862edc33849beac74b8d8dac275da393_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

862edc33849beac74b8d8dac275da393_JaffaCakes118
Size

178KB
MD5

862edc33849beac74b8d8dac275da393
SHA1

9c97b1135c170f947aaf42b9a53b3276a166636c
SHA256

944a570f41c11f1f7cb68a3962921d753e85daf49d2532cc2f27ca5b5b8ada1c
SHA512

0e8e931e4ad66202ca024f364870275b5515aa09341c0ad393e0fd4c645594c763a5eda8fbd793cc7ee7f4fb3420b7154d4f07987b04ad24b11f15c77261dd21
SSDEEP

3072:hX7uC+dP3n7sb9i9Nxhh6+ZxODmhihD+ZC5rF5KW/4r9JrsSAFr:hSCWP37vnxhcyh6+ZCRF5KK4bU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
862edc33849beac74b8d8dac275da393_JaffaCakes118

Files

862edc33849beac74b8d8dac275da393_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6e106b6a1d12c88876901e3b2f458378

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipGetImageWidth
GdipDisposeImage

kernel32

GetLastError
GetCalendarInfoW
InterlockedExchange
MapViewOfFile
ExitProcess
SetLastError
UnhandledExceptionFilter
GetProcessId
FreeLibrary
GetModuleFileNameW
SetFileAttributesW
Sleep
GetTickCount
LoadLibraryW
FindClose
EnterCriticalSection
ReleaseMutex
lstrcmpiW
GetModuleHandleW
GetFileAttributesW
DuplicateHandle
GetModuleHandleA
lstrlenW
FindFirstFileW
EnumResourceNamesA
VirtualQuery
SearchPathW
GetProcAddress
OpenProcess
VirtualProtect
WaitForSingleObject
UnmapViewOfFile
IsWow64Process
CreateDirectoryW
GetCurrentDirectoryW
GetCurrentProcess
GetSystemTimeAsFileTime
GetLogicalDriveStringsW
LocalAlloc
WideCharToMultiByte
OutputDebugStringA
SetEnvironmentVariableW
GetCurrentThreadId
MultiByteToWideChar
LocalFree
InitializeCriticalSection
SetUnhandledExceptionFilter
InterlockedCompareExchange
QueryDosDeviceW
OutputDebugStringW
GetFileInformationByHandle
GetFileSizeEx
QueryPerformanceCounter
FindNextFileW
CreateFileMappingW
EncodePointer
CreateMutexW

shlwapi

PathGetArgsW
StrDupW
SHRegGetValueW
PathSkipRootW
PathIsUNCW
PathFindFileNameW

ole32

CoGetDefaultContext
CoInitialize
CoUninitialize
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree

advapi32

RegEnumKeyW
EncryptFileW
RegOpenKeyExW
DecryptFileW
RegQueryInfoKeyW
RegEnumValueW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey

user32

GetPropW
GetClassNameW
GetGUIThreadInfo
AllowSetForegroundWindow
GetWindowThreadProcessId
GetForegroundWindow

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e106b6a1d12c88876901e3b2f458378

Headers

File Characteristics

Imports

gdiplus

kernel32

shlwapi

ole32

advapi32

user32

Sections

.text Size: 98KB - Virtual size: 97KB

.rdata Size: 3KB - Virtual size: 2KB

.bss Size: 75KB - Virtual size: 75KB

.edata Size: 1024B - Virtual size: 244KB

.text
Size: 98KB - Virtual size: 97KB

.rdata
Size: 3KB - Virtual size: 2KB

.bss
Size: 75KB - Virtual size: 75KB

.edata
Size: 1024B - Virtual size: 244KB