691780a38bc90bd072a780ae159954d5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

691780a38bc90bd072a780ae159954d5_JaffaCakes118
Size

476KB
MD5

691780a38bc90bd072a780ae159954d5
SHA1

593be9190504ed7fa24bf3e2efa95cfe7d65f808
SHA256

c2cfd910f773fbe927763072423469a28879d54fb39a63b3bdcf835f1584d96f
SHA512

a13ec9c895177245f54dc6a9fa1a9da39a0199e8ef35145783a422da65f39f9b520b78efb4177eceeac8019ba48d8e558e1de0ff51225745212565d3f2494c0b
SSDEEP

12288:r6cES0TqeBaO1EwRHySH5WO1dItfHjesrrexbR:rh2me0E1RSSH5WfHjRSB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
691780a38bc90bd072a780ae159954d5_JaffaCakes118

Files

691780a38bc90bd072a780ae159954d5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e307bab1a807c94796f44c079602db20

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shfolder

SHGetFolderPathA

lz32

LZClose
LZCopy
LZOpenFileA

wininet

InternetSetCookieA

shlwapi

StrRChrA
StrChrA
StrCmpNIA

kernel32

VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
GetVolumeInformationA
SetEvent
CreateEventA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetVersionExA
WriteFile
SetFilePointer
CreateFileA
ReadFile
GetModuleFileNameA
OutputDebugStringA
LocalFree
lstrlenA
LocalAlloc
LoadLibraryA
TerminateProcess
OpenProcess
lstrcatA
lstrcpynA
FreeLibrary
GetTempPathA
lstrcpyA
MoveFileA
Sleep
DeleteFileA
GetLastError
GetTickCount
FindNextFileA
FindFirstFileA
GetWindowsDirectoryA
SetFileAttributesA
LockResource
LoadResource
SizeofResource
FindResourceA
LCMapStringA
HeapReAlloc
GetACP
GetOEMCP
GetCPInfo
HeapSize
GetProcAddress
GetSystemInfo
VirtualAlloc
FlushFileBuffers
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentProcess
HeapFree
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
InterlockedExchange
VirtualQuery
HeapAlloc
SetStdHandle
SetEndOfFile

user32

wsprintfA

advapi32

RegQueryValueExA
RegDeleteValueA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA

shell32

ShellExecuteA

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 424KB - Virtual size: 422KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e307bab1a807c94796f44c079602db20

Headers

File Characteristics

Imports

shfolder

lz32

wininet

shlwapi

kernel32

user32

advapi32

shell32

Sections

.text Size: 36KB - Virtual size: 32KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 424KB - Virtual size: 422KB

.text
Size: 36KB - Virtual size: 32KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 424KB - Virtual size: 422KB