68098826b1b0faa1e59c423462652c37_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

68098826b1b0faa1e59c423462652c37_JaffaCakes118
Size

185KB
MD5

68098826b1b0faa1e59c423462652c37
SHA1

0b053e0085cab8abf0decac8c334ce8ddba94bde
SHA256

1b77a6340267f008b294bed923febb52f90577a074f820bf9c4a0258eee49a73
SHA512

cd21f978971b3683a65982aa350ece0c9a7d0aaa887e645c395a16bf1c233744d42f8012a745ee65d8d7465ca966b716ca50d4327ca8fb08354ec5e84f28c1f1
SSDEEP

3072:55DNZ/33G1JeKkMF8lWMB4b5B/4eDXkltnT4sZK4zP8EYpfx1fTVHALN4fuEMqRq:55hN33+Jp8VS5BAw0L4sp8HbfBHQNT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68098826b1b0faa1e59c423462652c37_JaffaCakes118

Files

68098826b1b0faa1e59c423462652c37_JaffaCakes118
.exe windows:4 windows x86 arch:x86

403dcfb8f3532dd349c22a4cca776d43

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

shell32

CommandLineToArgvW

msvfw32

ICInfo

psapi

GetProcessMemoryInfo

imagehlp

ImageRvaToVa
ImageNtHeader
ImageGetDigestStream
ImageDirectoryEntryToData

advapi32

CryptGetHashParam
CryptReleaseContext
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptDestroyHash

kernel32

ReadFile
lstrlenW
WideCharToMultiByte
InterlockedExchange
GetStringTypeExW
GetEnvironmentVariableA
CreateFiberEx
SetEndOfFile
HeapDestroy
GetCurrentProcessId
FindResourceExW
FindNextFileW
lstrcmpiA
_lread
InterlockedDecrement
GlobalLock
HeapFree
GetACP
SetFileAttributesW
MoveFileW
UnmapViewOfFile
GetFileInformationByHandle
GetFileAttributesA
_lwrite
CreateFileW
LocalFree
UnhandledExceptionFilter
SetFilePointer
QueryPerformanceCounter
GetOEMCP
GetLastError
GetSystemDirectoryA
EscapeCommFunction
CreateDirectoryA
InterlockedCompareExchange
GlobalFree
GetVersionExA
GetThreadLocale
LoadLibraryExW
GetTempFileNameW
LeaveCriticalSection
GetProcessHeap
SizeofResource
CopyFileA
GetModuleHandleW
FindResourceW
CloseHandle
GetCurrentDirectoryW
_llseek
InitializeCriticalSection
MapViewOfFile
RemoveDirectoryA
EnumResourceNamesA
DebugBreak
SetUnhandledExceptionFilter
InterlockedIncrement
CopyFileW
LoadLibraryA
GetFullPathNameA
DeleteCriticalSection
Sleep
SetLastError
EndUpdateResourceW
OutputDebugStringA
FreeLibrary
GetCommandLineW
GetVersion
RemoveDirectoryW
LockResource
DeleteFileA
EnumResourceTypesW
FindFirstFileA
ExitProcess
HeapAlloc
SetFileAttributesA
GetVersionExW
HeapReAlloc
FindFirstFileW
CreateDirectoryW
GetFullPathNameW
BeginUpdateResourceW
HeapSize
EnumResourceLanguagesW
IsDebuggerPresent
CreateFileA
FindClose
MultiByteToWideChar
FindNextFileA
GetSystemTimeAsFileTime
GetTickCount
GetLocaleInfoA
FatalExit
EnterCriticalSection
GetFileSize
GetProcAddress
WriteFile
LoadResource
GetCurrentThreadId
FreeResource
DeleteFileW
_lclose
GetTempPathW
UpdateResourceW
GetCurrentProcess
FormatMessageW
EnumResourceNamesW
RaiseException
LoadLibraryExA
lstrlenA
GetFileAttributesW
AreFileApisANSI
TerminateProcess
GlobalUnlock
GlobalAlloc
CreateFileMappingA
lstrcpyA

user32

MonitorFromWindow
CharNextA
wsprintfW
CharNextW

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

403dcfb8f3532dd349c22a4cca776d43

Headers

File Characteristics

Imports

shell32

msvfw32

psapi

imagehlp

advapi32

kernel32

user32

Sections

.text Size: 159KB - Virtual size: 158KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 21KB - Virtual size: 20KB

.lib Size: 512B - Virtual size: 76KB

.text
Size: 159KB - Virtual size: 158KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 21KB - Virtual size: 20KB

.lib
Size: 512B - Virtual size: 76KB