6635ccb3977bc77b5819ff1340afc45a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6635ccb3977bc77b5819ff1340afc45a_JaffaCakes118
Size

232KB
MD5

6635ccb3977bc77b5819ff1340afc45a
SHA1

22d66712c1639906f992f19b226b21bb1c6e7037
SHA256

c2f0c43b0e33905700ffc714673959afdd43dec0d7026c6b802ac17e0cb0d53b
SHA512

95890510534eaa948f5e80f8bf0649d71c5deea7c22c89cf1730ac960adfac835f6989fc16a63fb422ca93de168fb847a4becb1c62d518e8599d70fe12d7b5a4
SSDEEP

6144:hsZrIiYxCB+V7oByUgimGfA41Q6ZWEdIPKQx6l:hsqJRo/PA4u6ZvH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6635ccb3977bc77b5819ff1340afc45a_JaffaCakes118

Files

6635ccb3977bc77b5819ff1340afc45a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e44f0ed0859d0f94ada703f8ece4d7fb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

wsprintfW
MonitorFromWindow
CharNextA
CharNextW

kernel32

LoadLibraryA
ReadFile
SetLastError
OutputDebugStringA
TerminateProcess
WriteFile
InitializeCriticalSection
GlobalFree
GetFileAttributesA
CreateDirectoryW
GetSystemDirectoryA
WideCharToMultiByte
GetFileAttributesW
SetFileAttributesA
HeapReAlloc
_lwrite
LocalFree
FindClose
SizeofResource
CreateFiberEx
GetFullPathNameA
MultiByteToWideChar
DeleteFileA
SetUnhandledExceptionFilter
lstrlenW
GetACP
SetFileAttributesW
GetVersion
CopyFileW
EnumResourceLanguagesW
DeleteFileW
QueryPerformanceCounter
UpdateResourceW
GetStringTypeExW
CreateFileMappingA
GetProcAddress
FindResourceExW
GetFileInformationByHandle
CreateFileW
lstrcmpiA
EscapeCommFunction
GetFullPathNameW
GetTempFileNameW
FormatMessageW
HeapFree
_lread
IsDebuggerPresent
GetProcessHeap
GetOEMCP
EnumResourceNamesA
GlobalLock
GetCommandLineW
GlobalAlloc
GetTickCount
MoveFileW
EndUpdateResourceW
SetFilePointer
EnterCriticalSection
FreeResource
SetEndOfFile
GetTempPathW
RaiseException
GetCurrentDirectoryW
FindNextFileW
GetThreadLocale
DeleteCriticalSection
GetCurrentProcess
UnmapViewOfFile
HeapAlloc
EnumResourceNamesW
LeaveCriticalSection
lstrlenA
FindFirstFileA
CreateDirectoryA
CloseHandle
AreFileApisANSI
FindFirstFileW
GetLocaleInfoA
InterlockedExchange
UnhandledExceptionFilter
GetModuleHandleW
GetFileSize
GetVersionExW
LockResource
Sleep
GetCurrentProcessId
InterlockedCompareExchange
GetEnvironmentVariableA
HeapSize
FindResourceW
GlobalUnlock
InterlockedIncrement
FatalExit
LoadResource
HeapDestroy
DebugBreak
ExitProcess
GetCurrentThreadId
FreeLibrary
CopyFileA
GetVersionExA
_lclose
GetSystemTimeAsFileTime
InterlockedDecrement
LoadLibraryExW
RemoveDirectoryA
FindNextFileA
CreateFileA
GetLastError
LoadLibraryExA
EnumResourceTypesW
RemoveDirectoryW
BeginUpdateResourceW
_llseek
MapViewOfFile
lstrcpyA

shell32

CommandLineToArgvW

advapi32

CryptAcquireContextA
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptDestroyHash

psapi

GetProcessMemoryInfo

imagehlp

ImageRvaToVa
ImageNtHeader
ImageGetDigestStream
ImageDirectoryEntryToData

msvfw32

ICInfo

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e44f0ed0859d0f94ada703f8ece4d7fb

Headers

File Characteristics

Imports

user32

kernel32

shell32

advapi32

psapi

imagehlp

msvfw32

Sections

.text Size: 196KB - Virtual size: 195KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 30KB - Virtual size: 30KB

.lib Size: 512B - Virtual size: 60KB

.text
Size: 196KB - Virtual size: 195KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 30KB - Virtual size: 30KB

.lib
Size: 512B - Virtual size: 60KB