LCMapStringA
GetEnvironmentVariableA
GetFullPathNameA
FreeEnvironmentStringsW
EnterCriticalSection
GetStringTypeA
ExitThread
Sleep
GetPriorityClass
ExitProcess
IsBadWritePtr
TlsFree
GlobalAlloc
HeapDestroy
GlobalFree
GetSystemTime
LCMapStringW
SetUnhandledExceptionFilter
CreateSemaphoreA
MapViewOfFile
HeapCreate
GetFullPathNameW
GetFileType
ReleaseSemaphore
CompareStringA
GetModuleHandleA
LoadLibraryA
HeapReAlloc
GetTempFileNameA
GetCommandLineA
GetModuleFileNameA
GetTempPathA
IsBadCodePtr
SetEnvironmentVariableA

user32

wsprintfW
MessageBoxA
GetKeyState
wsprintfA
CharNextA
CharUpperA
CharLowerA

msimg32

AlphaBlend
TransparentBlt

shlwapi

PathAddBackslashA

advapi32

RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

957af4b8d06b6f748a59fcd9d5c98d19

Headers

File Characteristics

Imports

kernel32

user32

msimg32

shlwapi

advapi32

Sections

.text Size: 143KB - Virtual size: 142KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 24KB - Virtual size: 23KB

.crt Size: 512B - Virtual size: 216KB

.text
Size: 143KB - Virtual size: 142KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 24KB - Virtual size: 23KB

.crt
Size: 512B - Virtual size: 216KB