626598adb82ce7112301611000100f59_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

626598adb82ce7112301611000100f59_JaffaCakes118
Size

60KB
MD5

626598adb82ce7112301611000100f59
SHA1

97b7aecfa6b47d56c584c9c3e96363397b20e888
SHA256

73768c502dbe6119cd31b6eb2fad39e8ed38b358e6fe754aa49d10899961a34b
SHA512

1c7b81e2fbad0be57d7a1927e296fe2ee67dc54339c4b05fa58edfb1aa95246783aecdb189fbb93843945160817b56ff2f44978d5bc20322066274a57dc9b68e
SSDEEP

768:YO/m0YC2zNRwO/sUeMUZPp9jj4x3DoTYzBGB3BPBgBYBhB5ByB:Y4nkHwOyX5jKocl8xZ+mbDw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
626598adb82ce7112301611000100f59_JaffaCakes118

Files

626598adb82ce7112301611000100f59_JaffaCakes118
.exe windows:4 windows x86 arch:x86

50b5367e2c9cac4c1a1364e557713c6c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileStringA
GetPrivateProfileStringA
FindFirstChangeNotificationA
lstrcpyA
GetModuleFileNameA
CloseHandle
WriteFile
FindNextChangeNotification
FindCloseChangeNotification
GetProcAddress
LoadLibraryA
FreeLibrary
LocalFree
LocalAlloc
WaitForSingleObject
SetFilePointer
CreateFileA
GetStringTypeW
GetOEMCP
GetACP
RtlUnwind
HeapFree
MultiByteToWideChar
HeapCreate
HeapDestroy
VirtualFree
GetEnvironmentVariableA
GetFileType
GetVersionExA
SetHandleCount
GetEnvironmentStringsW
GetStdHandle
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
GetStringTypeA
GetCPInfo
UnhandledExceptionFilter
GetCurrentProcess
FreeEnvironmentStringsA
lstrcmpA
LCMapStringW
LCMapStringA
HeapReAlloc
VirtualAlloc
HeapAlloc
GetModuleHandleA
GetCommandLineA
GetStartupInfoA
TerminateProcess
ExitProcess
GetVersion

user32

TranslateMessage
TranslateAcceleratorA
DispatchMessageA
wsprintfA
EndPaint
DrawTextA
EndDialog
GetMessageA
SendMessageA
PostQuitMessage
SetTimer
DialogBoxParamA
DefWindowProcA
DestroyWindow
UpdateWindow
CreateWindowExA
ShowWindow
LoadStringA
LoadCursorA
RegisterClassExA
LoadAcceleratorsA
FindWindowA
PostMessageA
GetClientRect
BeginPaint

winspool.drv

EnumPrintersA
OpenPrinterA
SetPrinterA
EnumJobsA
SetJobA
ClosePrinter
GetPrintProcessorDirectoryA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50b5367e2c9cac4c1a1364e557713c6c

Headers

File Characteristics

Imports

kernel32

user32

winspool.drv

advapi32

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 20KB - Virtual size: 18KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 20KB - Virtual size: 18KB