8ea7382a3423be4ac9cb582c48094d72_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8ea7382a3423be4ac9cb582c48094d72_JaffaCakes118
Size

844KB
MD5

8ea7382a3423be4ac9cb582c48094d72
SHA1

83cdb2827b9ab357bec14114adbf545e0eb76961
SHA256

aead674f75200121ef4bbc974e49c32de7ab9e947923d72a48a7e251408a2e4d
SHA512

3b141708832ec50898e9ec0d14425bd614fa7189c243b2a76092ec1e697c4a55f0c2fc8649cc4a6443a02c364d45cf0d1ecaf7cbf1ff868f8cd3d0d58a2d3154
SSDEEP

24576:Ct5d474mfQlz9kjyMFxc72L/k4/nO7EC0m:Ct5OPfwZkjyMr3/nOAC0m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ea7382a3423be4ac9cb582c48094d72_JaffaCakes118

Files

8ea7382a3423be4ac9cb582c48094d72_JaffaCakes118
.exe windows:4 windows x86 arch:x86

10ebce2c6ab95292e6b5f7ef3d7ca0a9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32 kernel32

DeleteCriticalSection ��

kernel32

DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetThreadLocale
GetStartupInfoA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrlenA
lstrcmpiA
WriteProcessMemory
WriteFile
WaitForSingleObject
VirtualProtect
VirtualFree
VirtualAllocEx
VirtualAlloc
Sleep
SizeofResource
SetFilePointer
SetFileAttributesA
ReadProcessMemory
ReadFile
OpenProcess
LockResource
LoadResource
LoadLibraryA
GlobalFree
GetVersionExA
GetTickCount
GetProcAddress
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
GetLastError
GetFileSize
GetFileAttributesA
GetExitCodeThread
GetCurrentProcess
FreeResource
FreeLibrary
FindResourceA
FindFirstFileA
FindClose
ExitProcess
DeleteFileA
CreateRemoteThread
CreateProcessA
CreateMutexA
CreateFileA
CreateDirectoryA
CopyFileA
CloseHandle

user32

GetKeyboardType
MessageBoxA
CharNextA
wvsprintfA
TranslateMessage
ToAscii
SetWindowsHookExA
PeekMessageA
GetWindowThreadProcessId
GetKeyboardState
FindWindowA
DispatchMessageA
CharLowerA
CharUpperA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyA
RegCloseKey
OpenProcessToken
LookupAccountNameA
IsValidSid
GetUserNameA
LsaFreeMemory
LsaClose
LsaRetrievePrivateData
LsaOpenPolicy
ConvertSidToStringSidA
CredEnumerateA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

ole32

OleInitialize
CoCreateInstance
CoTaskMemFree
StringFromCLSID

pstorec

PStoreCreateInstance

rasapi32

RasGetEntryDialParamsA
RasEnumEntriesA

shell32

SHGetSpecialFolderPathA

crypt32

CryptUnprotectData

iphlpapi

GetAdaptersInfo

Sections

CODE
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SE
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SE
Size: 511KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10ebce2c6ab95292e6b5f7ef3d7ca0a9

Headers

File Characteristics

Imports

kernel32 kernel32

kernel32

user32

advapi32

oleaut32

ole32

pstorec

rasapi32

shell32

crypt32

iphlpapi

Sections

CODE Size: 312KB - Virtual size: 312KB

SE Size: 16KB - Virtual size: 20KB

SE Size: 511KB - Virtual size: 512KB

SE Size: 4KB - Virtual size: 4KB

CODE
Size: 312KB - Virtual size: 312KB

SE
Size: 16KB - Virtual size: 20KB

SE
Size: 511KB - Virtual size: 512KB

SE
Size: 4KB - Virtual size: 4KB