698067ae672ef7e3f6ea00a3981133e0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

698067ae672ef7e3f6ea00a3981133e0_JaffaCakes118
Size

144KB
MD5

698067ae672ef7e3f6ea00a3981133e0
SHA1

1b7a6f835504602e777239e3100d12164ed9266d
SHA256

419003447365ba06f4cc7820e3f999b7663152ee349245b121c0da3dd4a6f704
SHA512

5d7e647760e5ca98fd2cf54a98b9de1fa30ea934e829ef0d2b9650e458356f4500b8a7007f92eda3e2deafa4f0c3b62de0dde216d1376c3d975ba1f94af9beff
SSDEEP

3072:PWNNxfSKfRX6yOUKv82OSwNmjwsuNNn7jRkrAgelRGD/:PWNbtRqyOUKv82s4jwsuD7jRRgH7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
698067ae672ef7e3f6ea00a3981133e0_JaffaCakes118

Files

698067ae672ef7e3f6ea00a3981133e0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6ea65b7b76114f1e73e29ef00d5ec985

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetCommandLineA
GetLongPathNameA
GetTempPathA
WaitForSingleObject
CreateProcessA
GetFileAttributesA
WideCharToMultiByte
GetVersionExA
OutputDebugStringA
MapViewOfFile
DeleteFileA
OpenFileMappingA
UnmapViewOfFile
lstrlenA
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
VirtualAlloc
HeapReAlloc
GetPrivateProfileIntA
GetWindowsDirectoryA
GetFileSize
ReadFile
CreateFileA
SetFilePointer
WriteFile
MoveFileExA
CreateDirectoryA
FindFirstFileA
FindNextFileA
FindClose
OpenMutexA
CloseHandle
CreateMutexA
ReleaseMutex
GetSystemDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
Sleep
CopyFileA
HeapAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RtlUnwind
RaiseException
DebugBreak
GetStdHandle
InterlockedDecrement
GetProcAddress
LoadLibraryA
InterlockedIncrement
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
IsBadWritePtr
IsBadReadPtr
HeapValidate
TerminateProcess
GetCurrentProcess
GetCPInfo
GetACP
GetOEMCP
HeapFree
SetUnhandledExceptionFilter
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
FreeEnvironmentStringsA
SetEnvironmentVariableA

user32

PeekMessageA
DispatchMessageA
TranslateMessage
GetMessageA
WaitForInputIdle

advapi32

QueryServiceStatus
StartServiceA
OpenServiceA
CreateServiceA
ChangeServiceConfig2A
OpenSCManagerA
CloseServiceHandle
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegFlushKey
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetQueryDataAvailable

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ea65b7b76114f1e73e29ef00d5ec985

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

Sections

.text Size: 112KB - Virtual size: 110KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 12KB - Virtual size: 83KB

.rsrc Size: 4KB - Virtual size: 808B

.text
Size: 112KB - Virtual size: 110KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 12KB - Virtual size: 83KB

.rsrc
Size: 4KB - Virtual size: 808B