86dda49905d334e7fc2c405576f0304e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

86dda49905d334e7fc2c405576f0304e_JaffaCakes118
Size

1.8MB
MD5

86dda49905d334e7fc2c405576f0304e
SHA1

6115a0f3e4d8db3e6821c463fa6ab8a3640b9041
SHA256

8c5ae2420453f83be2c80f2fffabe44ea2559e8d0afcc21e3f826ba0336ff617
SHA512

b009fb7f306ffaf0b7e03977c4be18660e24bb4cf82f73e1bf53e4458893ee766dda8a53a8278a0025ae2bed932bf7f562142154a083b140cc87fecb3568eb14
SSDEEP

12288:MpqPF+uw1GakBlzoBKBziTn2QD8mfHVwFG3dMLxRcmvocz204qOK1Ibbp+zEy1RY:apGakBlyKlQ4yWFZ/c+o104qVhEyzhXq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
86dda49905d334e7fc2c405576f0304e_JaffaCakes118

Files

86dda49905d334e7fc2c405576f0304e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e979896e7357a11a7ef5d29f17851a8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
FreeLibrary
CreateProcessW
WaitForSingleObject
LoadLibraryW
FormatMessageW
GetExitCodeProcess
CompareStringW
GetLastError
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetUserDefaultUILanguage
GetVersionExA
CloseHandle
DeleteFileW
LocalFree
GetTempFileNameW
CreateDirectoryW
GetFileAttributesW
GetTempPathW
GetFullPathNameW
CreateFileA
SetFilePointer
MoveFileExW
WriteFile
CreateFileW
LoadResource
FindResourceExA
SizeofResource
LockResource
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapSize
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
RtlUnwind
WriteConsoleA
VirtualAlloc
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetConsoleMode
FlushFileBuffers
ExpandEnvironmentStringsW
GetConsoleCP
LCMapStringW
IsValidCodePage
WriteConsoleW
GetConsoleOutputCP
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP

user32

LoadStringW
DestroyWindow
PostQuitMessage
DialogBoxParamW
IsDialogMessageA
TranslateMessage
GetDlgItem
EndDialog
IsDlgButtonChecked
CreateDialogParamW
DispatchMessageA
MessageBoxW
SetDlgItemTextW
EnableWindow
SetWindowTextW
MessageBoxExW
SetDlgItemTextA
PeekMessageA

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

CommandLineToArgvW
SHGetFolderPathW

ole32

StringFromGUID2

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e979896e7357a11a7ef5d29f17851a8b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB