643564cc01b63eb2edab35b6c42b6841_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

643564cc01b63eb2edab35b6c42b6841_JaffaCakes118
Size

571KB
MD5

643564cc01b63eb2edab35b6c42b6841
SHA1

4528198c4f3cbc871781cfc365c6d1734ecfc63b
SHA256

f7f4314fe1d13995da6ff236b9485726f111e088c4eaf56ab3cd12a7f3b6c389
SHA512

90a78dd40afcea0b43f54e2d873c309a4574c6fdea90d5ee1a2027eb85eac06056f31f00c861dbae9172fe253f0e35c35a711baeeffe68db0d023b5fba443100
SSDEEP

12288:GSEEu3UKkPM1uP4lZG/MUuNiqnp+1I4tHszQPnR2UlrhXJT5:a9GP4/GMUuNiepEKQfflrhZT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
643564cc01b63eb2edab35b6c42b6841_JaffaCakes118

Files

643564cc01b63eb2edab35b6c42b6841_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f0dcd32f3a473f910ecc994132d00459

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsW
GetLastError
SetEnvironmentVariableA
HeapSize
SetStdHandle
IsValidLocale
FlushFileBuffers
GetCurrentProcess
LeaveCriticalSection
TerminateProcess
SetLastError
GetCommandLineA
HeapCreate
HeapAlloc
HeapDestroy
VirtualAlloc
FreeEnvironmentStringsA
TlsSetValue
GetEnvironmentStrings
LCMapStringW
UnhandledExceptionFilter
RtlUnwind
WideCharToMultiByte
GetTimeZoneInformation
GetStartupInfoA
GetCurrentThreadId
GetCommandLineW
lstrcat
SetFilePointer
TlsFree
EnterCriticalSection
CompareStringA
IsValidCodePage
WaitForSingleObject
CompareStringW
ReadFile
GetCurrentThread
GetACP
ExitProcess
CommConfigDialogW
GetStringTypeA
IsBadWritePtr
GetLocaleInfoW
OpenMutexA
LCMapStringA
InitializeCriticalSection
HeapReAlloc
GetStringTypeW
GetModuleFileNameW
WriteFile
GetDateFormatA
CreateMutexA
GetFileType
GetCPInfo
GetTimeFormatA
VirtualProtect
GetSystemTimeAsFileTime
SetHandleCount
GetVersionExA
QueryPerformanceCounter
SetConsoleScreenBufferSize
GetSystemInfo
HeapFree
VirtualQuery
TlsAlloc
VirtualFree
EnumSystemLocalesA
LoadLibraryA
GetStartupInfoW
GetModuleFileNameA
GetNumberFormatA
GetComputerNameW
GetLocaleInfoA
GetModuleHandleA
GetEnvironmentStringsW
GetUserDefaultLCID
GetOEMCP
GetStdHandle
InterlockedExchange
GetTickCount
CloseHandle
TlsGetValue
GetProcAddress
MultiByteToWideChar
SetThreadAffinityMask
DeleteCriticalSection
GetCurrentProcessId
WriteConsoleW

advapi32

LookupSecurityDescriptorPartsW
CryptDeriveKey
CryptGenKey
CryptSetProviderExW
RegLoadKeyA
CryptDestroyKey
RegEnumKeyExW
RegSetValueW
AbortSystemShutdownW
RegQueryValueExW
DuplicateTokenEx
CryptGetDefaultProviderA
ReportEventA
RegDeleteKeyA
CryptGetUserKey
LookupPrivilegeDisplayNameA
CryptDuplicateHash
InitializeSecurityDescriptor
InitiateSystemShutdownW

user32

PostThreadMessageW
SetPropA
RegisterClassExA
TranslateMDISysAccel
ReleaseDC
ToUnicode
SetWinEventHook
RegisterClassA
DispatchMessageA

comdlg32

GetOpenFileNameW

wininet

UpdateUrlCacheContentPath
GetUrlCacheConfigInfoA
DeleteIE3Cache
CreateUrlCacheEntryW
CommitUrlCacheEntryA
FindCloseUrlCache

comctl32

InitCommonControlsEx

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 359KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0dcd32f3a473f910ecc994132d00459

Headers

File Characteristics

Imports

kernel32

advapi32

user32

comdlg32

wininet

comctl32

Sections

.text Size: 196KB - Virtual size: 196KB

.rdata Size: 8KB - Virtual size: 14KB

.data Size: 359KB - Virtual size: 359KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 196KB - Virtual size: 196KB

.rdata
Size: 8KB - Virtual size: 14KB

.data
Size: 359KB - Virtual size: 359KB

.rsrc
Size: 6KB - Virtual size: 5KB