82311e9a41d6e1dad454ec665546f5e9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

82311e9a41d6e1dad454ec665546f5e9_JaffaCakes118
Size

268KB
MD5

82311e9a41d6e1dad454ec665546f5e9
SHA1

6e4d1facf4d48a01201fd764367fbeed20bbc9c5
SHA256

bf02141d7bd0168c1d1bcc24067508d4678cc1d2afefe63ba1126c50afa45128
SHA512

910769bae89e8d80e6ee9a364dff70cb38fcfa72e7bfaa21ee4683a341d245a4c676b88ce28354cdf6bd78196aafd33271fb5b0997ffa08d58eb941d27d9f0bc
SSDEEP

6144:bnileJvEBnKI3ev6jgPSFEPTBqfSmCzcctlyJAMqAfYg6wnH:bnilkEBKI3eeg2EPTsfSbccjyoAfYgtH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
82311e9a41d6e1dad454ec665546f5e9_JaffaCakes118

Files

82311e9a41d6e1dad454ec665546f5e9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

709b386d1cede87e12c79b0a05780abc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
GetTempFileNameA
GetTempPathA
CreateEventA
OpenProcess
GetCurrentProcessId
GetModuleFileNameA
RaiseException
Thread32Next
Thread32First
CreateToolhelp32Snapshot
WaitForSingleObject
WaitForMultipleObjects
GetTickCount
CloseHandle
Sleep
DeleteFileA
GetModuleHandleA
FindResourceA
LoadResource
LockResource
SizeofResource
InterlockedIncrement
InterlockedDecrement
SetEvent
ResetEvent
ReleaseMutex
ReleaseSemaphore
CreateMutexA
CreateSemaphoreA
UnmapViewOfFile
GetComputerNameA
MapViewOfFile
CreateFileMappingA
Process32Next
Process32First
WriteFile
SetFilePointer
CreateFileA
GetLocalTime
GetSystemTimeAsFileTime
GetCurrentProcess
FormatMessageA
QueryPerformanceCounter
lstrlenA
GetDateFormatA
GetTimeFormatA
WideCharToMultiByte
HeapAlloc
RtlUnwind
HeapFree
GetStartupInfoA
GetCommandLineA
ExitProcess
ExitThread
CreateThread
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetCPInfo
VirtualQuery
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapReAlloc
TerminateProcess
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
FlushFileBuffers
GetOEMCP
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetTimeZoneInformation
VirtualProtect
GetSystemInfo
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
SetStdHandle
ReadFile
GetLocaleInfoW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
LocalAlloc
MoveFileExA
GetWindowsDirectoryA
WritePrivateProfileStringA
GetLastError
LocalFree
GetCurrentThreadId
SetUnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange

user32

wsprintfA
UnhookWindowsHookEx
PostThreadMessageA
SetWindowsHookExA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCloseKey
InitializeAcl
SetSecurityInfo
RegQueryValueExA

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

709b386d1cede87e12c79b0a05780abc

Headers

File Characteristics

Imports

version

kernel32

user32

advapi32

Sections

.text Size: 128KB - Virtual size: 127KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 84KB - Virtual size: 81KB

.text
Size: 128KB - Virtual size: 127KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 84KB - Virtual size: 81KB