884743aa19df791959eabbfd2412a3ce_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

884743aa19df791959eabbfd2412a3ce_JaffaCakes118
Size

88KB
MD5

884743aa19df791959eabbfd2412a3ce
SHA1

2070124b2d9ea214782d03d70fd164bed1726910
SHA256

ffcc106a8278b234641042c6cfbb1de67181334114b87c673147df0b71f0937a
SHA512

fc8f39bb585d51e8ed0bb26e40f88bdb821a96b7c743bdc8502242dd3af4f6ccb3e3e7497913eb72696467cd991ad09353422da48e5f6c5faf420c77309c380d
SSDEEP

1536:ItKNL9IGRK0yIxqAZ0fkxdEFbP7QxKrocsufp4FAqm+7Cr:/LXKcqOiFbP7QxKrocsufWuqm+7Cr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
884743aa19df791959eabbfd2412a3ce_JaffaCakes118

Files

884743aa19df791959eabbfd2412a3ce_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e1a32d82e94df3bb043c953b01a7be26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnmapViewOfFile
CreateProcessW
GetCurrentProcess
WaitForSingleObject
SetEvent
GetPriorityClass
Sleep
GetVersionExW
GetExitCodeProcess
GetFileAttributesW
GetModuleFileNameW
CompareStringW
CreateFileMappingW
CreateEventW
SetCurrentDirectoryW
lstrcmpiW
OpenFileMappingW
OpenEventW
CloseHandle
MapViewOfFile
ExpandEnvironmentStringsW
SetPriorityClass
GetCommandLineW
ExitProcess
lstrcpyW
LocalAlloc
LocalLock
HeapSize
InitializeCriticalSectionAndSpinCount
LoadLibraryA
RtlUnwind
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LocalFree
lstrlenW
GetStartupInfoW
GetLastError
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
VirtualAlloc
HeapReAlloc
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
RaiseException

user32

WaitForInputIdle
MessageBoxW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
GetTokenInformation
OpenProcessToken

shell32

SHGetFileInfoW
ord51
CommandLineToArgvW
ShellExecuteExW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

shlwapi

ord176

comctl32

ord17

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1a32d82e94df3bb043c953b01a7be26

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Sections

.text Size: 51KB - Virtual size: 51KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 25KB - Virtual size: 25KB

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 25KB - Virtual size: 25KB