711ca0885b9eb81e295b45f829d8e6bb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

711ca0885b9eb81e295b45f829d8e6bb_JaffaCakes118
Size

1.1MB
MD5

711ca0885b9eb81e295b45f829d8e6bb
SHA1

912b09599e741734ba7826e23df6cbcd27d24ea2
SHA256

20c00333450080f8f25c41c95dc0fc518d209aae1ad6472f0d0e77c56f362ddb
SHA512

f5d22ab76b4eb9a15fd6077aa51367f60c992e088121dc45233dfb7397039f788543fd209b0898b3f4dcd0d949d4290fe96870620dda5dc32e8b486339faca62
SSDEEP

24576:CQU6otRFtOrzywaxT8xmqBcMQ7KB0b6vYV18Z:CsRTcMQai6QcZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
711ca0885b9eb81e295b45f829d8e6bb_JaffaCakes118

Files

711ca0885b9eb81e295b45f829d8e6bb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ce2339704f2cda32c7ccd329f7c3b6e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
CryptGetHashParam
CryptReleaseContext
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
RegQueryValueExA
RegOpenKeyExA
CryptHashData

kernel32

GetLocaleInfoA
SetFilePointer
CreateFileMappingA
ReadFile
GetProcessHeap
CreateFileA
DeleteFileA
GetFullPathNameA
FindNextFileA
FindFirstFileA
GetFileSize
GetShortPathNameA
GetFileTime
SetLastError
VirtualFree
VirtualAlloc
GetSystemInfo
HeapReAlloc
CompareFileTime
HeapDestroy
HeapCreate
LockResource
IsDebuggerPresent
DuplicateHandle
GetCurrentProcessId
GetCurrentThreadId
WaitForSingleObject
SetEvent
ReleaseMutex
GetThreadLocale
MapViewOfFile
HeapAlloc
HeapFree
lstrlenA
GetCommandLineW
GetCommandLineA
LoadResource
SizeofResource
GetACP
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameA
AreFileApisANSI
IsValidCodePage
GetFileType
GetSystemDefaultLangID
TerminateProcess
GetCurrentProcess
WideCharToMultiByte
WriteFile
GetVersionExA
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
GetUserDefaultLCID
GetSystemDefaultLCID
ConvertDefaultLocale
GetConsoleOutputCP
FindClose
RaiseException
InterlockedExchange
GetLastError
GetProcAddress
FreeLibrary
LocalAlloc
LocalFree
GetStdHandle
GetConsoleScreenBufferInfo
LoadLibraryA
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
UnmapViewOfFile
MultiByteToWideChar

mscoree

LoadLibraryShim
StrongNameFreeBuffer
StrongNameErrorInfo
GetCORSystemDirectory
StrongNameTokenFromPublicKey
CorBindToCurrentRuntime
GetRealProcAddress

msvcr80

wcschr
iswspace
strcat_s
vsprintf_s
atof
strncat_s
wcscpy_s
exit
_resetstkoflw
printf
wcscat_s
qsort
_ui64tow_s
_i64tow_s
_purecall
memmove
_ultow_s
_mktime64
wcspbrk
_CIfmod
floor
wcsncmp
bsearch
_local_unwind4
_isnan
_CIpow
_wcsicmp
_wmakepath_s
_wtol
_access_s
_waccess_s
_swab
_stricmp
_strnicmp
strncpy
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_invoke_watson
_controlfp_s
_crt_debugger_hook
iswalpha
_wcsnicmp
??2@YAPAXI@Z
??_U@YAPAXI@Z
_wcstoi64
_recalloc
wcsncpy_s
free
malloc
_wsplitpath_s
memcpy
wcstoul
_errno
fclose
_open_osfhandle
_fdopen
fwrite
wcsftime
fwprintf
fputws
memset
__iob_func
fgetws
wcsrchr
_time64
_localtime64
memcpy_s
_wtoi
_itow_s
isspace
_wcslwr_s
wcstok_s
_vsnwprintf_s
??_V@YAXPAX@Z
??3@YAXPAX@Z
_ecvt_s

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeEx
StringFromGUID2
CoCreateGuid
IIDFromString

oleaut32

VarR4FromR8
VarDecFromStr
VarR8FromStr
VarR8FromDec
VarDecFromR8
SysFreeString
SysStringLen
SysAllocStringLen
SysAllocString
SetErrorInfo
CreateErrorInfo
VarBstrCat
SysAllocStringByteLen
SysStringByteLen
GetErrorInfo
VarUI4FromStr
VarDecCmp
VarUI4FromR4
VarUI4FromR8
VarUI4FromDec
VariantChangeType
VariantClear
VariantInit
VarDecNeg
VarDecAdd
VarDecSu
VarDecMul
VarDecDiv
VarDecFix
VarBstrFromDec

shlwapi

PathIsUNCW
PathIsURLW
PathRemoveFileSpecW
PathAppendW

user32

UnregisterClassA

Sections

.text
Size: 892KB - Virtual size: 892KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce2339704f2cda32c7ccd329f7c3b6e6

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

mscoree

msvcr80

ole32

oleaut32

shlwapi

user32

Sections

.text Size: 892KB - Virtual size: 892KB

.data Size: 37KB - Virtual size: 37KB

.rsrc Size: 178KB - Virtual size: 178KB

.text
Size: 892KB - Virtual size: 892KB

.data
Size: 37KB - Virtual size: 37KB

.rsrc
Size: 178KB - Virtual size: 178KB