6a20bde1fa088cf37c2095855a4a8299_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6a20bde1fa088cf37c2095855a4a8299_JaffaCakes118
Size

128KB
MD5

6a20bde1fa088cf37c2095855a4a8299
SHA1

f32c89388f9f20214d9badbc9253aaae1aeffcc1
SHA256

2d08dd1a674eab25d3d9ea544713324b683cc752c96d70826659aa73505290e3
SHA512

974851b58662b3cb9c1cabcaaf35648987fe64bf52da733e9cf5a19fb92d44b46bea3163ba9884c793d90c27e53642fdc5f3fea04e2c651d04b423c9ed354d56
SSDEEP

3072:QTElF/g8jW6XWboQdUcubx8mwdXv2ecTb9d3ObZsJTvSka3:QTm4mmitb+h2ZTJZ7Va3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a20bde1fa088cf37c2095855a4a8299_JaffaCakes118

Files

6a20bde1fa088cf37c2095855a4a8299_JaffaCakes118
.exe windows:4 windows x86 arch:x86

58e902619e8d492becfdd9b0d32234f9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
InterlockedIncrement
lstrlenW
MultiByteToWideChar
lstrlenA
InitializeCriticalSection
GetShortPathNameA
GetModuleHandleA
GetModuleFileNameA
WideCharToMultiByte
FreeLibrary
SizeofResource
lstrcmpiA
GetCommandLineA
GetLastError
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
LeaveCriticalSection
EnterCriticalSection
CreateProcessA
GetCurrentThreadId
CreateThread
Sleep
CreateEventA
InterlockedDecrement
WaitForSingleObject
CloseHandle
LoadResource
FindResourceA
SetEvent
GetVersionExA
HeapCreate
GetStringTypeW
GetStringTypeA
RtlUnwind
TerminateProcess
GetACP
GetCPInfo
WriteFile
TlsGetValue
SetLastError
HeapFree
HeapAlloc
HeapReAlloc
GetStartupInfoA
GetVersion
ExitProcess
GetEnvironmentVariableA
LCMapStringW
LCMapStringA
VirtualFree
VirtualAlloc
GetOEMCP
GetEnvironmentStrings
GetEnvironmentStringsW
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
TlsSetValue
SetHandleCount
GetStdHandle
GetFileType
TlsAlloc

user32

PostThreadMessageA
GetMessageA
CharNextA
DispatchMessageA
WaitForInputIdle

advapi32

RegDeleteValueA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumValueA
RegSetValueExA

ole32

CoTaskMemAlloc
CoCreateInstance
CoRevokeClassObject
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CoInitializeSecurity
CoUninitialize
CoRegisterClassObject

oleaut32

SysAllocString
SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysFreeString

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

58e902619e8d492becfdd9b0d32234f9

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 13KB

.rsrc Size: 76KB - Virtual size: 76KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 76KB - Virtual size: 76KB