68a98f6f017f0793545564e9206822f9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

68a98f6f017f0793545564e9206822f9_JaffaCakes118
Size

620KB
MD5

68a98f6f017f0793545564e9206822f9
SHA1

0a76b7993368c01c97897cb4290282b2ee2ea0d4
SHA256

3ebf204518175616ec62eb398ef554155a28cd833470a260c857672e14931e26
SHA512

19b2eb02cdc6e1456713a6545edf274f833894da0f65e7cb7e58a0e06f1cde22ee1d10c036d7f76367081845d3860894b53c9480ccba726a4e09ad77fd4e5f64
SSDEEP

12288:GMqLfIOs1mHGGNMojg6jn14odvjXEjqWKUbWQR49E8Wx6AfD:GMc9sgJMojgUdvj0jqBUbvbxn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68a98f6f017f0793545564e9206822f9_JaffaCakes118

Files

68a98f6f017f0793545564e9206822f9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

57ff32ae1f13cfd6484e3c33481d871a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
lstrlenA
SetEvent
GetCurrentDirectoryA
GetEnvironmentStringsW
GetCommandLineW
GetModuleFileNameA
CreateEventA
GetStdHandle
LocalAlloc
CreateSemaphoreA
Sleep
IsDebuggerPresent
CreateMutexA
GetPriorityClass
GetModuleHandleW
GetEnvironmentStrings
GetComputerNameA
GetTickCount
VirtualAlloc
GetCommandLineA
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
GetUserDefaultLCID
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
SetHandleCount
GetFileType
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetCurrentThread
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
HeapReAlloc
IsBadWritePtr
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
SetEnvironmentVariableA

shell32

SHFileOperationW
SHOpenFolderAndSelectItems

scarddlg

ord2

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 273KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 261KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57ff32ae1f13cfd6484e3c33481d871a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

scarddlg

Sections

.text Size: 41KB - Virtual size: 41KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 273KB - Virtual size: 306KB

BSS Size: 261KB - Virtual size: 261KB

.rsrc Size: 37KB - Virtual size: 36KB

.text
Size: 41KB - Virtual size: 41KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 273KB - Virtual size: 306KB

BSS
Size: 261KB - Virtual size: 261KB

.rsrc
Size: 37KB - Virtual size: 36KB