8ea5252028ae09f15adfbbe9ea6f915b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8ea5252028ae09f15adfbbe9ea6f915b_JaffaCakes118
Size

517KB
MD5

8ea5252028ae09f15adfbbe9ea6f915b
SHA1

5a1ca7e00dc77be0b5ccb168af6265e7e8171fc2
SHA256

03db8c7f60e5d82c5d666026991ada2399fb1ed40f7325a5f31449ab6a7a1646
SHA512

d18bd50b4b25cfd3fff9bbd48b03e08982b50601a5702ec3170df161ad7c5cd22f09fc13b5538488452cfa37a55542082957fdd9d557f01df1d7943c5bd51ef1
SSDEEP

12288:2jvTeklVFfU3C5s89aCTulnjKnJBEDD2v:o7flz8CTqmCm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ea5252028ae09f15adfbbe9ea6f915b_JaffaCakes118

Files

8ea5252028ae09f15adfbbe9ea6f915b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

06a6fe60472bf183bf1678c04e1f5f10

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHFreeNameMappings

advapi32

CryptGetProvParam
CryptAcquireContextA
RegDeleteKeyW
CryptDestroyHash
RegSaveKeyA
RegEnumKeyExW
StartServiceA
CryptSignHashW
LookupSecurityDescriptorPartsW

comctl32

InitCommonControlsEx

kernel32

VirtualAlloc
HeapSize
InitializeCriticalSection
GetModuleHandleA
TlsGetValue
GetTimeFormatA
HeapDestroy
LCMapStringA
GetLastError
GetCommandLineW
HeapAlloc
GetModuleFileNameA
FreeEnvironmentStringsA
TlsAlloc
FlushFileBuffers
GetModuleFileNameW
SetEnvironmentVariableA
GetEnvironmentStringsW
EnterCriticalSection
HeapReAlloc
OpenMutexA
TlsFree
GetTickCount
GetOEMCP
GetProcAddress
GetSystemTimeAsFileTime
CreateEventW
GetCPInfo
VirtualFree
LCMapStringW
FreeEnvironmentStringsW
UnhandledExceptionFilter
MultiByteToWideChar
LeaveCriticalSection
GetCurrentThread
GetStdHandle
GetCurrentThreadId
SetLastError
QueryPerformanceCounter
GetStringTypeA
GetLocaleInfoW
IsBadWritePtr
RtlUnwind
SetStdHandle
GetACP
CloseHandle
HeapCreate
IsValidCodePage
GetStartupInfoW
ReadFile
GetCurrentProcess
GetSystemInfo
GetStartupInfoA
DeleteCriticalSection
TlsSetValue
LoadLibraryA
IsValidLocale
VirtualProtect
EnumSystemLocalesA
GetFileType
ExitProcess
GetVersionExA
TerminateProcess
InterlockedExchange
CompareStringA
VirtualQuery
SetFilePointer
GetCurrentProcessId
WideCharToMultiByte
WriteFile
GetStringTypeW
SetHandleCount
GetLocaleInfoA
GetCommandLineA
CreateMutexA
GetTimeZoneInformation
GetEnvironmentStrings
GetDateFormatA
CompareStringW
HeapFree
GetUserDefaultLCID

user32

SetThreadDesktop
RegisterClassExA
RegisterClassA
BlockInput
TranslateAcceleratorA
DefFrameProcW
PaintDesktop
GetWindowModuleFileNameA

gdi32

SetWorldTransform
GdiPlayJournal
ExcludeClipRect
StartDocW
GetTextExtentPoint32A
GetGlyphOutline
GetRgnBox
GetGraphicsMode

Sections

.text
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06a6fe60472bf183bf1678c04e1f5f10

Headers

File Characteristics

Imports

shell32

advapi32

comctl32

kernel32

user32

gdi32

Sections

.text Size: 186KB - Virtual size: 185KB

.rdata Size: 8KB - Virtual size: 28KB

.data Size: 315KB - Virtual size: 315KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 186KB - Virtual size: 185KB

.rdata
Size: 8KB - Virtual size: 28KB

.data
Size: 315KB - Virtual size: 315KB

.rsrc
Size: 6KB - Virtual size: 6KB