628f619be781ddd3db25b03e65e45cb9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

628f619be781ddd3db25b03e65e45cb9_JaffaCakes118
Size

261KB
MD5

628f619be781ddd3db25b03e65e45cb9
SHA1

94c1c2ad871e1694008d6f5fc106dfdf0651302c
SHA256

4be27c3dd03dc136ab54b668473eecad1c9385e83ce1842c1fc88df9ec62ad76
SHA512

1ba21847ea5c538521db986a1b7861583c0eb30ed4f620d98af596c092afdfbdceba3d7aa365c6ae48492ec1bf490adafb667c4a3697d37628e9c0aed5db175f
SSDEEP

6144:AotgUfYIN2DOz4VOKHbnVSpizR1GIokFde1XBq:fDf1LaOK7VSpCRsIokFdK0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
628f619be781ddd3db25b03e65e45cb9_JaffaCakes118

Files

628f619be781ddd3db25b03e65e45cb9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1cd1192ef789f2f3f699536308575a04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
CloseHandle
CreateFileA
ReadFile
GetCurrentProcessId
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetModuleHandleA
LoadLibraryA
GetProcAddress
CreateToolhelp32Snapshot
Module32First
Module32Next
GetProcessId
WaitForSingleObject
FindResourceA
LoadResource
LockResource
SizeofResource
GetSystemTime
Sleep
OpenMutexA
CreateMutexA
GetModuleFileNameA
GetTempPathA
CopyFileA
DeleteFileA
Process32First
GetLastError
Process32Next
SetEndOfFile
CreateFileW
InitializeCriticalSection
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
RaiseException
SetHandleCount
GetFileType
HeapSize
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetFilePointer
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
InitializeCriticalSectionAndSpinCount
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
GetProcessHeap

user32

GetForegroundWindow

shell32

SHGetFolderPathA
ShellExecuteExA

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1cd1192ef789f2f3f699536308575a04

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

Sections

.text Size: 98KB - Virtual size: 97KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 181KB - Virtual size: 181KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 98KB - Virtual size: 97KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 181KB - Virtual size: 181KB

.reloc
Size: 8KB - Virtual size: 7KB