72c621029d43c2e656179891ba208ab7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

72c621029d43c2e656179891ba208ab7_JaffaCakes118
Size

535KB
MD5

72c621029d43c2e656179891ba208ab7
SHA1

b0c25acdd772ca971bacbeb7e45e5399cbfd1feb
SHA256

74001bf361d6fc0cb1af6711c893b10d7e5c63046385a1621bba2508d333154a
SHA512

df06f56d626abf7bd09feda5ee2ac813846c8770d1bd7c26b534ee1e27216188f79fdc41f28e01f4046ec0745d671dfc3a50dd62371060347da053baa1a39ef0
SSDEEP

12288:isWXkV6+8yuXihEPCeHA24s8xdM34O778TjQMM0xgpv46k6MZDZBt8u:1W0V6pVPws8VHnwoZ18u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72c621029d43c2e656179891ba208ab7_JaffaCakes118

Files

72c621029d43c2e656179891ba208ab7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c07c53594d161f022f838c0567e0c2f1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

advapi32

CryptSetProvParam
CryptGetHashParam
LookupAccountNameA
CryptEnumProviderTypesA
CryptExportKey
LookupPrivilegeNameA
CryptGenKey
CryptGetDefaultProviderW
RegNotifyChangeKeyValue
RegFlushKey
RegQueryValueA
RegOpenKeyExA

kernel32

InitializeCriticalSection
GetLastError
TlsAlloc
TerminateProcess
HeapAlloc
GetTickCount
TlsSetValue
VirtualAlloc
GetSystemTimeAsFileTime
LoadLibraryA
HeapFree
GetModuleFileNameA
EnterCriticalSection
IsBadWritePtr
ExitProcess
FreeEnvironmentStringsA
GetProcAddress
LeaveCriticalSection
HeapDestroy
VirtualFree
GetStartupInfoA
InterlockedDecrement
SetStdHandle
SetEnvironmentVariableA
GetCPInfo
GetStringTypeA
EnumResourceLanguagesW
HeapReAlloc
WriteFile
FreeEnvironmentStringsW
GetLongPathNameA
LCMapStringW
SetLastError
GlobalSize
CompareStringW
DeleteCriticalSection
InterlockedExchange
SetFilePointer
GetCurrentProcess
GetCurrentThreadId
ReadFile
GetCurrentThread
GetThreadLocale
GetEnvironmentStringsW
GetModuleHandleA
GetTimeZoneInformation
VirtualProtectEx
SetVolumeLabelA
GetFileType
GetSystemTime
HeapSize
WideCharToMultiByte
CreateMutexA
UnhandledExceptionFilter
FlushFileBuffers
QueryPerformanceCounter
OpenMutexA
CompareStringA
MultiByteToWideChar
EnumTimeFormatsW
VirtualQuery
EnumCalendarInfoExA
HeapCreate
GetACP
GetEnvironmentStrings
InterlockedIncrement
GetCommandLineA
GetLocalTime
LCMapStringA
CloseHandle
RtlUnwind
GetCurrentProcessId
TlsGetValue
GetStringTypeW
GetStdHandle
TlsFree
SetEndOfFile
GetOEMCP
GetVersion
SetHandleCount

comdlg32

GetFileTitleA
FindTextA
GetFileTitleW
GetOpenFileNameW

user32

LoadMenuA
ExcludeUpdateRgn
SetWindowTextW
RegisterClassExA
DdeQueryStringA
RegisterDeviceNotificationA
GetInputState
PeekMessageW
ShowScrollBar
RegisterClassA
GetTitleBarInfo
MenuItemFromPoint
GetWindowDC
GetWindowPlacement
CheckDlgButton
LoadCursorFromFileW
DlgDirSelectExA

shell32

RealShellExecuteExA
SHGetSpecialFolderLocation
CommandLineToArgvW
SHGetDataFromIDListA
ExtractAssociatedIconExW

wininet

IsUrlCacheEntryExpiredA
GopherCreateLocatorW

Sections

.text
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c07c53594d161f022f838c0567e0c2f1

Headers

File Characteristics

Imports

comctl32

advapi32

kernel32

comdlg32

user32

shell32

wininet

Sections

.text Size: 170KB - Virtual size: 169KB

.rdata Size: 5KB - Virtual size: 26KB

.data Size: 356KB - Virtual size: 355KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 170KB - Virtual size: 169KB

.rdata
Size: 5KB - Virtual size: 26KB

.data
Size: 356KB - Virtual size: 355KB

.rsrc
Size: 3KB - Virtual size: 3KB