8456aca61567100940fb575fbfa3f444_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8456aca61567100940fb575fbfa3f444_JaffaCakes118
Size

124KB
MD5

8456aca61567100940fb575fbfa3f444
SHA1

537772cab86c87a7bf8db25dfa775557853986e5
SHA256

7a34a595a34d71deeef8e2ed00de0fb431dc81d3f014e287bf80f8adab206bd4
SHA512

7345c016b1e7e196aad904ea677c0d01d67fec395794e605cf0d74db4eb971300126373d6d949aefd3064f17a0d60f0548863aed54b00e9a9777e7af1f55840b
SSDEEP

1536:OwRrdSO889uziLhbvbBTxECF+lipleRS0VAqtOV2Ql:OwRrEO8CddTHE7ipleRSwtOV2Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8456aca61567100940fb575fbfa3f444_JaffaCakes118

Files

8456aca61567100940fb575fbfa3f444_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5fb7d94cc142cf2594bc4309a14ae7bb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetLongPathNameA
GetTempPathA
CreateProcessA
WideCharToMultiByte
TerminateProcess
GetExitCodeProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
ExpandEnvironmentStringsA
OpenFile
GetPrivateProfileStringA
CompareStringW
CompareStringA
GetFileSize
SetStdHandle
LoadLibraryA
SetFilePointer
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
HeapSize
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
ReadFile
CreateFileA
WriteFile
CloseHandle
CreateThread
WaitForSingleObject
FindFirstFileA
FindNextFileA
Sleep
FindClose
RemoveDirectoryA
GetWindowsDirectoryA
MoveFileExA
GetSystemTime
WinExec
DeleteFileA
GetFileAttributesA
CopyFileA
CreateMutexA
GetLastError
ReleaseMutex
FlushFileBuffers
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
GetProcAddress
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
HeapAlloc
RtlUnwind
RaiseException
GetTimeZoneInformation
GetLocalTime
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
HeapFree
SetEnvironmentVariableA

user32

EnableWindow
EndDialog
GetDlgItem
DialogBoxParamA
MessageBoxA
SetTimer
GetDesktopWindow
WaitForInputIdle
PeekMessageA
TranslateMessage
DispatchMessageA
GetMessageA
InvalidateRect
LoadBitmapA
GetDC
ReleaseDC
SetWindowTextA
SetRect
KillTimer
GetSystemMetrics
MoveWindow
LoadIconA
SendMessageA

gdi32

CreateCompatibleDC
CreateFontA
SelectObject
StretchBlt
DeleteDC
SetBkMode
TextOutA
BitBlt
DeleteObject

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegFlushKey
RegCloseKey

shell32

SHGetSpecialFolderPathA
ShellExecuteA

wininet

InternetQueryDataAvailable
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile

netapi32

Netbios

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5fb7d94cc142cf2594bc4309a14ae7bb

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

wininet

netapi32

iphlpapi

Sections

.text Size: 56KB - Virtual size: 54KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 48KB - Virtual size: 45KB

.text
Size: 56KB - Virtual size: 54KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 48KB - Virtual size: 45KB